+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "displayName": {
+ "value": "azuremonitorlogs"
+ },
+ "name": {
+ "value": "azuremonitor"
+ },
+ // Non-required parameters
+ "api": {
+ "value": {
+ "id": "
+
+### Example 2: _WAF-aligned_
+
+This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.
+
+
+via Bicep module
+
+```bicep
+module connection 'br:bicep/modules/web.connection:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-wcwaf'
+ params: {
+ // Required parameters
+ displayName: 'azuremonitorlogs'
+ name: 'azuremonitor'
+ // Non-required parameters
+ api: {
+ id: '
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "displayName": {
+ "value": "azuremonitorlogs"
+ },
+ "name": {
+ "value": "azuremonitor"
+ },
+ // Non-required parameters
+ "api": {
+ "value": {
+ "id": "
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`displayName`](#parameter-displayname) | string | Display name connection. Example: 'blobconnection' when using blobs. It can change depending on the resource. |
+| [`name`](#parameter-name) | string | Connection name for connection. Example: 'azureblob' when using blobs. It can change depending on the resource. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`api`](#parameter-api) | object | Specific values for some API connections. |
+| [`customParameterValues`](#parameter-customparametervalues) | object | Customized parameter values for specific connections. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location of the deployment. |
+| [`lock`](#parameter-lock) | object | The lock settings of the service. |
+| [`nonSecretParameterValues`](#parameter-nonsecretparametervalues) | object | Dictionary of nonsecret parameter values. |
+| [`parameterValues`](#parameter-parametervalues) | secureObject | Connection strings or access keys for connection. Example: 'accountName' and 'accessKey' when using blobs. It can change depending on the resource. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`statuses`](#parameter-statuses) | array | Status of the connection. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`testLinks`](#parameter-testlinks) | array | Links to test the API connection. |
+
+### Parameter: `api`
+
+Specific values for some API connections.
+- Required: No
+- Type: object
+- Default: `{}`
+
+### Parameter: `customParameterValues`
+
+Customized parameter values for specific connections.
+- Required: No
+- Type: object
+- Default: `{}`
+
+### Parameter: `displayName`
+
+Display name connection. Example: 'blobconnection' when using blobs. It can change depending on the resource.
+- Required: Yes
+- Type: string
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location of the deployment.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+The lock settings of the service.
+- Required: No
+- Type: object
+
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. |
+| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. |
+
+### Parameter: `lock.kind`
+
+Optional. Specify the type of lock.
+
+- Required: No
+- Type: string
+- Allowed: `[CanNotDelete, None, ReadOnly]`
+
+### Parameter: `lock.name`
+
+Optional. Specify the name of lock.
+
+- Required: No
+- Type: string
+
+### Parameter: `name`
+
+Connection name for connection. Example: 'azureblob' when using blobs. It can change depending on the resource.
+- Required: Yes
+- Type: string
+
+### Parameter: `nonSecretParameterValues`
+
+Dictionary of nonsecret parameter values.
+- Required: No
+- Type: object
+- Default: `{}`
+
+### Parameter: `parameterValues`
+
+Connection strings or access keys for connection. Example: 'accountName' and 'accessKey' when using blobs. It can change depending on the resource.
+- Required: No
+- Type: secureObject
+- Default: `{}`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
+| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. |
+| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. |
+| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. |
+| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. |
+| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. |
+| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. |
+
+### Parameter: `roleAssignments.condition`
+
+Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.conditionVersion`
+
+Optional. Version of the condition.
+
+- Required: No
+- Type: string
+- Allowed: `[2.0]`
+
+### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
+
+Optional. The Resource Id of the delegated managed identity resource.
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.description`
+
+Optional. The description of the role assignment.
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.principalId`
+
+Required. The principal ID of the principal (user/group/identity) to assign the role to.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments.principalType`
+
+Optional. The principal type of the assigned principal ID.
+
+- Required: No
+- Type: string
+- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]`
+
+### Parameter: `roleAssignments.roleDefinitionIdOrName`
+
+Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `statuses`
+
+Status of the connection.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+
+### Parameter: `testLinks`
+
+Links to test the API connection.
+- Required: No
+- Type: array
+- Default: `[]`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the connection. |
+| `resourceGroupName` | string | The resource group the connection was deployed into. |
+| `resourceId` | string | The resource ID of the connection. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/bicep-examples/dependencies/modules/webApp/connection/main.bicep b/bicep-examples/dependencies/modules/webApp/connection/main.bicep
new file mode 100644
index 0000000..bfa55bc
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/connection/main.bicep
@@ -0,0 +1,149 @@
+metadata name = 'API Connections'
+metadata description = 'This module deploys an Azure API Connection.'
+metadata owner = 'Azure/module-maintainers'
+
+@description('Optional. Specific values for some API connections.')
+param api object = {}
+
+@description('Required. Connection name for connection. Example: \'azureblob\' when using blobs. It can change depending on the resource.')
+param name string
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+@description('Optional. Customized parameter values for specific connections.')
+param customParameterValues object = {}
+
+@description('Required. Display name connection. Example: \'blobconnection\' when using blobs. It can change depending on the resource.')
+param displayName string
+
+@description('Optional. Location of the deployment.')
+param location string = resourceGroup().location
+
+@description('Optional. Dictionary of nonsecret parameter values.')
+#disable-next-line secure-secrets-in-params // Not a secret
+param nonSecretParameterValues object = {}
+
+@description('Optional. Connection strings or access keys for connection. Example: \'accountName\' and \'accessKey\' when using blobs. It can change depending on the resource.')
+@secure()
+param parameterValues object = {}
+
+@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.')
+param roleAssignments roleAssignmentType
+
+@description('Optional. Status of the connection.')
+param statuses array = []
+
+@description('Optional. The lock settings of the service.')
+param lock lockType
+
+@description('Optional. Tags of the resource.')
+param tags object?
+
+@description('Optional. Links to test the API connection.')
+param testLinks array = []
+
+var builtInRoleNames = {
+ Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
+ Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
+ Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
+ 'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')
+ 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')
+}
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+ name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
+ properties: {
+ mode: 'Incremental'
+ template: {
+ '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+ contentVersion: '1.0.0.0'
+ resources: []
+ }
+ }
+}
+
+resource connection 'Microsoft.Web/connections@2016-06-01' = {
+ name: name
+ location: location
+ tags: tags
+ properties: {
+ displayName: displayName
+ customParameterValues: customParameterValues
+ api: api
+ parameterValues: !empty(parameterValues) ? parameterValues : null
+ nonSecretParameterValues: !empty(nonSecretParameterValues) ? nonSecretParameterValues : null
+ testLinks: !empty(testLinks) ? testLinks : null
+ statuses: !empty(statuses) ? statuses : null
+ }
+}
+
+resource connection_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') {
+ name: lock.?name ?? 'lock-${name}'
+ properties: {
+ level: lock.?kind ?? ''
+ notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.'
+ }
+ scope: connection
+}
+
+resource connection_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (roleAssignment, index) in (roleAssignments ?? []): {
+ name: guid(connection.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName)
+ properties: {
+ roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] : roleAssignment.roleDefinitionIdOrName
+ principalId: roleAssignment.principalId
+ description: roleAssignment.?description
+ principalType: roleAssignment.?principalType
+ condition: roleAssignment.?condition
+ conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set
+ delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId
+ }
+ scope: connection
+}]
+
+@description('The resource ID of the connection.')
+output resourceId string = connection.id
+
+@description('The resource group the connection was deployed into.')
+output resourceGroupName string = resourceGroup().name
+
+@description('The name of the connection.')
+output name string = connection.name
+
+@description('The location the resource was deployed into.')
+output location string = connection.location
+
+// =============== //
+// Definitions //
+// =============== //
+
+type lockType = {
+ @description('Optional. Specify the name of lock.')
+ name: string?
+
+ @description('Optional. Specify the type of lock.')
+ kind: ('CanNotDelete' | 'ReadOnly' | 'None')?
+}?
+
+type roleAssignmentType = {
+ @description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.')
+ roleDefinitionIdOrName: string
+
+ @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.')
+ principalId: string
+
+ @description('Optional. The principal type of the assigned principal ID.')
+ principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device' | null)?
+
+ @description('Optional. The description of the role assignment.')
+ description: string?
+
+ @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"')
+ condition: string?
+
+ @description('Optional. Version of the condition.')
+ conditionVersion: '2.0'?
+
+ @description('Optional. The Resource Id of the delegated managed identity resource.')
+ delegatedManagedIdentityResourceId: string?
+}[]?
diff --git a/bicep-examples/dependencies/modules/webApp/connection/main.json b/bicep-examples/dependencies/modules/webApp/connection/main.json
new file mode 100644
index 0000000..dab170f
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/connection/main.json
@@ -0,0 +1,304 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "languageVersion": "2.0",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.22.6.54827",
+ "templateHash": "11837763267512511834"
+ },
+ "name": "API Connections",
+ "description": "This module deploys an Azure API Connection.",
+ "owner": "Azure/module-maintainers"
+ },
+ "definitions": {
+ "lockType": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Specify the name of lock."
+ }
+ },
+ "kind": {
+ "type": "string",
+ "allowedValues": [
+ "CanNotDelete",
+ "None",
+ "ReadOnly"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Specify the type of lock."
+ }
+ }
+ },
+ "nullable": true
+ },
+ "roleAssignmentType": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "roleDefinitionIdOrName": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead."
+ }
+ },
+ "principalId": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to."
+ }
+ },
+ "principalType": {
+ "type": "string",
+ "allowedValues": [
+ "Device",
+ "ForeignGroup",
+ "Group",
+ "ServicePrincipal",
+ "User"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The principal type of the assigned principal ID."
+ }
+ },
+ "description": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The description of the role assignment."
+ }
+ },
+ "condition": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
+ }
+ },
+ "conditionVersion": {
+ "type": "string",
+ "allowedValues": [
+ "2.0"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Version of the condition."
+ }
+ },
+ "delegatedManagedIdentityResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The Resource Id of the delegated managed identity resource."
+ }
+ }
+ }
+ },
+ "nullable": true
+ }
+ },
+ "parameters": {
+ "api": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Specific values for some API connections."
+ }
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Connection name for connection. Example: 'azureblob' when using blobs. It can change depending on the resource."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ },
+ "customParameterValues": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Customized parameter values for specific connections."
+ }
+ },
+ "displayName": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Display name connection. Example: 'blobconnection' when using blobs. It can change depending on the resource."
+ }
+ },
+ "location": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().location]",
+ "metadata": {
+ "description": "Optional. Location of the deployment."
+ }
+ },
+ "nonSecretParameterValues": {
+ "type": "object",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Dictionary of nonsecret parameter values."
+ }
+ },
+ "parameterValues": {
+ "type": "secureObject",
+ "defaultValue": {},
+ "metadata": {
+ "description": "Optional. Connection strings or access keys for connection. Example: 'accountName' and 'accessKey' when using blobs. It can change depending on the resource."
+ }
+ },
+ "roleAssignments": {
+ "$ref": "#/definitions/roleAssignmentType",
+ "metadata": {
+ "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
+ }
+ },
+ "statuses": {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "Optional. Status of the connection."
+ }
+ },
+ "lock": {
+ "$ref": "#/definitions/lockType",
+ "metadata": {
+ "description": "Optional. The lock settings of the service."
+ }
+ },
+ "tags": {
+ "type": "object",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Tags of the resource."
+ }
+ },
+ "testLinks": {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "Optional. Links to test the API connection."
+ }
+ }
+ },
+ "variables": {
+ "builtInRoleNames": {
+ "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
+ "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
+ "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
+ "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]",
+ "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]"
+ }
+ },
+ "resources": {
+ "defaultTelemetry": {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ "connection": {
+ "type": "Microsoft.Web/connections",
+ "apiVersion": "2016-06-01",
+ "name": "[parameters('name')]",
+ "location": "[parameters('location')]",
+ "tags": "[parameters('tags')]",
+ "properties": {
+ "displayName": "[parameters('displayName')]",
+ "customParameterValues": "[parameters('customParameterValues')]",
+ "api": "[parameters('api')]",
+ "parameterValues": "[if(not(empty(parameters('parameterValues'))), parameters('parameterValues'), null())]",
+ "nonSecretParameterValues": "[if(not(empty(parameters('nonSecretParameterValues'))), parameters('nonSecretParameterValues'), null())]",
+ "testLinks": "[if(not(empty(parameters('testLinks'))), parameters('testLinks'), null())]",
+ "statuses": "[if(not(empty(parameters('statuses'))), parameters('statuses'), null())]"
+ }
+ },
+ "connection_lock": {
+ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
+ "type": "Microsoft.Authorization/locks",
+ "apiVersion": "2020-05-01",
+ "scope": "[format('Microsoft.Web/connections/{0}', parameters('name'))]",
+ "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]",
+ "properties": {
+ "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]",
+ "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]"
+ },
+ "dependsOn": [
+ "connection"
+ ]
+ },
+ "connection_roleAssignments": {
+ "copy": {
+ "name": "connection_roleAssignments",
+ "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]"
+ },
+ "type": "Microsoft.Authorization/roleAssignments",
+ "apiVersion": "2022-04-01",
+ "scope": "[format('Microsoft.Web/connections/{0}', parameters('name'))]",
+ "name": "[guid(resourceId('Microsoft.Web/connections', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
+ "properties": {
+ "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
+ "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]",
+ "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]",
+ "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]",
+ "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]",
+ "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]",
+ "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]"
+ },
+ "dependsOn": [
+ "connection"
+ ]
+ }
+ },
+ "outputs": {
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the connection."
+ },
+ "value": "[resourceId('Microsoft.Web/connections', parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource group the connection was deployed into."
+ },
+ "value": "[resourceGroup().name]"
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the connection."
+ },
+ "value": "[parameters('name')]"
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "The location the resource was deployed into."
+ },
+ "value": "[reference('connection', '2016-06-01', 'full').location]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/max/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/max/dependencies.bicep
new file mode 100644
index 0000000..a7f42ae
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/max/dependencies.bicep
@@ -0,0 +1,13 @@
+@description('Optional. The location to deploy to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+ name: managedIdentityName
+ location: location
+}
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/max/main.test.bicep b/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/max/main.test.bicep
new file mode 100644
index 0000000..185384c
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/max/main.test.bicep
@@ -0,0 +1,77 @@
+targetScope = 'subscription'
+
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
+// ========== //
+// Parameters //
+// ========== //
+
+@description('Optional. The name of the resource group to deploy for testing purposes.')
+@maxLength(90)
+param resourceGroupName string = 'dep-${namePrefix}-web.connections-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to.')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
+param serviceShort string = 'wcmax'
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+@description('Optional. A token to inject into the name of each resource.')
+param namePrefix string = '[[namePrefix]]'
+
+// ============ //
+// Dependencies //
+// ============ //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+ name: resourceGroupName
+ location: location
+}
+
+module nestedDependencies 'dependencies.bicep' = {
+ scope: resourceGroup
+ name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+ params: {
+ managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
+ }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../../main.bicep' = {
+ scope: resourceGroup
+ name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
+ params: {
+ enableDefaultTelemetry: enableDefaultTelemetry
+ displayName: 'azuremonitorlogs'
+ name: 'azuremonitor'
+ api: {
+ id: '${subscription().id}/providers/Microsoft.Web/locations/westeurope/managedApis/azuremonitorlogs'
+
+ }
+ lock: {
+ kind: 'CanNotDelete'
+ name: 'myCustomLockName'
+ }
+ roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ principalId: nestedDependencies.outputs.managedIdentityPrincipalId
+ principalType: 'ServicePrincipal'
+ }
+ ]
+ tags: {
+ 'hidden-title': 'This is visible in the resource name'
+ Environment: 'Non-Prod'
+ Role: 'DeploymentValidation'
+ }
+ }
+}
diff --git a/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/waf-aligned/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/waf-aligned/dependencies.bicep
new file mode 100644
index 0000000..a7f42ae
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/waf-aligned/dependencies.bicep
@@ -0,0 +1,13 @@
+@description('Optional. The location to deploy to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+ name: managedIdentityName
+ location: location
+}
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/waf-aligned/main.test.bicep b/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/waf-aligned/main.test.bicep
new file mode 100644
index 0000000..acc6afb
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/waf-aligned/main.test.bicep
@@ -0,0 +1,77 @@
+targetScope = 'subscription'
+
+metadata name = 'WAF-aligned'
+metadata description = 'This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.'
+
+// ========== //
+// Parameters //
+// ========== //
+
+@description('Optional. The name of the resource group to deploy for testing purposes.')
+@maxLength(90)
+param resourceGroupName string = 'dep-${namePrefix}-web.connections-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to.')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
+param serviceShort string = 'wcwaf'
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+@description('Optional. A token to inject into the name of each resource.')
+param namePrefix string = '[[namePrefix]]'
+
+// ============ //
+// Dependencies //
+// ============ //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+ name: resourceGroupName
+ location: location
+}
+
+module nestedDependencies 'dependencies.bicep' = {
+ scope: resourceGroup
+ name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+ params: {
+ managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
+ }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../../main.bicep' = {
+ scope: resourceGroup
+ name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
+ params: {
+ enableDefaultTelemetry: enableDefaultTelemetry
+ displayName: 'azuremonitorlogs'
+ name: 'azuremonitor'
+ api: {
+ id: '${subscription().id}/providers/Microsoft.Web/locations/westeurope/managedApis/azuremonitorlogs'
+
+ }
+ lock: {
+ kind: 'CanNotDelete'
+ name: 'myCustomLockName'
+ }
+ roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ principalId: nestedDependencies.outputs.managedIdentityPrincipalId
+ principalType: 'ServicePrincipal'
+ }
+ ]
+ tags: {
+ 'hidden-title': 'This is visible in the resource name'
+ Environment: 'Non-Prod'
+ Role: 'DeploymentValidation'
+ }
+ }
+}
diff --git a/bicep-examples/dependencies/modules/webApp/connection/version.json b/bicep-examples/dependencies/modules/webApp/connection/version.json
new file mode 100644
index 0000000..96236a6
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/connection/version.json
@@ -0,0 +1,7 @@
+{
+ "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
+ "version": "0.4",
+ "pathFilters": [
+ "./main.json"
+ ]
+}
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/README.md b/bicep-examples/dependencies/modules/webApp/hosting-environment/README.md
new file mode 100644
index 0000000..306a671
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/hosting-environment/README.md
@@ -0,0 +1,840 @@
+# App Service Environments `[Microsoft.Web/hostingEnvironments]`
+
+This module deploys an App Service Environment.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
+| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
+| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
+| `Microsoft.Web/hostingEnvironments` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-03-01/hostingEnvironments) |
+| `Microsoft.Web/hostingEnvironments/configurations` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/hostingEnvironments/configurations) |
+
+## Usage examples
+
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+
+>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+
+>**Note**: To reference the module, please use the following syntax `br:bicep/modules/web.hosting-environment:1.0.0`.
+
+- [Asev2](#example-1-asev2)
+- [Asev3](#example-2-asev3)
+
+### Example 1: _Asev2_
+
+via Bicep module
+
+```bicep
+module hostingEnvironment 'br:bicep/modules/web.hosting-environment:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-whasev2'
+ params: {
+ // Required parameters
+ name: 'whasev2001'
+ subnetResourceId: '
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "whasev2001"
+ },
+ "subnetResourceId": {
+ "value": "
+
+### Example 2: _Asev3_
+
+via Bicep module
+
+```bicep
+module hostingEnvironment 'br:bicep/modules/web.hosting-environment:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-whasev3'
+ params: {
+ // Required parameters
+ name: 'whasev3001'
+ subnetResourceId: '
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "whasev3001"
+ },
+ "subnetResourceId": {
+ "value": "
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the App Service Environment. |
+| [`subnetResourceId`](#parameter-subnetresourceid) | string | ResourceId for the subnet. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`customDnsSuffixCertificateUrl`](#parameter-customdnssuffixcertificateurl) | string | The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2. |
+| [`customDnsSuffixKeyVaultReferenceIdentity`](#parameter-customdnssuffixkeyvaultreferenceidentity) | string | The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`allowNewPrivateEndpointConnections`](#parameter-allownewprivateendpointconnections) | bool | Property to enable and disable new private endpoint connection creation on ASE. Ignored when kind is set to ASEv2. |
+| [`clusterSettings`](#parameter-clustersettings) | array | Custom settings for changing the behavior of the App Service Environment. |
+| [`customDnsSuffix`](#parameter-customdnssuffix) | string | Enable the default custom domain suffix to use for all sites deployed on the ASE. If provided, then customDnsSuffixCertificateUrl and customDnsSuffixKeyVaultReferenceIdentity are required. Cannot be used when kind is set to ASEv2. |
+| [`dedicatedHostCount`](#parameter-dedicatedhostcount) | int | The Dedicated Host Count. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0. Cannot be used when kind is set to ASEv2. |
+| [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. |
+| [`dnsSuffix`](#parameter-dnssuffix) | string | DNS suffix of the App Service Environment. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`frontEndScaleFactor`](#parameter-frontendscalefactor) | int | Scale factor for frontends. |
+| [`ftpEnabled`](#parameter-ftpenabled) | bool | Property to enable and disable FTP on ASEV3. Ignored when kind is set to ASEv2. |
+| [`inboundIpAddressOverride`](#parameter-inboundipaddressoverride) | string | Customer provided Inbound IP Address. Only able to be set on Ase create. Ignored when kind is set to ASEv2. |
+| [`internalLoadBalancingMode`](#parameter-internalloadbalancingmode) | string | Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing. "None" Exposes the ASE-hosted apps on an internet-accessible IP address. |
+| [`ipsslAddressCount`](#parameter-ipssladdresscount) | int | Number of IP SSL addresses reserved for the App Service Environment. Cannot be used when kind is set to ASEv3. |
+| [`kind`](#parameter-kind) | string | Kind of resource. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | object | The lock settings of the service. |
+| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. |
+| [`multiSize`](#parameter-multisize) | string | Frontend VM size. Cannot be used when kind is set to ASEv3. |
+| [`remoteDebugEnabled`](#parameter-remotedebugenabled) | bool | Property to enable and disable Remote Debug on ASEv3. Ignored when kind is set to ASEv2. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`tags`](#parameter-tags) | object | Resource tags. |
+| [`upgradePreference`](#parameter-upgradepreference) | string | Specify preference for when and how the planned maintenance is applied. |
+| [`userWhitelistedIpRanges`](#parameter-userwhitelistedipranges) | array | User added IP ranges to whitelist on ASE DB. Cannot be used with 'kind' `ASEv3`. |
+| [`zoneRedundant`](#parameter-zoneredundant) | bool | Switch to make the App Service Environment zone redundant. If enabled, the minimum App Service plan instance count will be three, otherwise 1. If enabled, the `dedicatedHostCount` must be set to `-1`. |
+
+### Parameter: `allowNewPrivateEndpointConnections`
+
+Property to enable and disable new private endpoint connection creation on ASE. Ignored when kind is set to ASEv2.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `clusterSettings`
+
+Custom settings for changing the behavior of the App Service Environment.
+- Required: No
+- Type: array
+- Default:
+ ```Bicep
+ [
+ {
+ name: 'DisableTls1.0'
+ value: '1'
+ }
+ ]
+ ```
+
+### Parameter: `customDnsSuffix`
+
+Enable the default custom domain suffix to use for all sites deployed on the ASE. If provided, then customDnsSuffixCertificateUrl and customDnsSuffixKeyVaultReferenceIdentity are required. Cannot be used when kind is set to ASEv2.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `customDnsSuffixCertificateUrl`
+
+The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `customDnsSuffixKeyVaultReferenceIdentity`
+
+The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `dedicatedHostCount`
+
+The Dedicated Host Count. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0. Cannot be used when kind is set to ASEv2.
+- Required: No
+- Type: int
+- Default: `0`
+
+### Parameter: `diagnosticSettings`
+
+The diagnostic settings of the service.
+- Required: No
+- Type: array
+
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
+| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. |
+| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. |
+| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. |
+| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
+| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
+
+### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId`
+
+Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+
+- Required: No
+- Type: string
+
+### Parameter: `diagnosticSettings.eventHubName`
+
+Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
+
+- Required: No
+- Type: string
+
+### Parameter: `diagnosticSettings.logAnalyticsDestinationType`
+
+Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.
+
+- Required: No
+- Type: string
+- Allowed: `[AzureDiagnostics, Dedicated]`
+
+### Parameter: `diagnosticSettings.logCategoriesAndGroups`
+
+Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+
+- Required: No
+- Type: array
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. |
+| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. |
+
+### Parameter: `diagnosticSettings.logCategoriesAndGroups.category`
+
+Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here.
+
+- Required: No
+- Type: string
+
+### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup`
+
+Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs.
+
+- Required: No
+- Type: string
+
+
+### Parameter: `diagnosticSettings.marketplacePartnerResourceId`
+
+Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.
+
+- Required: No
+- Type: string
+
+### Parameter: `diagnosticSettings.name`
+
+Optional. The name of diagnostic setting.
+
+- Required: No
+- Type: string
+
+### Parameter: `diagnosticSettings.storageAccountResourceId`
+
+Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
+
+- Required: No
+- Type: string
+
+### Parameter: `diagnosticSettings.workspaceResourceId`
+
+Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
+
+- Required: No
+- Type: string
+
+### Parameter: `dnsSuffix`
+
+DNS suffix of the App Service Environment.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `frontEndScaleFactor`
+
+Scale factor for frontends.
+- Required: No
+- Type: int
+- Default: `15`
+
+### Parameter: `ftpEnabled`
+
+Property to enable and disable FTP on ASEV3. Ignored when kind is set to ASEv2.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `inboundIpAddressOverride`
+
+Customer provided Inbound IP Address. Only able to be set on Ase create. Ignored when kind is set to ASEv2.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `internalLoadBalancingMode`
+
+Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing. "None" Exposes the ASE-hosted apps on an internet-accessible IP address.
+- Required: No
+- Type: string
+- Default: `'None'`
+- Allowed:
+ ```Bicep
+ [
+ 'None'
+ 'Publishing'
+ 'Web'
+ 'Web Publishing'
+ ]
+ ```
+
+### Parameter: `ipsslAddressCount`
+
+Number of IP SSL addresses reserved for the App Service Environment. Cannot be used when kind is set to ASEv3.
+- Required: No
+- Type: int
+- Default: `0`
+
+### Parameter: `kind`
+
+Kind of resource.
+- Required: No
+- Type: string
+- Default: `'ASEv3'`
+- Allowed:
+ ```Bicep
+ [
+ 'ASEv2'
+ 'ASEv3'
+ ]
+ ```
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+The lock settings of the service.
+- Required: No
+- Type: object
+
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. |
+| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. |
+
+### Parameter: `lock.kind`
+
+Optional. Specify the type of lock.
+
+- Required: No
+- Type: string
+- Allowed: `[CanNotDelete, None, ReadOnly]`
+
+### Parameter: `lock.name`
+
+Optional. Specify the name of lock.
+
+- Required: No
+- Type: string
+
+### Parameter: `managedIdentities`
+
+The managed identity definition for this resource.
+- Required: No
+- Type: object
+
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. |
+| [`userAssignedResourcesIds`](#parameter-managedidentitiesuserassignedresourcesids) | No | array | Optional. The resource ID(s) to assign to the resource. |
+
+### Parameter: `managedIdentities.systemAssigned`
+
+Optional. Enables system assigned managed identity on the resource.
+
+- Required: No
+- Type: bool
+
+### Parameter: `managedIdentities.userAssignedResourcesIds`
+
+Optional. The resource ID(s) to assign to the resource.
+
+- Required: No
+- Type: array
+
+### Parameter: `multiSize`
+
+Frontend VM size. Cannot be used when kind is set to ASEv3.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed:
+ ```Bicep
+ [
+ ''
+ 'ExtraLarge'
+ 'Large'
+ 'Medium'
+ 'Standard_D1_V2'
+ 'Standard_D2'
+ 'Standard_D2_V2'
+ 'Standard_D3'
+ 'Standard_D3_V2'
+ 'Standard_D4'
+ 'Standard_D4_V2'
+ ]
+ ```
+
+### Parameter: `name`
+
+Name of the App Service Environment.
+- Required: Yes
+- Type: string
+
+### Parameter: `remoteDebugEnabled`
+
+Property to enable and disable Remote Debug on ASEv3. Ignored when kind is set to ASEv2.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
+| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. |
+| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. |
+| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. |
+| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. |
+| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. |
+| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. |
+
+### Parameter: `roleAssignments.condition`
+
+Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.conditionVersion`
+
+Optional. Version of the condition.
+
+- Required: No
+- Type: string
+- Allowed: `[2.0]`
+
+### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
+
+Optional. The Resource Id of the delegated managed identity resource.
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.description`
+
+Optional. The description of the role assignment.
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.principalId`
+
+Required. The principal ID of the principal (user/group/identity) to assign the role to.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments.principalType`
+
+Optional. The principal type of the assigned principal ID.
+
+- Required: No
+- Type: string
+- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]`
+
+### Parameter: `roleAssignments.roleDefinitionIdOrName`
+
+Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `subnetResourceId`
+
+ResourceId for the subnet.
+- Required: Yes
+- Type: string
+
+### Parameter: `tags`
+
+Resource tags.
+- Required: No
+- Type: object
+
+### Parameter: `upgradePreference`
+
+Specify preference for when and how the planned maintenance is applied.
+- Required: No
+- Type: string
+- Default: `'None'`
+- Allowed:
+ ```Bicep
+ [
+ 'Early'
+ 'Late'
+ 'Manual'
+ 'None'
+ ]
+ ```
+
+### Parameter: `userWhitelistedIpRanges`
+
+User added IP ranges to whitelist on ASE DB. Cannot be used with 'kind' `ASEv3`.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `zoneRedundant`
+
+Switch to make the App Service Environment zone redundant. If enabled, the minimum App Service plan instance count will be three, otherwise 1. If enabled, the `dedicatedHostCount` must be set to `-1`.
+- Required: No
+- Type: bool
+- Default: `False`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the App Service Environment. |
+| `resourceGroupName` | string | The resource group the App Service Environment was deployed into. |
+| `resourceId` | string | The resource ID of the App Service Environment. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/README.md b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/README.md
new file mode 100644
index 0000000..cc00a5b
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/README.md
@@ -0,0 +1,82 @@
+# Hosting Environment Custom DNS Suffix Configuration `[Microsoft.Web/hostingEnvironments/configurations]`
+
+This module deploys a Hosting Environment Custom DNS Suffix Configuration.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.Web/hostingEnvironments/configurations` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/hostingEnvironments/configurations) |
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`certificateUrl`](#parameter-certificateurl) | string | The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. |
+| [`dnsSuffix`](#parameter-dnssuffix) | string | Enable the default custom domain suffix to use for all sites deployed on the ASE. |
+| [`keyVaultReferenceIdentity`](#parameter-keyvaultreferenceidentity) | string | The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`hostingEnvironmentName`](#parameter-hostingenvironmentname) | string | The name of the parent Hosting Environment. Required if the template is used in a standalone deployment. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+
+### Parameter: `certificateUrl`
+
+The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix.
+- Required: Yes
+- Type: string
+
+### Parameter: `dnsSuffix`
+
+Enable the default custom domain suffix to use for all sites deployed on the ASE.
+- Required: Yes
+- Type: string
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `hostingEnvironmentName`
+
+The name of the parent Hosting Environment. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `keyVaultReferenceIdentity`
+
+The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available.
+- Required: Yes
+- Type: string
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the configuration. |
+| `resourceGroupName` | string | The resource group of the deployed configuration. |
+| `resourceId` | string | The resource ID of the deployed configuration. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/main.bicep b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/main.bicep
new file mode 100644
index 0000000..a7918a3
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/main.bicep
@@ -0,0 +1,53 @@
+metadata name = 'Hosting Environment Custom DNS Suffix Configuration'
+metadata description = 'This module deploys a Hosting Environment Custom DNS Suffix Configuration.'
+metadata owner = 'Azure/module-maintainers'
+
+@description('Conditional. The name of the parent Hosting Environment. Required if the template is used in a standalone deployment.')
+param hostingEnvironmentName string
+
+@description('Required. Enable the default custom domain suffix to use for all sites deployed on the ASE.')
+param dnsSuffix string
+
+@description('Required. The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix.')
+param certificateUrl string
+
+@description('Required. The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available.')
+param keyVaultReferenceIdentity string
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+ name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+ properties: {
+ mode: 'Incremental'
+ template: {
+ '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+ contentVersion: '1.0.0.0'
+ resources: []
+ }
+ }
+}
+
+resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' existing = {
+ name: hostingEnvironmentName
+}
+
+resource configuration 'Microsoft.Web/hostingEnvironments/configurations@2022-03-01' = {
+ name: 'customdnssuffix'
+ parent: appServiceEnvironment
+ properties: {
+ certificateUrl: certificateUrl
+ keyVaultReferenceIdentity: keyVaultReferenceIdentity
+ dnsSuffix: dnsSuffix
+ }
+}
+
+@description('The name of the configuration.')
+output name string = configuration.name
+
+@description('The resource ID of the deployed configuration.')
+output resourceId string = configuration.id
+
+@description('The resource group of the deployed configuration.')
+output resourceGroupName string = resourceGroup().name
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/main.json b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/main.json
new file mode 100644
index 0000000..c4d5148
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/main.json
@@ -0,0 +1,96 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.22.6.54827",
+ "templateHash": "10660520916707434118"
+ },
+ "name": "Hosting Environment Custom DNS Suffix Configuration",
+ "description": "This module deploys a Hosting Environment Custom DNS Suffix Configuration.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "hostingEnvironmentName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent Hosting Environment. Required if the template is used in a standalone deployment."
+ }
+ },
+ "dnsSuffix": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Enable the default custom domain suffix to use for all sites deployed on the ASE."
+ }
+ },
+ "certificateUrl": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix."
+ }
+ },
+ "keyVaultReferenceIdentity": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ }
+ },
+ "resources": [
+ {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Web/hostingEnvironments/configurations",
+ "apiVersion": "2022-03-01",
+ "name": "[format('{0}/{1}', parameters('hostingEnvironmentName'), 'customdnssuffix')]",
+ "properties": {
+ "certificateUrl": "[parameters('certificateUrl')]",
+ "keyVaultReferenceIdentity": "[parameters('keyVaultReferenceIdentity')]",
+ "dnsSuffix": "[parameters('dnsSuffix')]"
+ }
+ }
+ ],
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the configuration."
+ },
+ "value": "customdnssuffix"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the deployed configuration."
+ },
+ "value": "[resourceId('Microsoft.Web/hostingEnvironments/configurations', parameters('hostingEnvironmentName'), 'customdnssuffix')]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource group of the deployed configuration."
+ },
+ "value": "[resourceGroup().name]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/version.json b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/version.json
new file mode 100644
index 0000000..96236a6
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/version.json
@@ -0,0 +1,7 @@
+{
+ "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
+ "version": "0.4",
+ "pathFilters": [
+ "./main.json"
+ ]
+}
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/README.md b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/README.md
new file mode 100644
index 0000000..9fb9176
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/README.md
@@ -0,0 +1,88 @@
+# Hosting Environment Network Configuration `[Microsoft.Web/hostingEnvironments/configurations]`
+
+This module deploys a Hosting Environment Network Configuration.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.Web/hostingEnvironments/configurations` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/hostingEnvironments/configurations) |
+
+## Parameters
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`hostingEnvironmentName`](#parameter-hostingenvironmentname) | string | The name of the parent Hosting Environment. Required if the template is used in a standalone deployment. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`allowNewPrivateEndpointConnections`](#parameter-allownewprivateendpointconnections) | bool | Property to enable and disable new private endpoint connection creation on ASE. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`ftpEnabled`](#parameter-ftpenabled) | bool | Property to enable and disable FTP on ASEV3. |
+| [`inboundIpAddressOverride`](#parameter-inboundipaddressoverride) | string | Customer provided Inbound IP Address. Only able to be set on Ase create. |
+| [`remoteDebugEnabled`](#parameter-remotedebugenabled) | bool | Property to enable and disable Remote Debug on ASEv3. |
+
+### Parameter: `allowNewPrivateEndpointConnections`
+
+Property to enable and disable new private endpoint connection creation on ASE.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `ftpEnabled`
+
+Property to enable and disable FTP on ASEV3.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `hostingEnvironmentName`
+
+The name of the parent Hosting Environment. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `inboundIpAddressOverride`
+
+Customer provided Inbound IP Address. Only able to be set on Ase create.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `remoteDebugEnabled`
+
+Property to enable and disable Remote Debug on ASEv3.
+- Required: No
+- Type: bool
+- Default: `False`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the configuration. |
+| `resourceGroupName` | string | The resource group of the deployed configuration. |
+| `resourceId` | string | The resource ID of the deployed configuration. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/main.bicep b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/main.bicep
new file mode 100644
index 0000000..f1fa448
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/main.bicep
@@ -0,0 +1,57 @@
+metadata name = 'Hosting Environment Network Configuration'
+metadata description = 'This module deploys a Hosting Environment Network Configuration.'
+metadata owner = 'Azure/module-maintainers'
+
+@description('Conditional. The name of the parent Hosting Environment. Required if the template is used in a standalone deployment.')
+param hostingEnvironmentName string
+
+@description('Optional. Property to enable and disable new private endpoint connection creation on ASE.')
+param allowNewPrivateEndpointConnections bool = false
+
+@description('Optional. Property to enable and disable FTP on ASEV3.')
+param ftpEnabled bool = false
+
+@description('Optional. Customer provided Inbound IP Address. Only able to be set on Ase create.')
+param inboundIpAddressOverride string = ''
+
+@description('Optional. Property to enable and disable Remote Debug on ASEv3.')
+param remoteDebugEnabled bool = false
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+ name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+ properties: {
+ mode: 'Incremental'
+ template: {
+ '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+ contentVersion: '1.0.0.0'
+ resources: []
+ }
+ }
+}
+
+resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' existing = {
+ name: hostingEnvironmentName
+}
+
+resource configuration 'Microsoft.Web/hostingEnvironments/configurations@2022-03-01' = {
+ name: 'networking'
+ parent: appServiceEnvironment
+ properties: {
+ allowNewPrivateEndpointConnections: allowNewPrivateEndpointConnections
+ ftpEnabled: ftpEnabled
+ inboundIpAddressOverride: inboundIpAddressOverride
+ remoteDebugEnabled: remoteDebugEnabled
+ }
+}
+
+@description('The name of the configuration.')
+output name string = configuration.name
+
+@description('The resource ID of the deployed configuration.')
+output resourceId string = configuration.id
+
+@description('The resource group of the deployed configuration.')
+output resourceGroupName string = resourceGroup().name
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/main.json b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/main.json
new file mode 100644
index 0000000..0630c14
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/main.json
@@ -0,0 +1,107 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.22.6.54827",
+ "templateHash": "5725974299523715311"
+ },
+ "name": "Hosting Environment Network Configuration",
+ "description": "This module deploys a Hosting Environment Network Configuration.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "hostingEnvironmentName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent Hosting Environment. Required if the template is used in a standalone deployment."
+ }
+ },
+ "allowNewPrivateEndpointConnections": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Property to enable and disable new private endpoint connection creation on ASE."
+ }
+ },
+ "ftpEnabled": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Property to enable and disable FTP on ASEV3."
+ }
+ },
+ "inboundIpAddressOverride": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Customer provided Inbound IP Address. Only able to be set on Ase create."
+ }
+ },
+ "remoteDebugEnabled": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Property to enable and disable Remote Debug on ASEv3."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ }
+ },
+ "resources": [
+ {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Web/hostingEnvironments/configurations",
+ "apiVersion": "2022-03-01",
+ "name": "[format('{0}/{1}', parameters('hostingEnvironmentName'), 'networking')]",
+ "properties": {
+ "allowNewPrivateEndpointConnections": "[parameters('allowNewPrivateEndpointConnections')]",
+ "ftpEnabled": "[parameters('ftpEnabled')]",
+ "inboundIpAddressOverride": "[parameters('inboundIpAddressOverride')]",
+ "remoteDebugEnabled": "[parameters('remoteDebugEnabled')]"
+ }
+ }
+ ],
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the configuration."
+ },
+ "value": "networking"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the deployed configuration."
+ },
+ "value": "[resourceId('Microsoft.Web/hostingEnvironments/configurations', parameters('hostingEnvironmentName'), 'networking')]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource group of the deployed configuration."
+ },
+ "value": "[resourceGroup().name]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/version.json b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/version.json
new file mode 100644
index 0000000..96236a6
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/version.json
@@ -0,0 +1,7 @@
+{
+ "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
+ "version": "0.4",
+ "pathFilters": [
+ "./main.json"
+ ]
+}
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/main.bicep b/bicep-examples/dependencies/modules/webApp/hosting-environment/main.bicep
new file mode 100644
index 0000000..a6a4c56
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/hosting-environment/main.bicep
@@ -0,0 +1,324 @@
+metadata name = 'App Service Environments'
+metadata description = 'This module deploys an App Service Environment.'
+metadata owner = 'Azure/module-maintainers'
+
+@description('Required. Name of the App Service Environment.')
+@minLength(1)
+param name string
+
+@description('Optional. Location for all resources.')
+param location string = resourceGroup().location
+
+@description('Optional. The lock settings of the service.')
+param lock lockType
+
+@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.')
+param roleAssignments roleAssignmentType
+
+@description('Optional. Resource tags.')
+param tags object?
+
+@allowed([
+ 'ASEv2'
+ 'ASEv3'
+])
+@description('Optional. Kind of resource.')
+param kind string = 'ASEv3'
+
+@description('Optional. Custom settings for changing the behavior of the App Service Environment.')
+param clusterSettings array = [
+ {
+ name: 'DisableTls1.0'
+ value: '1'
+ }
+]
+
+@description('Optional. Enable the default custom domain suffix to use for all sites deployed on the ASE. If provided, then customDnsSuffixCertificateUrl and customDnsSuffixKeyVaultReferenceIdentity are required. Cannot be used when kind is set to ASEv2.')
+param customDnsSuffix string = ''
+
+@description('Conditional. The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2.')
+param customDnsSuffixCertificateUrl string = ''
+
+@description('Conditional. The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2.')
+param customDnsSuffixKeyVaultReferenceIdentity string = ''
+
+@description('Optional. The Dedicated Host Count. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0. Cannot be used when kind is set to ASEv2.')
+param dedicatedHostCount int = 0
+
+@description('Optional. DNS suffix of the App Service Environment.')
+param dnsSuffix string = ''
+
+@description('Optional. Scale factor for frontends.')
+param frontEndScaleFactor int = 15
+
+@description('Optional. Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing. "None" Exposes the ASE-hosted apps on an internet-accessible IP address.')
+@allowed([
+ 'None'
+ 'Web'
+ 'Publishing'
+ 'Web, Publishing'
+])
+param internalLoadBalancingMode string = 'None'
+
+@description('Optional. Number of IP SSL addresses reserved for the App Service Environment. Cannot be used when kind is set to ASEv3.')
+param ipsslAddressCount int = 0
+
+@description('Optional. Frontend VM size. Cannot be used when kind is set to ASEv3.')
+@allowed([
+ ''
+ 'Medium'
+ 'Large'
+ 'ExtraLarge'
+ 'Standard_D2'
+ 'Standard_D3'
+ 'Standard_D4'
+ 'Standard_D1_V2'
+ 'Standard_D2_V2'
+ 'Standard_D3_V2'
+ 'Standard_D4_V2'
+])
+param multiSize string = ''
+
+@description('Optional. Property to enable and disable new private endpoint connection creation on ASE. Ignored when kind is set to ASEv2.')
+param allowNewPrivateEndpointConnections bool = false
+
+@description('Optional. Property to enable and disable FTP on ASEV3. Ignored when kind is set to ASEv2.')
+param ftpEnabled bool = false
+
+@description('Optional. Customer provided Inbound IP Address. Only able to be set on Ase create. Ignored when kind is set to ASEv2.')
+param inboundIpAddressOverride string = ''
+
+@description('Optional. Property to enable and disable Remote Debug on ASEv3. Ignored when kind is set to ASEv2.')
+param remoteDebugEnabled bool = false
+
+@description('Optional. Specify preference for when and how the planned maintenance is applied.')
+@allowed([
+ 'Early'
+ 'Late'
+ 'Manual'
+ 'None'
+])
+param upgradePreference string = 'None'
+
+@description('Required. ResourceId for the subnet.')
+param subnetResourceId string
+
+@description('Optional. User added IP ranges to whitelist on ASE DB. Cannot be used with \'kind\' `ASEv3`.')
+param userWhitelistedIpRanges array = []
+
+@description('Optional. Switch to make the App Service Environment zone redundant. If enabled, the minimum App Service plan instance count will be three, otherwise 1. If enabled, the `dedicatedHostCount` must be set to `-1`.')
+param zoneRedundant bool = false
+
+@description('Optional. The managed identity definition for this resource.')
+param managedIdentities managedIdentitiesType
+
+@description('Optional. The diagnostic settings of the service.')
+param diagnosticSettings diagnosticSettingType
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+var formattedUserAssignedIdentities = reduce(map((managedIdentities.?userAssignedResourcesIds ?? []), (id) => { '${id}': {} }), {}, (cur, next) => union(cur, next)) // Converts the flat array to an object like { '${id1}': {}, '${id2}': {} }
+
+var identity = !empty(managedIdentities) ? {
+ type: (managedIdentities.?systemAssigned ?? false) ? (!empty(managedIdentities.?userAssignedResourcesIds ?? {}) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(managedIdentities.?userAssignedResourcesIds ?? {}) ? 'UserAssigned' : null)
+ userAssignedIdentities: !empty(formattedUserAssignedIdentities) ? formattedUserAssignedIdentities : null
+} : any(null)
+
+var enableReferencedModulesTelemetry = false
+
+var builtInRoleNames = {
+ Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
+ Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
+ Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
+ 'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')
+ 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')
+}
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+ name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
+ properties: {
+ mode: 'Incremental'
+ template: {
+ '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+ contentVersion: '1.0.0.0'
+ resources: []
+ }
+ }
+}
+
+resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' = {
+ name: name
+ kind: kind
+ location: location
+ tags: tags
+ identity: identity
+ properties: {
+ clusterSettings: clusterSettings
+ dedicatedHostCount: dedicatedHostCount != 0 ? dedicatedHostCount : null
+ dnsSuffix: !empty(dnsSuffix) ? dnsSuffix : null
+ frontEndScaleFactor: frontEndScaleFactor
+ internalLoadBalancingMode: internalLoadBalancingMode
+ ipsslAddressCount: ipsslAddressCount != 0 ? ipsslAddressCount : null
+ multiSize: !empty(multiSize) ? any(multiSize) : null
+ upgradePreference: upgradePreference
+ userWhitelistedIpRanges: !empty(userWhitelistedIpRanges) ? userWhitelistedIpRanges : null
+ virtualNetwork: {
+ id: subnetResourceId
+ subnet: last(split(subnetResourceId, '/'))
+ }
+ zoneRedundant: zoneRedundant
+ }
+}
+
+module appServiceEnvironment_configurations_networking 'configuration--networking/main.bicep' = if (kind == 'ASEv3') {
+ name: '${uniqueString(deployment().name, location)}-AppServiceEnv-Configurations-Networking'
+ params: {
+ hostingEnvironmentName: appServiceEnvironment.name
+ allowNewPrivateEndpointConnections: allowNewPrivateEndpointConnections
+ ftpEnabled: ftpEnabled
+ inboundIpAddressOverride: inboundIpAddressOverride
+ remoteDebugEnabled: remoteDebugEnabled
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
+ }
+}
+
+module appServiceEnvironment_configurations_customDnsSuffix 'configuration--customdnssuffix/main.bicep' = if (kind == 'ASEv3' && !empty(customDnsSuffix)) {
+ name: '${uniqueString(deployment().name, location)}-AppServiceEnv-Configurations-CustomDnsSuffix'
+ params: {
+ hostingEnvironmentName: appServiceEnvironment.name
+ certificateUrl: customDnsSuffixCertificateUrl
+ keyVaultReferenceIdentity: customDnsSuffixKeyVaultReferenceIdentity
+ dnsSuffix: customDnsSuffix
+ enableDefaultTelemetry: enableReferencedModulesTelemetry
+ }
+}
+
+resource appServiceEnvironment_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') {
+ name: lock.?name ?? 'lock-${name}'
+ properties: {
+ level: lock.?kind ?? ''
+ notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.'
+ }
+ scope: appServiceEnvironment
+}
+
+resource appServiceEnvironment_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = [for (diagnosticSetting, index) in (diagnosticSettings ?? []): {
+ name: diagnosticSetting.?name ?? '${name}-diagnosticSettings'
+ properties: {
+ storageAccountId: diagnosticSetting.?storageAccountResourceId
+ workspaceId: diagnosticSetting.?workspaceResourceId
+ eventHubAuthorizationRuleId: diagnosticSetting.?eventHubAuthorizationRuleResourceId
+ eventHubName: diagnosticSetting.?eventHubName
+ logs: diagnosticSetting.?logCategoriesAndGroups ?? [
+ {
+ categoryGroup: 'AllLogs'
+ enabled: true
+ }
+ ]
+ marketplacePartnerId: diagnosticSetting.?marketplacePartnerResourceId
+ logAnalyticsDestinationType: diagnosticSetting.?logAnalyticsDestinationType
+ }
+ scope: appServiceEnvironment
+}]
+
+resource appServiceEnvironment_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (roleAssignment, index) in (roleAssignments ?? []): {
+ name: guid(appServiceEnvironment.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName)
+ properties: {
+ roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] : roleAssignment.roleDefinitionIdOrName
+ principalId: roleAssignment.principalId
+ description: roleAssignment.?description
+ principalType: roleAssignment.?principalType
+ condition: roleAssignment.?condition
+ conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set
+ delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId
+ }
+ scope: appServiceEnvironment
+}]
+
+@description('The resource ID of the App Service Environment.')
+output resourceId string = appServiceEnvironment.id
+
+@description('The resource group the App Service Environment was deployed into.')
+output resourceGroupName string = resourceGroup().name
+
+@description('The name of the App Service Environment.')
+output name string = appServiceEnvironment.name
+
+@description('The location the resource was deployed into.')
+output location string = appServiceEnvironment.location
+
+// =============== //
+// Definitions //
+// =============== //
+
+type managedIdentitiesType = {
+ @description('Optional. Enables system assigned managed identity on the resource.')
+ systemAssigned: bool?
+
+ @description('Optional. The resource ID(s) to assign to the resource.')
+ userAssignedResourcesIds: string[]?
+}?
+
+type lockType = {
+ @description('Optional. Specify the name of lock.')
+ name: string?
+
+ @description('Optional. Specify the type of lock.')
+ kind: ('CanNotDelete' | 'ReadOnly' | 'None')?
+}?
+
+type roleAssignmentType = {
+ @description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.')
+ roleDefinitionIdOrName: string
+
+ @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.')
+ principalId: string
+
+ @description('Optional. The principal type of the assigned principal ID.')
+ principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device' | null)?
+
+ @description('Optional. The description of the role assignment.')
+ description: string?
+
+ @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"')
+ condition: string?
+
+ @description('Optional. Version of the condition.')
+ conditionVersion: '2.0'?
+
+ @description('Optional. The Resource Id of the delegated managed identity resource.')
+ delegatedManagedIdentityResourceId: string?
+}[]?
+
+type diagnosticSettingType = {
+ @description('Optional. The name of diagnostic setting.')
+ name: string?
+
+ @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to \'\' to disable log collection.')
+ logCategoriesAndGroups: {
+ @description('Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here.')
+ category: string?
+
+ @description('Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to \'AllLogs\' to collect all logs.')
+ categoryGroup: string?
+ }[]?
+
+ @description('Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.')
+ logAnalyticsDestinationType: ('Dedicated' | 'AzureDiagnostics' | null)?
+
+ @description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
+ workspaceResourceId: string?
+
+ @description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
+ storageAccountResourceId: string?
+
+ @description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.')
+ eventHubAuthorizationRuleResourceId: string?
+
+ @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
+ eventHubName: string?
+
+ @description('Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.')
+ marketplacePartnerResourceId: string?
+}[]?
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/main.json b/bicep-examples/dependencies/modules/webApp/hosting-environment/main.json
new file mode 100644
index 0000000..b1d6749
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/hosting-environment/main.json
@@ -0,0 +1,850 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "languageVersion": "2.0",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.22.6.54827",
+ "templateHash": "12800539837694740755"
+ },
+ "name": "App Service Environments",
+ "description": "This module deploys an App Service Environment.",
+ "owner": "Azure/module-maintainers"
+ },
+ "definitions": {
+ "managedIdentitiesType": {
+ "type": "object",
+ "properties": {
+ "systemAssigned": {
+ "type": "bool",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Enables system assigned managed identity on the resource."
+ }
+ },
+ "userAssignedResourcesIds": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The resource ID(s) to assign to the resource."
+ }
+ }
+ },
+ "nullable": true
+ },
+ "lockType": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Specify the name of lock."
+ }
+ },
+ "kind": {
+ "type": "string",
+ "allowedValues": [
+ "CanNotDelete",
+ "None",
+ "ReadOnly"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Specify the type of lock."
+ }
+ }
+ },
+ "nullable": true
+ },
+ "roleAssignmentType": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "roleDefinitionIdOrName": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead."
+ }
+ },
+ "principalId": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to."
+ }
+ },
+ "principalType": {
+ "type": "string",
+ "allowedValues": [
+ "Device",
+ "ForeignGroup",
+ "Group",
+ "ServicePrincipal",
+ "User"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The principal type of the assigned principal ID."
+ }
+ },
+ "description": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The description of the role assignment."
+ }
+ },
+ "condition": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
+ }
+ },
+ "conditionVersion": {
+ "type": "string",
+ "allowedValues": [
+ "2.0"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Version of the condition."
+ }
+ },
+ "delegatedManagedIdentityResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The Resource Id of the delegated managed identity resource."
+ }
+ }
+ }
+ },
+ "nullable": true
+ },
+ "diagnosticSettingType": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The name of diagnostic setting."
+ }
+ },
+ "logCategoriesAndGroups": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "category": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here."
+ }
+ },
+ "categoryGroup": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs."
+ }
+ }
+ }
+ },
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection."
+ }
+ },
+ "logAnalyticsDestinationType": {
+ "type": "string",
+ "allowedValues": [
+ "AzureDiagnostics",
+ "Dedicated"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type."
+ }
+ },
+ "workspaceResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "storageAccountResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "eventHubAuthorizationRuleResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to."
+ }
+ },
+ "eventHubName": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "marketplacePartnerResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs."
+ }
+ }
+ }
+ },
+ "nullable": true
+ }
+ },
+ "parameters": {
+ "name": {
+ "type": "string",
+ "minLength": 1,
+ "metadata": {
+ "description": "Required. Name of the App Service Environment."
+ }
+ },
+ "location": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().location]",
+ "metadata": {
+ "description": "Optional. Location for all resources."
+ }
+ },
+ "lock": {
+ "$ref": "#/definitions/lockType",
+ "metadata": {
+ "description": "Optional. The lock settings of the service."
+ }
+ },
+ "roleAssignments": {
+ "$ref": "#/definitions/roleAssignmentType",
+ "metadata": {
+ "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
+ }
+ },
+ "tags": {
+ "type": "object",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource tags."
+ }
+ },
+ "kind": {
+ "type": "string",
+ "defaultValue": "ASEv3",
+ "allowedValues": [
+ "ASEv2",
+ "ASEv3"
+ ],
+ "metadata": {
+ "description": "Optional. Kind of resource."
+ }
+ },
+ "clusterSettings": {
+ "type": "array",
+ "defaultValue": [
+ {
+ "name": "DisableTls1.0",
+ "value": "1"
+ }
+ ],
+ "metadata": {
+ "description": "Optional. Custom settings for changing the behavior of the App Service Environment."
+ }
+ },
+ "customDnsSuffix": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Enable the default custom domain suffix to use for all sites deployed on the ASE. If provided, then customDnsSuffixCertificateUrl and customDnsSuffixKeyVaultReferenceIdentity are required. Cannot be used when kind is set to ASEv2."
+ }
+ },
+ "customDnsSuffixCertificateUrl": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Conditional. The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2."
+ }
+ },
+ "customDnsSuffixKeyVaultReferenceIdentity": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Conditional. The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2."
+ }
+ },
+ "dedicatedHostCount": {
+ "type": "int",
+ "defaultValue": 0,
+ "metadata": {
+ "description": "Optional. The Dedicated Host Count. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0. Cannot be used when kind is set to ASEv2."
+ }
+ },
+ "dnsSuffix": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. DNS suffix of the App Service Environment."
+ }
+ },
+ "frontEndScaleFactor": {
+ "type": "int",
+ "defaultValue": 15,
+ "metadata": {
+ "description": "Optional. Scale factor for frontends."
+ }
+ },
+ "internalLoadBalancingMode": {
+ "type": "string",
+ "defaultValue": "None",
+ "allowedValues": [
+ "None",
+ "Web",
+ "Publishing",
+ "Web, Publishing"
+ ],
+ "metadata": {
+ "description": "Optional. Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing. \"None\" Exposes the ASE-hosted apps on an internet-accessible IP address."
+ }
+ },
+ "ipsslAddressCount": {
+ "type": "int",
+ "defaultValue": 0,
+ "metadata": {
+ "description": "Optional. Number of IP SSL addresses reserved for the App Service Environment. Cannot be used when kind is set to ASEv3."
+ }
+ },
+ "multiSize": {
+ "type": "string",
+ "defaultValue": "",
+ "allowedValues": [
+ "",
+ "Medium",
+ "Large",
+ "ExtraLarge",
+ "Standard_D2",
+ "Standard_D3",
+ "Standard_D4",
+ "Standard_D1_V2",
+ "Standard_D2_V2",
+ "Standard_D3_V2",
+ "Standard_D4_V2"
+ ],
+ "metadata": {
+ "description": "Optional. Frontend VM size. Cannot be used when kind is set to ASEv3."
+ }
+ },
+ "allowNewPrivateEndpointConnections": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Property to enable and disable new private endpoint connection creation on ASE. Ignored when kind is set to ASEv2."
+ }
+ },
+ "ftpEnabled": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Property to enable and disable FTP on ASEV3. Ignored when kind is set to ASEv2."
+ }
+ },
+ "inboundIpAddressOverride": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Customer provided Inbound IP Address. Only able to be set on Ase create. Ignored when kind is set to ASEv2."
+ }
+ },
+ "remoteDebugEnabled": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Property to enable and disable Remote Debug on ASEv3. Ignored when kind is set to ASEv2."
+ }
+ },
+ "upgradePreference": {
+ "type": "string",
+ "defaultValue": "None",
+ "allowedValues": [
+ "Early",
+ "Late",
+ "Manual",
+ "None"
+ ],
+ "metadata": {
+ "description": "Optional. Specify preference for when and how the planned maintenance is applied."
+ }
+ },
+ "subnetResourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. ResourceId for the subnet."
+ }
+ },
+ "userWhitelistedIpRanges": {
+ "type": "array",
+ "defaultValue": [],
+ "metadata": {
+ "description": "Optional. User added IP ranges to whitelist on ASE DB. Cannot be used with 'kind' `ASEv3`."
+ }
+ },
+ "zoneRedundant": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Switch to make the App Service Environment zone redundant. If enabled, the minimum App Service plan instance count will be three, otherwise 1. If enabled, the `dedicatedHostCount` must be set to `-1`."
+ }
+ },
+ "managedIdentities": {
+ "$ref": "#/definitions/managedIdentitiesType",
+ "metadata": {
+ "description": "Optional. The managed identity definition for this resource."
+ }
+ },
+ "diagnosticSettings": {
+ "$ref": "#/definitions/diagnosticSettingType",
+ "metadata": {
+ "description": "Optional. The diagnostic settings of the service."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ }
+ },
+ "variables": {
+ "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]",
+ "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]",
+ "enableReferencedModulesTelemetry": false,
+ "builtInRoleNames": {
+ "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
+ "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
+ "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
+ "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]",
+ "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]"
+ }
+ },
+ "resources": {
+ "defaultTelemetry": {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ "appServiceEnvironment": {
+ "type": "Microsoft.Web/hostingEnvironments",
+ "apiVersion": "2022-03-01",
+ "name": "[parameters('name')]",
+ "kind": "[parameters('kind')]",
+ "location": "[parameters('location')]",
+ "tags": "[parameters('tags')]",
+ "identity": "[variables('identity')]",
+ "properties": {
+ "clusterSettings": "[parameters('clusterSettings')]",
+ "dedicatedHostCount": "[if(not(equals(parameters('dedicatedHostCount'), 0)), parameters('dedicatedHostCount'), null())]",
+ "dnsSuffix": "[if(not(empty(parameters('dnsSuffix'))), parameters('dnsSuffix'), null())]",
+ "frontEndScaleFactor": "[parameters('frontEndScaleFactor')]",
+ "internalLoadBalancingMode": "[parameters('internalLoadBalancingMode')]",
+ "ipsslAddressCount": "[if(not(equals(parameters('ipsslAddressCount'), 0)), parameters('ipsslAddressCount'), null())]",
+ "multiSize": "[if(not(empty(parameters('multiSize'))), parameters('multiSize'), null())]",
+ "upgradePreference": "[parameters('upgradePreference')]",
+ "userWhitelistedIpRanges": "[if(not(empty(parameters('userWhitelistedIpRanges'))), parameters('userWhitelistedIpRanges'), null())]",
+ "virtualNetwork": {
+ "id": "[parameters('subnetResourceId')]",
+ "subnet": "[last(split(parameters('subnetResourceId'), '/'))]"
+ },
+ "zoneRedundant": "[parameters('zoneRedundant')]"
+ }
+ },
+ "appServiceEnvironment_lock": {
+ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
+ "type": "Microsoft.Authorization/locks",
+ "apiVersion": "2020-05-01",
+ "scope": "[format('Microsoft.Web/hostingEnvironments/{0}', parameters('name'))]",
+ "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]",
+ "properties": {
+ "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]",
+ "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]"
+ },
+ "dependsOn": [
+ "appServiceEnvironment"
+ ]
+ },
+ "appServiceEnvironment_diagnosticSettings": {
+ "copy": {
+ "name": "appServiceEnvironment_diagnosticSettings",
+ "count": "[length(coalesce(parameters('diagnosticSettings'), createArray()))]"
+ },
+ "type": "Microsoft.Insights/diagnosticSettings",
+ "apiVersion": "2021-05-01-preview",
+ "scope": "[format('Microsoft.Web/hostingEnvironments/{0}', parameters('name'))]",
+ "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]",
+ "properties": {
+ "storageAccountId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'storageAccountResourceId')]",
+ "workspaceId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'workspaceResourceId')]",
+ "eventHubAuthorizationRuleId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubAuthorizationRuleResourceId')]",
+ "eventHubName": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubName')]",
+ "logs": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), createArray(createObject('categoryGroup', 'AllLogs', 'enabled', true())))]",
+ "marketplacePartnerId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'marketplacePartnerResourceId')]",
+ "logAnalyticsDestinationType": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logAnalyticsDestinationType')]"
+ },
+ "dependsOn": [
+ "appServiceEnvironment"
+ ]
+ },
+ "appServiceEnvironment_roleAssignments": {
+ "copy": {
+ "name": "appServiceEnvironment_roleAssignments",
+ "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]"
+ },
+ "type": "Microsoft.Authorization/roleAssignments",
+ "apiVersion": "2022-04-01",
+ "scope": "[format('Microsoft.Web/hostingEnvironments/{0}', parameters('name'))]",
+ "name": "[guid(resourceId('Microsoft.Web/hostingEnvironments', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
+ "properties": {
+ "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
+ "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]",
+ "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]",
+ "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]",
+ "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]",
+ "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]",
+ "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]"
+ },
+ "dependsOn": [
+ "appServiceEnvironment"
+ ]
+ },
+ "appServiceEnvironment_configurations_networking": {
+ "condition": "[equals(parameters('kind'), 'ASEv3')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-AppServiceEnv-Configurations-Networking', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "hostingEnvironmentName": {
+ "value": "[parameters('name')]"
+ },
+ "allowNewPrivateEndpointConnections": {
+ "value": "[parameters('allowNewPrivateEndpointConnections')]"
+ },
+ "ftpEnabled": {
+ "value": "[parameters('ftpEnabled')]"
+ },
+ "inboundIpAddressOverride": {
+ "value": "[parameters('inboundIpAddressOverride')]"
+ },
+ "remoteDebugEnabled": {
+ "value": "[parameters('remoteDebugEnabled')]"
+ },
+ "enableDefaultTelemetry": {
+ "value": "[variables('enableReferencedModulesTelemetry')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.22.6.54827",
+ "templateHash": "5725974299523715311"
+ },
+ "name": "Hosting Environment Network Configuration",
+ "description": "This module deploys a Hosting Environment Network Configuration.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "hostingEnvironmentName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent Hosting Environment. Required if the template is used in a standalone deployment."
+ }
+ },
+ "allowNewPrivateEndpointConnections": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Property to enable and disable new private endpoint connection creation on ASE."
+ }
+ },
+ "ftpEnabled": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Property to enable and disable FTP on ASEV3."
+ }
+ },
+ "inboundIpAddressOverride": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Customer provided Inbound IP Address. Only able to be set on Ase create."
+ }
+ },
+ "remoteDebugEnabled": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. Property to enable and disable Remote Debug on ASEv3."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ }
+ },
+ "resources": [
+ {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Web/hostingEnvironments/configurations",
+ "apiVersion": "2022-03-01",
+ "name": "[format('{0}/{1}', parameters('hostingEnvironmentName'), 'networking')]",
+ "properties": {
+ "allowNewPrivateEndpointConnections": "[parameters('allowNewPrivateEndpointConnections')]",
+ "ftpEnabled": "[parameters('ftpEnabled')]",
+ "inboundIpAddressOverride": "[parameters('inboundIpAddressOverride')]",
+ "remoteDebugEnabled": "[parameters('remoteDebugEnabled')]"
+ }
+ }
+ ],
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the configuration."
+ },
+ "value": "networking"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the deployed configuration."
+ },
+ "value": "[resourceId('Microsoft.Web/hostingEnvironments/configurations', parameters('hostingEnvironmentName'), 'networking')]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource group of the deployed configuration."
+ },
+ "value": "[resourceGroup().name]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "appServiceEnvironment"
+ ]
+ },
+ "appServiceEnvironment_configurations_customDnsSuffix": {
+ "condition": "[and(equals(parameters('kind'), 'ASEv3'), not(empty(parameters('customDnsSuffix'))))]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}-AppServiceEnv-Configurations-CustomDnsSuffix', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "expressionEvaluationOptions": {
+ "scope": "inner"
+ },
+ "mode": "Incremental",
+ "parameters": {
+ "hostingEnvironmentName": {
+ "value": "[parameters('name')]"
+ },
+ "certificateUrl": {
+ "value": "[parameters('customDnsSuffixCertificateUrl')]"
+ },
+ "keyVaultReferenceIdentity": {
+ "value": "[parameters('customDnsSuffixKeyVaultReferenceIdentity')]"
+ },
+ "dnsSuffix": {
+ "value": "[parameters('customDnsSuffix')]"
+ },
+ "enableDefaultTelemetry": {
+ "value": "[variables('enableReferencedModulesTelemetry')]"
+ }
+ },
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.22.6.54827",
+ "templateHash": "10660520916707434118"
+ },
+ "name": "Hosting Environment Custom DNS Suffix Configuration",
+ "description": "This module deploys a Hosting Environment Custom DNS Suffix Configuration.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "hostingEnvironmentName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent Hosting Environment. Required if the template is used in a standalone deployment."
+ }
+ },
+ "dnsSuffix": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Enable the default custom domain suffix to use for all sites deployed on the ASE."
+ }
+ },
+ "certificateUrl": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix."
+ }
+ },
+ "keyVaultReferenceIdentity": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ }
+ },
+ "resources": [
+ {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Web/hostingEnvironments/configurations",
+ "apiVersion": "2022-03-01",
+ "name": "[format('{0}/{1}', parameters('hostingEnvironmentName'), 'customdnssuffix')]",
+ "properties": {
+ "certificateUrl": "[parameters('certificateUrl')]",
+ "keyVaultReferenceIdentity": "[parameters('keyVaultReferenceIdentity')]",
+ "dnsSuffix": "[parameters('dnsSuffix')]"
+ }
+ }
+ ],
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the configuration."
+ },
+ "value": "customdnssuffix"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the deployed configuration."
+ },
+ "value": "[resourceId('Microsoft.Web/hostingEnvironments/configurations', parameters('hostingEnvironmentName'), 'customdnssuffix')]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource group of the deployed configuration."
+ },
+ "value": "[resourceGroup().name]"
+ }
+ }
+ }
+ },
+ "dependsOn": [
+ "appServiceEnvironment"
+ ]
+ }
+ },
+ "outputs": {
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the App Service Environment."
+ },
+ "value": "[resourceId('Microsoft.Web/hostingEnvironments', parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource group the App Service Environment was deployed into."
+ },
+ "value": "[resourceGroup().name]"
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the App Service Environment."
+ },
+ "value": "[parameters('name')]"
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "The location the resource was deployed into."
+ },
+ "value": "[reference('appServiceEnvironment', '2022-03-01', 'full').location]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev2/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev2/dependencies.bicep
new file mode 100644
index 0000000..d549b5f
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev2/dependencies.bicep
@@ -0,0 +1,80 @@
+@description('Optional. The location to deploy to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Network Security Group to create.')
+param networkSecurityGroupName string
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+var addressPrefix = '10.0.0.0/16'
+
+resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2023-04-01' = {
+ name: networkSecurityGroupName
+ location: location
+ properties: {
+ securityRules: [
+ {
+ name: 'AllowPortsForASE2'
+ properties: {
+ access: 'Allow'
+ destinationAddressPrefix: addressPrefix
+ destinationPortRange: '454-455'
+ direction: 'Inbound'
+ priority: 1020
+ protocol: '*'
+ sourceAddressPrefix: 'AppServiceManagement'
+ sourcePortRange: '*'
+ }
+ }
+ ]
+ }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = {
+ name: virtualNetworkName
+ location: location
+ properties: {
+ addressSpace: {
+ addressPrefixes: [
+ addressPrefix
+ ]
+ }
+ subnets: [
+ {
+ name: 'defaultSubnet'
+ properties: {
+ addressPrefix: cidrSubnet(addressPrefix, 16, 0)
+ networkSecurityGroup: {
+ id: networkSecurityGroup.id
+ }
+ delegations: [
+ {
+ name: 'ase'
+ properties: {
+ serviceName: 'Microsoft.Web/hostingEnvironments'
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+ name: managedIdentityName
+ location: location
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev2/main.test.bicep b/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev2/main.test.bicep
new file mode 100644
index 0000000..d86885a
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev2/main.test.bicep
@@ -0,0 +1,111 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+
+@description('Optional. The name of the resource group to deploy for testing purposes.')
+@maxLength(90)
+param resourceGroupName string = 'dep-${namePrefix}-web.hostingenvironments-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to.')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
+param serviceShort string = 'whasev2'
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+@description('Optional. A token to inject into the name of each resource.')
+param namePrefix string = '[[namePrefix]]'
+
+// ============ //
+// Dependencies //
+// ============ //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+ name: resourceGroupName
+ location: location
+}
+
+module nestedDependencies 'dependencies.bicep' = {
+ scope: resourceGroup
+ name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+ params: {
+ networkSecurityGroupName: 'dep-${namePrefix}-nsg-${serviceShort}'
+ virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}'
+ managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
+ }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
+ scope: resourceGroup
+ name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+ params: {
+ storageAccountName: 'dep${namePrefix}diasa${serviceShort}01'
+ logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}'
+ eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}'
+ eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}'
+ location: location
+ }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../../main.bicep' = {
+ scope: resourceGroup
+ name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
+ params: {
+ enableDefaultTelemetry: enableDefaultTelemetry
+ name: '${namePrefix}${serviceShort}001'
+ location: resourceGroup.location
+ lock: {
+ kind: 'CanNotDelete'
+ name: 'myCustomLockName'
+ }
+ roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ principalId: nestedDependencies.outputs.managedIdentityPrincipalId
+ principalType: 'ServicePrincipal'
+ }
+ ]
+ tags: {
+ 'hidden-title': 'This is visible in the resource name'
+ resourceType: 'App Service Environment'
+ hostingEnvironmentName: '${namePrefix}${serviceShort}001'
+ }
+ subnetResourceId: nestedDependencies.outputs.subnetResourceId
+ clusterSettings: [
+ {
+ name: 'DisableTls1.0'
+ value: '1'
+ }
+ ]
+ diagnosticSettings: [
+ {
+ name: 'customSetting'
+ eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+ eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+ storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId
+ workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+ }
+ ]
+ managedIdentities: {
+ systemAssigned: true
+ userAssignedResourcesIds: [
+ nestedDependencies.outputs.managedIdentityResourceId
+ ]
+ }
+ ipsslAddressCount: 2
+ kind: 'ASEv2'
+ multiSize: 'Standard_D1_V2'
+ }
+}
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev3/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev3/dependencies.bicep
new file mode 100644
index 0000000..eedd2e4
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev3/dependencies.bicep
@@ -0,0 +1,135 @@
+@description('Optional. The location to deploy to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Network Security Group to create.')
+param networkSecurityGroupName string
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+@description('Required. The name of the Key Vault to create.')
+param keyVaultName string
+
+@description('Required. The name of the Deployment Script to create for the Certificate generation.')
+param certDeploymentScriptName string
+
+var addressPrefix = '10.0.0.0/16'
+
+resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2023-04-01' = {
+ name: networkSecurityGroupName
+ location: location
+ properties: {
+ securityRules: [
+ {
+ name: 'AllowPortsForASE'
+ properties: {
+ access: 'Allow'
+ destinationAddressPrefix: '10.0.7.0/24'
+ destinationPortRange: '454-455'
+ direction: 'Inbound'
+ priority: 1010
+ protocol: '*'
+ sourceAddressPrefix: 'AppServiceManagement'
+ sourcePortRange: '*'
+ }
+ }
+ ]
+ }
+}
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = {
+ name: virtualNetworkName
+ location: location
+ properties: {
+ addressSpace: {
+ addressPrefixes: [
+ addressPrefix
+ ]
+ }
+ subnets: [
+ {
+ name: 'defaultSubnet'
+ properties: {
+ addressPrefix: cidrSubnet(addressPrefix, 16, 0)
+ networkSecurityGroup: {
+ id: networkSecurityGroup.id
+ }
+ delegations: [
+ {
+ name: 'ase'
+ properties: {
+ serviceName: 'Microsoft.Web/hostingEnvironments'
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+ name: managedIdentityName
+ location: location
+}
+
+resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
+ name: keyVaultName
+ location: location
+ properties: {
+ sku: {
+ family: 'A'
+ name: 'standard'
+ }
+ tenantId: tenant().tenantId
+ enablePurgeProtection: null
+ enabledForTemplateDeployment: true
+ enabledForDiskEncryption: true
+ enabledForDeployment: true
+ enableRbacAuthorization: true
+ accessPolicies: []
+ }
+}
+
+resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+ name: guid('msi-${managedIdentity.name}-KeyVault-Admin-RoleAssignment')
+ scope: keyVault
+ properties: {
+ principalId: managedIdentity.properties.principalId
+ roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483') // Key Vault Administrator
+ principalType: 'ServicePrincipal'
+ }
+}
+
+resource certDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
+ name: certDeploymentScriptName
+ location: location
+ kind: 'AzurePowerShell'
+ identity: {
+ type: 'UserAssigned'
+ userAssignedIdentities: {
+ '${managedIdentity.id}': {}
+ }
+ }
+ properties: {
+ azPowerShellVersion: '8.0'
+ retentionInterval: 'P1D'
+ arguments: '-KeyVaultName "${keyVault.name}" -CertName "asev3certificate" -CertSubjectName "CN=*.internal.contoso.com"'
+ scriptContent: loadTextContent('../../../../../.shared/.scripts/Set-CertificateInKeyVault.ps1')
+ }
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
+
+@description('The resource ID of the created Managed Identity.')
+output managedIdentityResourceId string = managedIdentity.id
+
+@description('The URL of the created certificate.')
+output certificateSecretUrl string = certDeploymentScript.properties.outputs.secretUrl
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev3/main.test.bicep b/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev3/main.test.bicep
new file mode 100644
index 0000000..52203b7
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev3/main.test.bicep
@@ -0,0 +1,119 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+
+@description('Optional. The name of the resource group to deploy for testing purposes.')
+@maxLength(90)
+param resourceGroupName string = 'dep-${namePrefix}-web.hostingenvironments-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to.')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
+param serviceShort string = 'whasev3'
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+@description('Optional. A token to inject into the name of each resource.')
+param namePrefix string = '[[namePrefix]]'
+
+// ============ //
+// Dependencies //
+// ============ //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+ name: resourceGroupName
+ location: location
+}
+
+module nestedDependencies 'dependencies.bicep' = {
+ scope: resourceGroup
+ name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+ params: {
+ networkSecurityGroupName: 'dep-${namePrefix}-nsg-${serviceShort}'
+ virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}'
+ managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
+ keyVaultName: 'dep-${namePrefix}-kv-${serviceShort}'
+ certDeploymentScriptName: 'dep-${namePrefix}-ds-${serviceShort}'
+ }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
+ scope: resourceGroup
+ name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+ params: {
+ storageAccountName: 'dep${namePrefix}diasa${serviceShort}01'
+ logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}'
+ eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}'
+ eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}'
+ location: location
+ }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../../main.bicep' = {
+ scope: resourceGroup
+ name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
+ params: {
+ enableDefaultTelemetry: enableDefaultTelemetry
+ name: '${namePrefix}${serviceShort}001'
+ location: resourceGroup.location
+ lock: {
+ kind: 'CanNotDelete'
+ name: 'myCustomLockName'
+ }
+ roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ principalId: nestedDependencies.outputs.managedIdentityPrincipalId
+ principalType: 'ServicePrincipal'
+ }
+ ]
+ tags: {
+ 'hidden-title': 'This is visible in the resource name'
+ resourceType: 'App Service Environment'
+ hostingEnvironmentName: '${namePrefix}${serviceShort}001'
+ }
+ subnetResourceId: nestedDependencies.outputs.subnetResourceId
+ internalLoadBalancingMode: 'Web, Publishing'
+ clusterSettings: [
+ {
+ name: 'DisableTls1.0'
+ value: '1'
+ }
+ ]
+ allowNewPrivateEndpointConnections: true
+ ftpEnabled: true
+ inboundIpAddressOverride: '10.0.0.10'
+ remoteDebugEnabled: true
+ upgradePreference: 'Late'
+ diagnosticSettings: [
+ {
+ name: 'customSetting'
+ eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+ eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+ storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId
+ workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+ }
+ ]
+ managedIdentities: {
+ systemAssigned: true
+ userAssignedResourcesIds: [
+ nestedDependencies.outputs.managedIdentityResourceId
+ ]
+ }
+ customDnsSuffix: 'internal.contoso.com'
+ customDnsSuffixCertificateUrl: nestedDependencies.outputs.certificateSecretUrl
+ customDnsSuffixKeyVaultReferenceIdentity: nestedDependencies.outputs.managedIdentityResourceId
+ }
+}
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/version.json b/bicep-examples/dependencies/modules/webApp/hosting-environment/version.json
new file mode 100644
index 0000000..96236a6
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/hosting-environment/version.json
@@ -0,0 +1,7 @@
+{
+ "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
+ "version": "0.4",
+ "pathFilters": [
+ "./main.json"
+ ]
+}
diff --git a/bicep-examples/dependencies/modules/webApp/serverfarm/README.md b/bicep-examples/dependencies/modules/webApp/serverfarm/README.md
new file mode 100644
index 0000000..0f95792
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/serverfarm/README.md
@@ -0,0 +1,639 @@
+# App Service Plans `[Microsoft.Web/serverfarms]`
+
+This module deploys an App Service Plan.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
+| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
+| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
+| `Microsoft.Web/serverfarms` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/serverfarms) |
+
+## Usage examples
+
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+
+>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+
+>**Note**: To reference the module, please use the following syntax `br:bicep/modules/web.serverfarm:1.0.0`.
+
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [WAF-aligned](#example-2-waf-aligned)
+
+### Example 1: _Using large parameter set_
+
+This instance deploys the module with most of its features enabled.
+
+
+via Bicep module
+
+```bicep
+module serverfarm 'br:bicep/modules/web.serverfarm:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-wsfmax'
+ params: {
+ // Required parameters
+ name: 'wsfmax001'
+ sku: {
+ capacity: '1'
+ family: 'S'
+ name: 'S1'
+ size: 'S1'
+ tier: 'Standard'
+ }
+ // Non-required parameters
+ diagnosticSettings: [
+ {
+ eventHubAuthorizationRuleResourceId: '
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "wsfmax001"
+ },
+ "sku": {
+ "value": {
+ "capacity": "1",
+ "family": "S",
+ "name": "S1",
+ "size": "S1",
+ "tier": "Standard"
+ }
+ },
+ // Non-required parameters
+ "diagnosticSettings": {
+ "value": [
+ {
+ "eventHubAuthorizationRuleResourceId": "
+
+### Example 2: _WAF-aligned_
+
+This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.
+
+
+via Bicep module
+
+```bicep
+module serverfarm 'br:bicep/modules/web.serverfarm:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-wsfwaf'
+ params: {
+ // Required parameters
+ name: 'wsfwaf001'
+ sku: {
+ capacity: '1'
+ family: 'S'
+ name: 'S1'
+ size: 'S1'
+ tier: 'Standard'
+ }
+ // Non-required parameters
+ diagnosticSettings: [
+ {
+ eventHubAuthorizationRuleResourceId: '
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "wsfwaf001"
+ },
+ "sku": {
+ "value": {
+ "capacity": "1",
+ "family": "S",
+ "name": "S1",
+ "size": "S1",
+ "tier": "Standard"
+ }
+ },
+ // Non-required parameters
+ "diagnosticSettings": {
+ "value": [
+ {
+ "eventHubAuthorizationRuleResourceId": "
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the app service plan to deploy. |
+| [`sku`](#parameter-sku) | object | Defines the name, tier, size, family and capacity of the App Service Plan. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`reserved`](#parameter-reserved) | bool | Defaults to false when creating Windows/app App Service Plan. Required if creating a Linux App Service Plan and must be set to true. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`appServiceEnvironmentId`](#parameter-appserviceenvironmentid) | string | The Resource ID of the App Service Environment to use for the App Service Plan. |
+| [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`kind`](#parameter-kind) | string | Kind of server OS. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | object | The lock settings of the service. |
+| [`maximumElasticWorkerCount`](#parameter-maximumelasticworkercount) | int | Maximum number of total workers allowed for this ElasticScaleEnabled App Service Plan. |
+| [`perSiteScaling`](#parameter-persitescaling) | bool | If true, apps assigned to this App Service plan can be scaled independently. If false, apps assigned to this App Service plan will scale to all instances of the plan. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`targetWorkerCount`](#parameter-targetworkercount) | int | Scaling worker count. |
+| [`targetWorkerSize`](#parameter-targetworkersize) | int | The instance size of the hosting plan (small, medium, or large). |
+| [`workerTierName`](#parameter-workertiername) | string | Target worker tier assigned to the App Service plan. |
+| [`zoneRedundant`](#parameter-zoneredundant) | bool | When true, this App Service Plan will perform availability zone balancing. |
+
+### Parameter: `appServiceEnvironmentId`
+
+The Resource ID of the App Service Environment to use for the App Service Plan.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticSettings`
+
+The diagnostic settings of the service.
+- Required: No
+- Type: array
+
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
+| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. |
+| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. |
+| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. |
+| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
+| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
+
+### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId`
+
+Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+
+- Required: No
+- Type: string
+
+### Parameter: `diagnosticSettings.eventHubName`
+
+Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
+
+- Required: No
+- Type: string
+
+### Parameter: `diagnosticSettings.logAnalyticsDestinationType`
+
+Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.
+
+- Required: No
+- Type: string
+- Allowed: `[AzureDiagnostics, Dedicated]`
+
+### Parameter: `diagnosticSettings.marketplacePartnerResourceId`
+
+Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.
+
+- Required: No
+- Type: string
+
+### Parameter: `diagnosticSettings.metricCategories`
+
+Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+
+- Required: No
+- Type: array
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. |
+
+### Parameter: `diagnosticSettings.metricCategories.category`
+
+Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics.
+
+- Required: Yes
+- Type: string
+
+
+### Parameter: `diagnosticSettings.name`
+
+Optional. The name of diagnostic setting.
+
+- Required: No
+- Type: string
+
+### Parameter: `diagnosticSettings.storageAccountResourceId`
+
+Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
+
+- Required: No
+- Type: string
+
+### Parameter: `diagnosticSettings.workspaceResourceId`
+
+Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
+
+- Required: No
+- Type: string
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `kind`
+
+Kind of server OS.
+- Required: No
+- Type: string
+- Default: `'Windows'`
+- Allowed:
+ ```Bicep
+ [
+ 'App'
+ 'Elastic'
+ 'FunctionApp'
+ 'Linux'
+ 'Windows'
+ ]
+ ```
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+The lock settings of the service.
+- Required: No
+- Type: object
+
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. |
+| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. |
+
+### Parameter: `lock.kind`
+
+Optional. Specify the type of lock.
+
+- Required: No
+- Type: string
+- Allowed: `[CanNotDelete, None, ReadOnly]`
+
+### Parameter: `lock.name`
+
+Optional. Specify the name of lock.
+
+- Required: No
+- Type: string
+
+### Parameter: `maximumElasticWorkerCount`
+
+Maximum number of total workers allowed for this ElasticScaleEnabled App Service Plan.
+- Required: No
+- Type: int
+- Default: `1`
+
+### Parameter: `name`
+
+The name of the app service plan to deploy.
+- Required: Yes
+- Type: string
+
+### Parameter: `perSiteScaling`
+
+If true, apps assigned to this App Service plan can be scaled independently. If false, apps assigned to this App Service plan will scale to all instances of the plan.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `reserved`
+
+Defaults to false when creating Windows/app App Service Plan. Required if creating a Linux App Service Plan and must be set to true.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+
+
+| Name | Required | Type | Description |
+| :-- | :-- | :--| :-- |
+| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
+| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. |
+| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. |
+| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. |
+| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. |
+| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. |
+| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. |
+
+### Parameter: `roleAssignments.condition`
+
+Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.conditionVersion`
+
+Optional. Version of the condition.
+
+- Required: No
+- Type: string
+- Allowed: `[2.0]`
+
+### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
+
+Optional. The Resource Id of the delegated managed identity resource.
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.description`
+
+Optional. The description of the role assignment.
+
+- Required: No
+- Type: string
+
+### Parameter: `roleAssignments.principalId`
+
+Required. The principal ID of the principal (user/group/identity) to assign the role to.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments.principalType`
+
+Optional. The principal type of the assigned principal ID.
+
+- Required: No
+- Type: string
+- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]`
+
+### Parameter: `roleAssignments.roleDefinitionIdOrName`
+
+Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `sku`
+
+Defines the name, tier, size, family and capacity of the App Service Plan.
+- Required: Yes
+- Type: object
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+
+### Parameter: `targetWorkerCount`
+
+Scaling worker count.
+- Required: No
+- Type: int
+- Default: `0`
+
+### Parameter: `targetWorkerSize`
+
+The instance size of the hosting plan (small, medium, or large).
+- Required: No
+- Type: int
+- Default: `0`
+- Allowed:
+ ```Bicep
+ [
+ 0
+ 1
+ 2
+ ]
+ ```
+
+### Parameter: `workerTierName`
+
+Target worker tier assigned to the App Service plan.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `zoneRedundant`
+
+When true, this App Service Plan will perform availability zone balancing.
+- Required: No
+- Type: bool
+- Default: `False`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the app service plan. |
+| `resourceGroupName` | string | The resource group the app service plan was deployed into. |
+| `resourceId` | string | The resource ID of the app service plan. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/bicep-examples/dependencies/modules/webApp/serverfarm/main.bicep b/bicep-examples/dependencies/modules/webApp/serverfarm/main.bicep
new file mode 100644
index 0000000..856f2cc
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/serverfarm/main.bicep
@@ -0,0 +1,238 @@
+metadata name = 'App Service Plans'
+metadata description = 'This module deploys an App Service Plan.'
+metadata owner = 'Azure/module-maintainers'
+
+// ================ //
+// Parameters //
+// ================ //
+@description('Required. The name of the app service plan to deploy.')
+@minLength(1)
+@maxLength(40)
+param name string
+
+@description('Required. Defines the name, tier, size, family and capacity of the App Service Plan.')
+param sku object
+
+@description('Optional. Location for all resources.')
+param location string = resourceGroup().location
+
+@description('Optional. Kind of server OS.')
+@allowed([
+ 'App'
+ 'Elastic'
+ 'FunctionApp'
+ 'Windows'
+ 'Linux'
+])
+param kind string = 'Windows'
+
+@description('Conditional. Defaults to false when creating Windows/app App Service Plan. Required if creating a Linux App Service Plan and must be set to true.')
+param reserved bool = false
+
+@description('Optional. The Resource ID of the App Service Environment to use for the App Service Plan.')
+param appServiceEnvironmentId string = ''
+
+@description('Optional. Target worker tier assigned to the App Service plan.')
+param workerTierName string = ''
+
+@description('Optional. If true, apps assigned to this App Service plan can be scaled independently. If false, apps assigned to this App Service plan will scale to all instances of the plan.')
+param perSiteScaling bool = false
+
+@description('Optional. Maximum number of total workers allowed for this ElasticScaleEnabled App Service Plan.')
+param maximumElasticWorkerCount int = 1
+
+@description('Optional. Scaling worker count.')
+param targetWorkerCount int = 0
+
+@description('Optional. The instance size of the hosting plan (small, medium, or large).')
+@allowed([
+ 0
+ 1
+ 2
+])
+param targetWorkerSize int = 0
+
+@description('Optional. The lock settings of the service.')
+param lock lockType
+
+@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.')
+param roleAssignments roleAssignmentType
+
+@description('Optional. Tags of the resource.')
+param tags object?
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+@description('Optional. The diagnostic settings of the service.')
+param diagnosticSettings diagnosticSettingType
+
+@description('Optional. When true, this App Service Plan will perform availability zone balancing.')
+param zoneRedundant bool = false
+
+// ============ //
+// Dependencies //
+// ============ //
+var builtInRoleNames = {
+ Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
+ Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
+ Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
+ 'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')
+ 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')
+ 'Web Plan Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b')
+ 'Website Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772')
+}
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+ name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
+ properties: {
+ mode: 'Incremental'
+ template: {
+ '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+ contentVersion: '1.0.0.0'
+ resources: []
+ }
+ }
+}
+
+resource appServicePlan 'Microsoft.Web/serverfarms@2022-09-01' = {
+ name: name
+ kind: kind
+ location: location
+ tags: tags
+ sku: sku
+ properties: {
+ workerTierName: workerTierName
+ hostingEnvironmentProfile: !empty(appServiceEnvironmentId) ? {
+ id: appServiceEnvironmentId
+ } : null
+ perSiteScaling: perSiteScaling
+ maximumElasticWorkerCount: maximumElasticWorkerCount
+ reserved: reserved
+ targetWorkerCount: targetWorkerCount
+ targetWorkerSizeId: targetWorkerSize
+ zoneRedundant: zoneRedundant
+ }
+}
+
+resource appServicePlan_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = [for (diagnosticSetting, index) in (diagnosticSettings ?? []): {
+ name: diagnosticSetting.?name ?? '${name}-diagnosticSettings'
+ properties: {
+ storageAccountId: diagnosticSetting.?storageAccountResourceId
+ workspaceId: diagnosticSetting.?workspaceResourceId
+ eventHubAuthorizationRuleId: diagnosticSetting.?eventHubAuthorizationRuleResourceId
+ eventHubName: diagnosticSetting.?eventHubName
+ metrics: diagnosticSetting.?metricCategories ?? [
+ {
+ category: 'AllMetrics'
+ timeGrain: null
+ enabled: true
+ }
+ ]
+ marketplacePartnerId: diagnosticSetting.?marketplacePartnerResourceId
+ logAnalyticsDestinationType: diagnosticSetting.?logAnalyticsDestinationType
+ }
+ scope: appServicePlan
+}]
+
+resource appServicePlan_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') {
+ name: lock.?name ?? 'lock-${name}'
+ properties: {
+ level: lock.?kind ?? ''
+ notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.'
+ }
+ scope: appServicePlan
+}
+
+resource appServicePlan_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (roleAssignment, index) in (roleAssignments ?? []): {
+ name: guid(appServicePlan.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName)
+ properties: {
+ roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] : roleAssignment.roleDefinitionIdOrName
+ principalId: roleAssignment.principalId
+ description: roleAssignment.?description
+ principalType: roleAssignment.?principalType
+ condition: roleAssignment.?condition
+ conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set
+ delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId
+ }
+ scope: appServicePlan
+}]
+
+// =========== //
+// Outputs //
+// =========== //
+@description('The resource group the app service plan was deployed into.')
+output resourceGroupName string = resourceGroup().name
+
+@description('The name of the app service plan.')
+output name string = appServicePlan.name
+
+@description('The resource ID of the app service plan.')
+output resourceId string = appServicePlan.id
+
+@description('The location the resource was deployed into.')
+output location string = appServicePlan.location
+
+// =============== //
+// Definitions //
+// =============== //
+
+type lockType = {
+ @description('Optional. Specify the name of lock.')
+ name: string?
+
+ @description('Optional. Specify the type of lock.')
+ kind: ('CanNotDelete' | 'ReadOnly' | 'None')?
+}?
+
+type roleAssignmentType = {
+ @description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.')
+ roleDefinitionIdOrName: string
+
+ @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.')
+ principalId: string
+
+ @description('Optional. The principal type of the assigned principal ID.')
+ principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device' | null)?
+
+ @description('Optional. The description of the role assignment.')
+ description: string?
+
+ @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"')
+ condition: string?
+
+ @description('Optional. Version of the condition.')
+ conditionVersion: '2.0'?
+
+ @description('Optional. The Resource Id of the delegated managed identity resource.')
+ delegatedManagedIdentityResourceId: string?
+}[]?
+
+type diagnosticSettingType = {
+ @description('Optional. The name of diagnostic setting.')
+ name: string?
+
+ @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to \'\' to disable log collection.')
+ metricCategories: {
+ @description('Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to \'AllMetrics\' to collect all metrics.')
+ category: string
+ }[]?
+
+ @description('Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.')
+ logAnalyticsDestinationType: ('Dedicated' | 'AzureDiagnostics' | null)?
+
+ @description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
+ workspaceResourceId: string?
+
+ @description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
+ storageAccountResourceId: string?
+
+ @description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.')
+ eventHubAuthorizationRuleResourceId: string?
+
+ @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
+ eventHubName: string?
+
+ @description('Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.')
+ marketplacePartnerResourceId: string?
+}[]?
diff --git a/bicep-examples/dependencies/modules/webApp/serverfarm/main.json b/bicep-examples/dependencies/modules/webApp/serverfarm/main.json
new file mode 100644
index 0000000..53eec7f
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/serverfarm/main.json
@@ -0,0 +1,452 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "languageVersion": "2.0",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.22.6.54827",
+ "templateHash": "14824797980620937555"
+ },
+ "name": "App Service Plans",
+ "description": "This module deploys an App Service Plan.",
+ "owner": "Azure/module-maintainers"
+ },
+ "definitions": {
+ "lockType": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Specify the name of lock."
+ }
+ },
+ "kind": {
+ "type": "string",
+ "allowedValues": [
+ "CanNotDelete",
+ "None",
+ "ReadOnly"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Specify the type of lock."
+ }
+ }
+ },
+ "nullable": true
+ },
+ "roleAssignmentType": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "roleDefinitionIdOrName": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead."
+ }
+ },
+ "principalId": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to."
+ }
+ },
+ "principalType": {
+ "type": "string",
+ "allowedValues": [
+ "Device",
+ "ForeignGroup",
+ "Group",
+ "ServicePrincipal",
+ "User"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The principal type of the assigned principal ID."
+ }
+ },
+ "description": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The description of the role assignment."
+ }
+ },
+ "condition": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
+ }
+ },
+ "conditionVersion": {
+ "type": "string",
+ "allowedValues": [
+ "2.0"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Version of the condition."
+ }
+ },
+ "delegatedManagedIdentityResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The Resource Id of the delegated managed identity resource."
+ }
+ }
+ }
+ },
+ "nullable": true
+ },
+ "diagnosticSettingType": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The name of diagnostic setting."
+ }
+ },
+ "metricCategories": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "category": {
+ "type": "string",
+ "metadata": {
+ "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics."
+ }
+ }
+ }
+ },
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection."
+ }
+ },
+ "logAnalyticsDestinationType": {
+ "type": "string",
+ "allowedValues": [
+ "AzureDiagnostics",
+ "Dedicated"
+ ],
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type."
+ }
+ },
+ "workspaceResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "storageAccountResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "eventHubAuthorizationRuleResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to."
+ }
+ },
+ "eventHubName": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
+ }
+ },
+ "marketplacePartnerResourceId": {
+ "type": "string",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs."
+ }
+ }
+ }
+ },
+ "nullable": true
+ }
+ },
+ "parameters": {
+ "name": {
+ "type": "string",
+ "minLength": 1,
+ "maxLength": 40,
+ "metadata": {
+ "description": "Required. The name of the app service plan to deploy."
+ }
+ },
+ "sku": {
+ "type": "object",
+ "metadata": {
+ "description": "Required. Defines the name, tier, size, family and capacity of the App Service Plan."
+ }
+ },
+ "location": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().location]",
+ "metadata": {
+ "description": "Optional. Location for all resources."
+ }
+ },
+ "kind": {
+ "type": "string",
+ "defaultValue": "Windows",
+ "allowedValues": [
+ "App",
+ "Elastic",
+ "FunctionApp",
+ "Windows",
+ "Linux"
+ ],
+ "metadata": {
+ "description": "Optional. Kind of server OS."
+ }
+ },
+ "reserved": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Conditional. Defaults to false when creating Windows/app App Service Plan. Required if creating a Linux App Service Plan and must be set to true."
+ }
+ },
+ "appServiceEnvironmentId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. The Resource ID of the App Service Environment to use for the App Service Plan."
+ }
+ },
+ "workerTierName": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Optional. Target worker tier assigned to the App Service plan."
+ }
+ },
+ "perSiteScaling": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. If true, apps assigned to this App Service plan can be scaled independently. If false, apps assigned to this App Service plan will scale to all instances of the plan."
+ }
+ },
+ "maximumElasticWorkerCount": {
+ "type": "int",
+ "defaultValue": 1,
+ "metadata": {
+ "description": "Optional. Maximum number of total workers allowed for this ElasticScaleEnabled App Service Plan."
+ }
+ },
+ "targetWorkerCount": {
+ "type": "int",
+ "defaultValue": 0,
+ "metadata": {
+ "description": "Optional. Scaling worker count."
+ }
+ },
+ "targetWorkerSize": {
+ "type": "int",
+ "defaultValue": 0,
+ "allowedValues": [
+ 0,
+ 1,
+ 2
+ ],
+ "metadata": {
+ "description": "Optional. The instance size of the hosting plan (small, medium, or large)."
+ }
+ },
+ "lock": {
+ "$ref": "#/definitions/lockType",
+ "metadata": {
+ "description": "Optional. The lock settings of the service."
+ }
+ },
+ "roleAssignments": {
+ "$ref": "#/definitions/roleAssignmentType",
+ "metadata": {
+ "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
+ }
+ },
+ "tags": {
+ "type": "object",
+ "nullable": true,
+ "metadata": {
+ "description": "Optional. Tags of the resource."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ },
+ "diagnosticSettings": {
+ "$ref": "#/definitions/diagnosticSettingType",
+ "metadata": {
+ "description": "Optional. The diagnostic settings of the service."
+ }
+ },
+ "zoneRedundant": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Optional. When true, this App Service Plan will perform availability zone balancing."
+ }
+ }
+ },
+ "variables": {
+ "builtInRoleNames": {
+ "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
+ "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
+ "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
+ "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]",
+ "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]",
+ "Web Plan Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b')]",
+ "Website Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772')]"
+ }
+ },
+ "resources": {
+ "defaultTelemetry": {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ "appServicePlan": {
+ "type": "Microsoft.Web/serverfarms",
+ "apiVersion": "2022-09-01",
+ "name": "[parameters('name')]",
+ "kind": "[parameters('kind')]",
+ "location": "[parameters('location')]",
+ "tags": "[parameters('tags')]",
+ "sku": "[parameters('sku')]",
+ "properties": {
+ "workerTierName": "[parameters('workerTierName')]",
+ "hostingEnvironmentProfile": "[if(not(empty(parameters('appServiceEnvironmentId'))), createObject('id', parameters('appServiceEnvironmentId')), null())]",
+ "perSiteScaling": "[parameters('perSiteScaling')]",
+ "maximumElasticWorkerCount": "[parameters('maximumElasticWorkerCount')]",
+ "reserved": "[parameters('reserved')]",
+ "targetWorkerCount": "[parameters('targetWorkerCount')]",
+ "targetWorkerSizeId": "[parameters('targetWorkerSize')]",
+ "zoneRedundant": "[parameters('zoneRedundant')]"
+ }
+ },
+ "appServicePlan_diagnosticSettings": {
+ "copy": {
+ "name": "appServicePlan_diagnosticSettings",
+ "count": "[length(coalesce(parameters('diagnosticSettings'), createArray()))]"
+ },
+ "type": "Microsoft.Insights/diagnosticSettings",
+ "apiVersion": "2021-05-01-preview",
+ "scope": "[format('Microsoft.Web/serverfarms/{0}', parameters('name'))]",
+ "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]",
+ "properties": {
+ "storageAccountId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'storageAccountResourceId')]",
+ "workspaceId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'workspaceResourceId')]",
+ "eventHubAuthorizationRuleId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubAuthorizationRuleResourceId')]",
+ "eventHubName": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubName')]",
+ "metrics": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics', 'timeGrain', null(), 'enabled', true())))]",
+ "marketplacePartnerId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'marketplacePartnerResourceId')]",
+ "logAnalyticsDestinationType": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logAnalyticsDestinationType')]"
+ },
+ "dependsOn": [
+ "appServicePlan"
+ ]
+ },
+ "appServicePlan_lock": {
+ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
+ "type": "Microsoft.Authorization/locks",
+ "apiVersion": "2020-05-01",
+ "scope": "[format('Microsoft.Web/serverfarms/{0}', parameters('name'))]",
+ "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]",
+ "properties": {
+ "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]",
+ "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]"
+ },
+ "dependsOn": [
+ "appServicePlan"
+ ]
+ },
+ "appServicePlan_roleAssignments": {
+ "copy": {
+ "name": "appServicePlan_roleAssignments",
+ "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]"
+ },
+ "type": "Microsoft.Authorization/roleAssignments",
+ "apiVersion": "2022-04-01",
+ "scope": "[format('Microsoft.Web/serverfarms/{0}', parameters('name'))]",
+ "name": "[guid(resourceId('Microsoft.Web/serverfarms', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
+ "properties": {
+ "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
+ "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]",
+ "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]",
+ "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]",
+ "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]",
+ "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]",
+ "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]"
+ },
+ "dependsOn": [
+ "appServicePlan"
+ ]
+ }
+ },
+ "outputs": {
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource group the app service plan was deployed into."
+ },
+ "value": "[resourceGroup().name]"
+ },
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the app service plan."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the app service plan."
+ },
+ "value": "[resourceId('Microsoft.Web/serverfarms', parameters('name'))]"
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "The location the resource was deployed into."
+ },
+ "value": "[reference('appServicePlan', '2022-09-01', 'full').location]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/max/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/max/dependencies.bicep
new file mode 100644
index 0000000..a7f42ae
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/max/dependencies.bicep
@@ -0,0 +1,13 @@
+@description('Optional. The location to deploy to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+ name: managedIdentityName
+ location: location
+}
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/max/main.test.bicep b/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/max/main.test.bicep
new file mode 100644
index 0000000..ab5b234
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/max/main.test.bicep
@@ -0,0 +1,107 @@
+targetScope = 'subscription'
+
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
+// ========== //
+// Parameters //
+// ========== //
+
+@description('Optional. The name of the resource group to deploy for testing purposes.')
+@maxLength(90)
+param resourceGroupName string = 'dep-${namePrefix}-web.serverfarms-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to.')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
+param serviceShort string = 'wsfmax'
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+@description('Optional. A token to inject into the name of each resource.')
+param namePrefix string = '[[namePrefix]]'
+
+// ============ //
+// Dependencies //
+// ============ //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+ name: resourceGroupName
+ location: location
+}
+
+module nestedDependencies 'dependencies.bicep' = {
+ scope: resourceGroup
+ name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+ params: {
+ managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
+ }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
+ scope: resourceGroup
+ name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+ params: {
+ storageAccountName: 'dep${namePrefix}diasa${serviceShort}01'
+ logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}'
+ eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}'
+ eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}'
+ location: location
+ }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../../main.bicep' = {
+ scope: resourceGroup
+ name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
+ params: {
+ enableDefaultTelemetry: enableDefaultTelemetry
+ name: '${namePrefix}${serviceShort}001'
+ sku: {
+ capacity: '1'
+ family: 'S'
+ name: 'S1'
+ size: 'S1'
+ tier: 'Standard'
+ }
+ diagnosticSettings: [
+ {
+ name: 'customSetting'
+ metricCategories: [
+ {
+ category: 'AllMetrics'
+ }
+ ]
+ eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+ eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+ storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId
+ workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+ }
+ ]
+ lock: {
+ kind: 'CanNotDelete'
+ name: 'myCustomLockName'
+ }
+ roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ principalId: nestedDependencies.outputs.managedIdentityPrincipalId
+ principalType: 'ServicePrincipal'
+ }
+ ]
+ tags: {
+ 'hidden-title': 'This is visible in the resource name'
+ Environment: 'Non-Prod'
+ Role: 'DeploymentValidation'
+ }
+ }
+}
diff --git a/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/waf-aligned/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/waf-aligned/dependencies.bicep
new file mode 100644
index 0000000..a7f42ae
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/waf-aligned/dependencies.bicep
@@ -0,0 +1,13 @@
+@description('Optional. The location to deploy to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+ name: managedIdentityName
+ location: location
+}
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/waf-aligned/main.test.bicep b/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/waf-aligned/main.test.bicep
new file mode 100644
index 0000000..b6be6a4
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/waf-aligned/main.test.bicep
@@ -0,0 +1,107 @@
+targetScope = 'subscription'
+
+metadata name = 'WAF-aligned'
+metadata description = 'This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.'
+
+// ========== //
+// Parameters //
+// ========== //
+
+@description('Optional. The name of the resource group to deploy for testing purposes.')
+@maxLength(90)
+param resourceGroupName string = 'dep-${namePrefix}-web.serverfarms-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to.')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
+param serviceShort string = 'wsfwaf'
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+@description('Optional. A token to inject into the name of each resource.')
+param namePrefix string = '[[namePrefix]]'
+
+// ============ //
+// Dependencies //
+// ============ //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+ name: resourceGroupName
+ location: location
+}
+
+module nestedDependencies 'dependencies.bicep' = {
+ scope: resourceGroup
+ name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+ params: {
+ managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
+ }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
+ scope: resourceGroup
+ name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+ params: {
+ storageAccountName: 'dep${namePrefix}diasa${serviceShort}01'
+ logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}'
+ eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}'
+ eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}'
+ location: location
+ }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../../main.bicep' = {
+ scope: resourceGroup
+ name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
+ params: {
+ enableDefaultTelemetry: enableDefaultTelemetry
+ name: '${namePrefix}${serviceShort}001'
+ sku: {
+ capacity: '1'
+ family: 'S'
+ name: 'S1'
+ size: 'S1'
+ tier: 'Standard'
+ }
+ diagnosticSettings: [
+ {
+ name: 'customSetting'
+ metricCategories: [
+ {
+ category: 'AllMetrics'
+ }
+ ]
+ eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+ eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+ storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId
+ workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+ }
+ ]
+ lock: {
+ kind: 'CanNotDelete'
+ name: 'myCustomLockName'
+ }
+ roleAssignments: [
+ {
+ roleDefinitionIdOrName: 'Reader'
+ principalId: nestedDependencies.outputs.managedIdentityPrincipalId
+ principalType: 'ServicePrincipal'
+ }
+ ]
+ tags: {
+ 'hidden-title': 'This is visible in the resource name'
+ Environment: 'Non-Prod'
+ Role: 'DeploymentValidation'
+ }
+ }
+}
diff --git a/bicep-examples/dependencies/modules/webApp/serverfarm/version.json b/bicep-examples/dependencies/modules/webApp/serverfarm/version.json
new file mode 100644
index 0000000..96236a6
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/serverfarm/version.json
@@ -0,0 +1,7 @@
+{
+ "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
+ "version": "0.4",
+ "pathFilters": [
+ "./main.json"
+ ]
+}
diff --git a/bicep-examples/dependencies/modules/webApp/site/README.md b/bicep-examples/dependencies/modules/webApp/site/README.md
new file mode 100644
index 0000000..2018620
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/site/README.md
@@ -0,0 +1,1663 @@
+# Web/Function Apps `[Microsoft.Web/sites]`
+
+This module deploys a Web or Function App.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
+- [Notes](#Notes)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
+| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
+| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
+| `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) |
+| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) |
+| `Microsoft.Web/sites` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites) |
+| `Microsoft.Web/sites/basicPublishingCredentialsPolicies` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) |
+| `Microsoft.Web/sites/config` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) |
+| `Microsoft.Web/sites/hybridConnectionNamespaces/relays` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites/hybridConnectionNamespaces/relays) |
+| `Microsoft.Web/sites/slots` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites/slots) |
+| `Microsoft.Web/sites/slots/config` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) |
+| `Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites/slots/hybridConnectionNamespaces/relays) |
+
+## Usage examples
+
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+
+>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+
+>**Note**: To reference the module, please use the following syntax `br:bicep/modules/web.site:1.0.0`.
+
+- [Functionappcommon](#example-1-functionappcommon)
+- [Functionappmin](#example-2-functionappmin)
+- [Webappcommon](#example-3-webappcommon)
+- [Webappmin](#example-4-webappmin)
+
+### Example 1: _Functionappcommon_
+
+via Bicep module
+
+```bicep
+module site 'br:bicep/modules/web.site:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-wsfacom'
+ params: {
+ // Required parameters
+ kind: 'functionapp'
+ name: 'wsfacom001'
+ serverFarmResourceId: '
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "kind": {
+ "value": "functionapp"
+ },
+ "name": {
+ "value": "wsfacom001"
+ },
+ "serverFarmResourceId": {
+ "value": "
+
+### Example 2: _Functionappmin_
+
+via Bicep module
+
+```bicep
+module site 'br:bicep/modules/web.site:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-wsfamin'
+ params: {
+ // Required parameters
+ kind: 'functionapp'
+ name: 'wsfamin001'
+ serverFarmResourceId: '
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "kind": {
+ "value": "functionapp"
+ },
+ "name": {
+ "value": "wsfamin001"
+ },
+ "serverFarmResourceId": {
+ "value": "
+
+### Example 3: _Webappcommon_
+
+via Bicep module
+
+```bicep
+module site 'br:bicep/modules/web.site:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-wswa'
+ params: {
+ // Required parameters
+ kind: 'app'
+ name: 'wswa001'
+ serverFarmResourceId: '
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "kind": {
+ "value": "app"
+ },
+ "name": {
+ "value": "wswa001"
+ },
+ "serverFarmResourceId": {
+ "value": "
+
+### Example 4: _Webappmin_
+
+via Bicep module
+
+```bicep
+module site 'br:bicep/modules/web.site:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-wswamin'
+ params: {
+ // Required parameters
+ kind: 'app'
+ name: 'wswamin001'
+ serverFarmResourceId: '
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "kind": {
+ "value": "app"
+ },
+ "name": {
+ "value": "wswamin001"
+ },
+ "serverFarmResourceId": {
+ "value": "
+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-kind) | string | Type of site to deploy. | +| [`name`](#parameter-name) | string | Name of the site. | +| [`serverFarmResourceId`](#parameter-serverfarmresourceid) | string | The resource ID of the app service plan to use for the site. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`appInsightResourceId`](#parameter-appinsightresourceid) | string | Resource ID of the app insight to leverage for this resource. | +| [`appServiceEnvironmentResourceId`](#parameter-appserviceenvironmentresourceid) | string | The resource ID of the app service environment to use for this resource. | +| [`appSettingsKeyValuePairs`](#parameter-appsettingskeyvaluepairs) | object | The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. | +| [`authSettingV2Configuration`](#parameter-authsettingv2configuration) | object | The auth settings V2 configuration. | +| [`basicPublishingCredentialsPolicies`](#parameter-basicpublishingcredentialspolicies) | array | The site publishing credential policy names which are associated with the sites. | +| [`clientAffinityEnabled`](#parameter-clientaffinityenabled) | bool | If client affinity is enabled. | +| [`clientCertEnabled`](#parameter-clientcertenabled) | bool | To enable client certificate authentication (TLS mutual authentication). | +| [`clientCertExclusionPaths`](#parameter-clientcertexclusionpaths) | string | Client certificate authentication comma-separated exclusion paths. | +| [`clientCertMode`](#parameter-clientcertmode) | string | This composes with ClientCertEnabled setting.
- ClientCertEnabled: false means ClientCert is ignored.- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted. | +| [`cloningInfo`](#parameter-cloninginfo) | object | If specified during app creation, the app is cloned from a source app. | +| [`containerSize`](#parameter-containersize) | int | Size of the function container. | +| [`customDomainVerificationId`](#parameter-customdomainverificationid) | string | Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification. | +| [`dailyMemoryTimeQuota`](#parameter-dailymemorytimequota) | int | Maximum allowed daily memory-time quota (applicable on dynamic apps only). | +| [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. | +| [`enabled`](#parameter-enabled) | bool | Setting this value to false disables the app (takes the app offline). | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`hostNameSslStates`](#parameter-hostnamesslstates) | array | Hostname SSL states are used to manage the SSL bindings for app's hostnames. | +| [`httpsOnly`](#parameter-httpsonly) | bool | Configures a site to accept only HTTPS requests. Issues redirect for HTTP requests. | +| [`hybridConnectionRelays`](#parameter-hybridconnectionrelays) | array | Names of hybrid connection relays to connect app with. | +| [`hyperV`](#parameter-hyperv) | bool | Hyper-V sandbox. | +| [`keyVaultAccessIdentityResourceId`](#parameter-keyvaultaccessidentityresourceid) | string | The resource ID of the assigned identity to be used to access a key vault with. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | +| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`redundancyMode`](#parameter-redundancymode) | string | Site redundancy mode. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`scmSiteAlsoStopped`](#parameter-scmsitealsostopped) | bool | Stop SCM (KUDU) site when the app is stopped. | +| [`setAzureWebJobsDashboard`](#parameter-setazurewebjobsdashboard) | bool | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. | +| [`siteConfig`](#parameter-siteconfig) | object | The site config object. | +| [`slots`](#parameter-slots) | array | Configuration for deployment slots for an app. | +| [`storageAccountRequired`](#parameter-storageaccountrequired) | bool | Checks if Customer provided storage account is required. | +| [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`virtualNetworkSubnetId`](#parameter-virtualnetworksubnetid) | string | Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}. | +| [`vnetContentShareEnabled`](#parameter-vnetcontentshareenabled) | bool | To enable accessing content over virtual network. | +| [`vnetImagePullEnabled`](#parameter-vnetimagepullenabled) | bool | To enable pulling image over Virtual Network. | +| [`vnetRouteAllEnabled`](#parameter-vnetrouteallenabled) | bool | Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. | + +### Parameter: `appInsightResourceId` + +Resource ID of the app insight to leverage for this resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `appServiceEnvironmentResourceId` + +The resource ID of the app service environment to use for this resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `appSettingsKeyValuePairs` + +The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `authSettingV2Configuration` + +The auth settings V2 configuration. +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `basicPublishingCredentialsPolicies` + +The site publishing credential policy names which are associated with the sites. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `clientAffinityEnabled` + +If client affinity is enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `clientCertEnabled` + +To enable client certificate authentication (TLS mutual authentication). +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `clientCertExclusionPaths` + +Client certificate authentication comma-separated exclusion paths. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `clientCertMode` + +This composes with ClientCertEnabled setting.- ClientCertEnabled: false means ClientCert is ignored.- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted. +- Required: No +- Type: string +- Default: `'Optional'` +- Allowed: + ```Bicep + [ + 'Optional' + 'OptionalInteractiveUser' + 'Required' + ] + ``` + +### Parameter: `cloningInfo` + +If specified during app creation, the app is cloned from a source app. +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `containerSize` + +Size of the function container. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `customDomainVerificationId` + +Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dailyMemoryTimeQuota` + +Maximum allowed daily memory-time quota (applicable on dynamic apps only). +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `diagnosticSettings` + +The diagnostic settings of the service. +- Required: No +- Type: array + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | + +### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` + +Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.eventHubName` + +Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.logAnalyticsDestinationType` + +Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. + +- Required: No +- Type: string +- Allowed: `[AzureDiagnostics, Dedicated]` + +### Parameter: `diagnosticSettings.logCategoriesAndGroups` + +Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. + +- Required: No +- Type: array + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | +| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | + +### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` + +Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` + +Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. + +- Required: No +- Type: string + + +### Parameter: `diagnosticSettings.marketplacePartnerResourceId` + +Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.metricCategories` + +Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. + +- Required: No +- Type: array + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | + +### Parameter: `diagnosticSettings.metricCategories.category` + +Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. + +- Required: Yes +- Type: string + + +### Parameter: `diagnosticSettings.name` + +Optional. The name of diagnostic setting. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.storageAccountResourceId` + +Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.workspaceResourceId` + +Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. + +- Required: No +- Type: string + +### Parameter: `enabled` + +Setting this value to false disables the app (takes the app offline). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hostNameSslStates` + +Hostname SSL states are used to manage the SSL bindings for app's hostnames. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `httpsOnly` + +Configures a site to accept only HTTPS requests. Issues redirect for HTTP requests. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hybridConnectionRelays` + +Names of hybrid connection relays to connect app with. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `hyperV` + +Hyper-V sandbox. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `keyVaultAccessIdentityResourceId` + +The resource ID of the assigned identity to be used to access a key vault with. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `kind` + +Type of site to deploy. +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'app' + 'functionapp' + 'functionapplinux' + 'functionappworkflowapp' + 'functionappworkflowapplinux' + ] + ``` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + +- Required: No +- Type: string + +### Parameter: `managedIdentities` + +The managed identity definition for this resource. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | +| [`userAssignedResourcesIds`](#parameter-managedidentitiesuserassignedresourcesids) | No | array | Optional. The resource ID(s) to assign to the resource. | + +### Parameter: `managedIdentities.systemAssigned` + +Optional. Enables system assigned managed identity on the resource. + +- Required: No +- Type: bool + +### Parameter: `managedIdentities.userAssignedResourcesIds` + +Optional. The resource ID(s) to assign to the resource. + +- Required: No +- Type: array + +### Parameter: `name` + +Name of the site. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | +| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | + +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` + +Optional. Application security groups in which the private endpoint IP configuration is included. + +- Required: No +- Type: array + +### Parameter: `privateEndpoints.customDnsConfigs` + +Optional. Custom DNS configurations. + +- Required: No +- Type: array + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | + +### Parameter: `privateEndpoints.customDnsConfigs.fqdn` + +Required. Fqdn that resolves to private endpoint ip address. + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` + +Required. A list of private ip addresses of the private endpoint. + +- Required: Yes +- Type: array + + +### Parameter: `privateEndpoints.customNetworkInterfaceName` + +Optional. The custom name of the network interface attached to the private endpoint. + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.enableTelemetry` + +Optional. Enable/Disable usage telemetry for module. + +- Required: No +- Type: bool + +### Parameter: `privateEndpoints.ipConfigurations` + +Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. + +- Required: No +- Type: array + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | +| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | + +### Parameter: `privateEndpoints.ipConfigurations.name` + +Required. The name of the resource that is unique within a resource group. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.ipConfigurations.properties` + +Required. Properties of private endpoint IP configurations. + +- Required: Yes +- Type: object + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | +| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | + +### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` + +Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` + +Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` + +Required. A private ip address obtained from the private endpoint's subnet. + +- Required: Yes +- Type: string + + + +### Parameter: `privateEndpoints.location` + +Optional. The location to deploy the private endpoint to. + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.lock` + +Optional. Specify the type of lock. + +- Required: No +- Type: object + +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` + +Optional. Manual PrivateLink Service Connections. + +- Required: No +- Type: array + +### Parameter: `privateEndpoints.name` + +Optional. The name of the private endpoint. + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` + +Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. + +- Required: No +- Type: array + +### Parameter: `privateEndpoints.roleAssignments` + +Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: No +- Type: array + +### Parameter: `privateEndpoints.service` + +Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.subnetResourceId` + +Required. Resource ID of the subnet where the endpoint needs to be created. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.tags` + +Optional. Tags to be applied on all resources/resource groups in this deployment. + +- Required: No +- Type: object + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: + ```Bicep + [ + '' + 'Disabled' + 'Enabled' + ] + ``` + +### Parameter: `redundancyMode` + +Site redundancy mode. +- Required: No +- Type: string +- Default: `'None'` +- Allowed: + ```Bicep + [ + 'ActiveActive' + 'Failover' + 'GeoRedundant' + 'Manual' + 'None' + ] + ``` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | +| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | + +### Parameter: `roleAssignments.condition` + +Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" + +- Required: No +- Type: string + +### Parameter: `roleAssignments.conditionVersion` + +Optional. Version of the condition. + +- Required: No +- Type: string +- Allowed: `[2.0]` + +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` + +Optional. The Resource Id of the delegated managed identity resource. + +- Required: No +- Type: string + +### Parameter: `roleAssignments.description` + +Optional. The description of the role assignment. + +- Required: No +- Type: string + +### Parameter: `roleAssignments.principalId` + +Required. The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `roleAssignments.principalType` + +Optional. The principal type of the assigned principal ID. + +- Required: No +- Type: string +- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` + +### Parameter: `roleAssignments.roleDefinitionIdOrName` + +Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. + +- Required: Yes +- Type: string + +### Parameter: `scmSiteAlsoStopped` + +Stop SCM (KUDU) site when the app is stopped. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `serverFarmResourceId` + +The resource ID of the app service plan to use for the site. +- Required: Yes +- Type: string + +### Parameter: `setAzureWebJobsDashboard` + +For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. +- Required: No +- Type: bool +- Default: `[if(contains(parameters('kind'), 'functionapp'), true(), false())]` + +### Parameter: `siteConfig` + +The site config object. +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `slots` + +Configuration for deployment slots for an app. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `storageAccountRequired` + +Checks if Customer provided storage account is required. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `storageAccountResourceId` + +Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object + +### Parameter: `virtualNetworkSubnetId` + +Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `vnetContentShareEnabled` + +To enable accessing content over virtual network. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `vnetImagePullEnabled` + +To enable pulling image over Virtual Network. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `vnetRouteAllEnabled` + +Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `defaultHostname` | string | Default hostname of the app. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the site. | +| `resourceGroupName` | string | The resource group the site was deployed into. | +| `resourceId` | string | The resource ID of the site. | +| `slotResourceIds` | array | The list of the slot resource ids. | +| `slots` | array | The list of the slots. | +| `slotSystemAssignedPrincipalIds` | array | The principal ID of the system assigned identity of slots. | +| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | + +## Notes + +### Parameter Usage: `appSettingsKeyValuePairs` + +AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING are set separately (check parameters storageAccountId, setAzureWebJobsDashboard, appInsightId). +For all other app settings key-value pairs use this object. + +
diff --git a/bicep-examples/dependencies/modules/webApp/site/basic-publishing-credentials-policy/README.md b/bicep-examples/dependencies/modules/webApp/site/basic-publishing-credentials-policy/README.md
new file mode 100644
index 0000000..59fe521
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/site/basic-publishing-credentials-policy/README.md
@@ -0,0 +1,84 @@
+# Web Site Basic Publishing Credentials Policies `[Microsoft.Web/sites/basicPublishingCredentialsPolicies]`
+
+This module deploys a Web Site Basic Publishing Credentials Policy.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.Web/sites/basicPublishingCredentialsPolicies` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) |
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the resource. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`webAppName`](#parameter-webappname) | string | The name of the parent web site. Required if the template is used in a standalone deployment. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location for all Resources. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location for all Resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `name`
+
+The name of the resource.
+- Required: Yes
+- Type: string
+- Allowed:
+ ```Bicep
+ [
+ 'ftp'
+ 'scm'
+ ]
+ ```
+
+### Parameter: `webAppName`
+
+The name of the parent web site. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the basic publishing credential policy. |
+| `resourceGroupName` | string | The name of the resource group the basic publishing credential policy was deployed into. |
+| `resourceId` | string | The resource ID of the basic publishing credential policy. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/bicep-examples/dependencies/modules/webApp/site/basic-publishing-credentials-policy/main.bicep b/bicep-examples/dependencies/modules/webApp/site/basic-publishing-credentials-policy/main.bicep
new file mode 100644
index 0000000..c30cc79
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/site/basic-publishing-credentials-policy/main.bicep
@@ -0,0 +1,56 @@
+metadata name = 'Web Site Basic Publishing Credentials Policies'
+metadata description = 'This module deploys a Web Site Basic Publishing Credentials Policy.'
+metadata owner = 'Azure/module-maintainers'
+
+@sys.description('Required. The name of the resource.')
+@allowed([
+ 'scm'
+ 'ftp'
+])
+param name string
+
+@sys.description('Conditional. The name of the parent web site. Required if the template is used in a standalone deployment.')
+param webAppName string
+
+@description('Optional. Location for all Resources.')
+param location string = resourceGroup().location
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+ name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
+ properties: {
+ mode: 'Incremental'
+ template: {
+ '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+ contentVersion: '1.0.0.0'
+ resources: []
+ }
+ }
+}
+
+resource webApp 'Microsoft.Web/sites@2022-09-01' existing = {
+ name: webAppName
+}
+
+resource basicPublishingCredentialsPolicy 'Microsoft.Web/sites/basicPublishingCredentialsPolicies@2022-09-01' = {
+ name: name
+ location: location
+ parent: webApp
+ properties: {
+ allow: true
+ }
+}
+
+@sys.description('The name of the basic publishing credential policy.')
+output name string = basicPublishingCredentialsPolicy.name
+
+@sys.description('The resource ID of the basic publishing credential policy.')
+output resourceId string = basicPublishingCredentialsPolicy.id
+
+@sys.description('The name of the resource group the basic publishing credential policy was deployed into.')
+output resourceGroupName string = resourceGroup().name
+
+@sys.description('The location the resource was deployed into.')
+output location string = basicPublishingCredentialsPolicy.location
diff --git a/bicep-examples/dependencies/modules/webApp/site/basic-publishing-credentials-policy/main.json b/bicep-examples/dependencies/modules/webApp/site/basic-publishing-credentials-policy/main.json
new file mode 100644
index 0000000..fb7d1f7
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/site/basic-publishing-credentials-policy/main.json
@@ -0,0 +1,101 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "metadata": {
+ "_generator": {
+ "name": "bicep",
+ "version": "0.22.6.54827",
+ "templateHash": "5305729672150633375"
+ },
+ "name": "Web Site Basic Publishing Credentials Policies",
+ "description": "This module deploys a Web Site Basic Publishing Credentials Policy.",
+ "owner": "Azure/module-maintainers"
+ },
+ "parameters": {
+ "name": {
+ "type": "string",
+ "allowedValues": [
+ "scm",
+ "ftp"
+ ],
+ "metadata": {
+ "description": "Required. The name of the resource."
+ }
+ },
+ "webAppName": {
+ "type": "string",
+ "metadata": {
+ "description": "Conditional. The name of the parent web site. Required if the template is used in a standalone deployment."
+ }
+ },
+ "location": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().location]",
+ "metadata": {
+ "description": "Optional. Location for all Resources."
+ }
+ },
+ "enableDefaultTelemetry": {
+ "type": "bool",
+ "defaultValue": true,
+ "metadata": {
+ "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
+ }
+ }
+ },
+ "resources": [
+ {
+ "condition": "[parameters('enableDefaultTelemetry')]",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Web/sites/basicPublishingCredentialsPolicies",
+ "apiVersion": "2022-09-01",
+ "name": "[format('{0}/{1}', parameters('webAppName'), parameters('name'))]",
+ "location": "[parameters('location')]",
+ "properties": {
+ "allow": true
+ }
+ }
+ ],
+ "outputs": {
+ "name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the basic publishing credential policy."
+ },
+ "value": "[parameters('name')]"
+ },
+ "resourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource ID of the basic publishing credential policy."
+ },
+ "value": "[resourceId('Microsoft.Web/sites/basicPublishingCredentialsPolicies', parameters('webAppName'), parameters('name'))]"
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the resource group the basic publishing credential policy was deployed into."
+ },
+ "value": "[resourceGroup().name]"
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "The location the resource was deployed into."
+ },
+ "value": "[reference(resourceId('Microsoft.Web/sites/basicPublishingCredentialsPolicies', parameters('webAppName'), parameters('name')), '2022-09-01', 'full').location]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/bicep-examples/dependencies/modules/webApp/site/basic-publishing-credentials-policy/version.json b/bicep-examples/dependencies/modules/webApp/site/basic-publishing-credentials-policy/version.json
new file mode 100644
index 0000000..96236a6
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/site/basic-publishing-credentials-policy/version.json
@@ -0,0 +1,7 @@
+{
+ "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
+ "version": "0.4",
+ "pathFilters": [
+ "./main.json"
+ ]
+}
diff --git a/bicep-examples/dependencies/modules/webApp/site/config--appsettings/README.md b/bicep-examples/dependencies/modules/webApp/site/config--appsettings/README.md
new file mode 100644
index 0000000..3b93bb0
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/site/config--appsettings/README.md
@@ -0,0 +1,159 @@
+# Site App Settings `[Microsoft.Web/sites/config]`
+
+This module deploys a Site App Setting.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
+- [Notes](#Notes)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.Web/sites/config` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) |
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`kind`](#parameter-kind) | string | Type of site to deploy. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`appName`](#parameter-appname) | string | The name of the parent site resource. Required if the template is used in a standalone deployment. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`appInsightResourceId`](#parameter-appinsightresourceid) | string | Resource ID of the app insight to leverage for this resource. |
+| [`appSettingsKeyValuePairs`](#parameter-appsettingskeyvaluepairs) | object | The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`setAzureWebJobsDashboard`](#parameter-setazurewebjobsdashboard) | bool | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. |
+| [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. |
+
+### Parameter: `appInsightResourceId`
+
+Resource ID of the app insight to leverage for this resource.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `appName`
+
+The name of the parent site resource. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `appSettingsKeyValuePairs`
+
+The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING.
+- Required: No
+- Type: object
+- Default: `{}`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `kind`
+
+Type of site to deploy.
+- Required: Yes
+- Type: string
+- Allowed:
+ ```Bicep
+ [
+ 'app'
+ 'functionapp'
+ 'functionapplinux'
+ 'functionappworkflowapp'
+ 'functionappworkflowapplinux'
+ ]
+ ```
+
+### Parameter: `setAzureWebJobsDashboard`
+
+For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons.
+- Required: No
+- Type: bool
+- Default: `[if(contains(parameters('kind'), 'functionapp'), true(), false())]`
+
+### Parameter: `storageAccountResourceId`
+
+Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions.
+- Required: No
+- Type: string
+- Default: `''`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the site config. |
+| `resourceGroupName` | string | The resource group the site config was deployed into. |
+| `resourceId` | string | The resource ID of the site config. |
+
+## Cross-referenced modules
+
+_None_
+
+## Notes
+
+### Parameter Usage: `appSettingsKeyValuePairs`
+
+AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING are set separately (check parameters storageAccountId, setAzureWebJobsDashboard, appInsightId).
+For all other app settings key-value pairs use this object.
+
+Parameter JSON format
+
+```json
+"appSettingsKeyValuePairs": {
+ "value": [
+ {
+ "name": "key1",
+ "value": "val1"
+ },
+ {
+ "name": "key2",
+ "value": "val2"
+ }
+ ]
+}
+```
+
+Bicep format
+
+```bicep
+appSettingsKeyValuePairs: [
+ {
+ name: 'key1'
+ value: 'val1'
+ }
+ {
+ name: 'key2'
+ value: 'val2'
+ }
+]
+```
+
+
diff --git a/bicep-examples/dependencies/modules/webApp/site/config--appsettings/main.bicep b/bicep-examples/dependencies/modules/webApp/site/config--appsettings/main.bicep new file mode 100644 index 0000000..75f9a5d --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/config--appsettings/main.bicep @@ -0,0 +1,86 @@ +metadata name = 'Site App Settings' +metadata description = 'This module deploys a Site App Setting.' +metadata owner = 'Azure/module-maintainers' + +@description('Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment.') +param appName string + +@description('Required. Type of site to deploy.') +@allowed([ + 'functionapp' // function app windows os + 'functionapp,linux' // function app linux os + 'functionapp,workflowapp' // logic app workflow + 'functionapp,workflowapp,linux' // logic app docker container + 'app' // normal web app +]) +param kind string + +@description('Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions.') +param storageAccountResourceId string = '' + +@description('Optional. Resource ID of the app insight to leverage for this resource.') +param appInsightResourceId string = '' + +@description('Optional. For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons.') +param setAzureWebJobsDashboard bool = contains(kind, 'functionapp') ? true : false + +@description('Optional. The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING.') +param appSettingsKeyValuePairs object = {} + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +var azureWebJobsValues = !empty(storageAccountResourceId) ? union({ + AzureWebJobsStorage: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};AccountKey=${storageAccount.listKeys().keys[0].value};' + }, ((setAzureWebJobsDashboard == true) ? { + AzureWebJobsDashboard: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};AccountKey=${storageAccount.listKeys().keys[0].value};' + } : {})) : {} + +var appInsightsValues = !empty(appInsightResourceId) ? { + APPINSIGHTS_INSTRUMENTATIONKEY: appInsight.properties.InstrumentationKey + APPLICATIONINSIGHTS_CONNECTION_STRING: appInsight.properties.ConnectionString +} : {} + +var expandedAppSettings = union(appSettingsKeyValuePairs, azureWebJobsValues, appInsightsValues) + +resource app 'Microsoft.Web/sites@2022-09-01' existing = { + name: appName +} + +resource appInsight 'Microsoft.Insights/components@2020-02-02' existing = if (!empty(appInsightResourceId)) { + name: last(split(appInsightResourceId, '/'))! + scope: resourceGroup(split(appInsightResourceId, '/')[2], split(appInsightResourceId, '/')[4]) +} + +resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' existing = if (!empty(storageAccountResourceId)) { + name: last(split(storageAccountResourceId, '/'))! + scope: resourceGroup(split(storageAccountResourceId, '/')[2], split(storageAccountResourceId, '/')[4]) +} + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource appSettings 'Microsoft.Web/sites/config@2022-09-01' = { + name: 'appsettings' + kind: kind + parent: app + properties: expandedAppSettings +} + +@description('The name of the site config.') +output name string = appSettings.name + +@description('The resource ID of the site config.') +output resourceId string = appSettings.id + +@description('The resource group the site config was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/bicep-examples/dependencies/modules/webApp/site/config--appsettings/main.json b/bicep-examples/dependencies/modules/webApp/site/config--appsettings/main.json new file mode 100644 index 0000000..c5bb4f9 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/config--appsettings/main.json @@ -0,0 +1,116 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "12140652943143922490" + }, + "name": "Site App Settings", + "description": "This module deploys a Site App Setting.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "appName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "functionapp", + "functionapp,linux", + "functionapp,workflowapp", + "functionapp,workflowapp,linux", + "app" + ], + "metadata": { + "description": "Required. Type of site to deploy." + } + }, + "storageAccountResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions." + } + }, + "appInsightResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the app insight to leverage for this resource." + } + }, + "setAzureWebJobsDashboard": { + "type": "bool", + "defaultValue": "[if(contains(parameters('kind'), 'functionapp'), true(), false())]", + "metadata": { + "description": "Optional. For function apps. If true the app settings \"AzureWebJobsDashboard\" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons." + } + }, + "appSettingsKeyValuePairs": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Web/sites/config", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}', parameters('appName'), 'appsettings')]", + "kind": "[parameters('kind')]", + "properties": "[union(parameters('appSettingsKeyValuePairs'), if(not(empty(parameters('storageAccountResourceId'))), union(createObject('AzureWebJobsStorage', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};', last(split(parameters('storageAccountResourceId'), '/')), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountResourceId'), '/')[2], split(parameters('storageAccountResourceId'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2023-01-01').keys[0].value)), if(equals(parameters('setAzureWebJobsDashboard'), true()), createObject('AzureWebJobsDashboard', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};', last(split(parameters('storageAccountResourceId'), '/')), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountResourceId'), '/')[2], split(parameters('storageAccountResourceId'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2023-01-01').keys[0].value)), createObject())), createObject()), if(not(empty(parameters('appInsightResourceId'))), createObject('APPINSIGHTS_INSTRUMENTATIONKEY', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('appInsightResourceId'), '/')[2], split(parameters('appInsightResourceId'), '/')[4]), 'Microsoft.Insights/components', last(split(parameters('appInsightResourceId'), '/'))), '2020-02-02').InstrumentationKey, 'APPLICATIONINSIGHTS_CONNECTION_STRING', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('appInsightResourceId'), '/')[2], split(parameters('appInsightResourceId'), '/')[4]), 'Microsoft.Insights/components', last(split(parameters('appInsightResourceId'), '/'))), '2020-02-02').ConnectionString), createObject()))]" + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the site config." + }, + "value": "appsettings" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the site config." + }, + "value": "[resourceId('Microsoft.Web/sites/config', parameters('appName'), 'appsettings')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the site config was deployed into." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/site/config--appsettings/version.json b/bicep-examples/dependencies/modules/webApp/site/config--appsettings/version.json new file mode 100644 index 0000000..96236a6 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/config--appsettings/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.4", + "pathFilters": [ + "./main.json" + ] +} diff --git a/bicep-examples/dependencies/modules/webApp/site/config--authsettingsv2/README.md b/bicep-examples/dependencies/modules/webApp/site/config--authsettingsv2/README.md new file mode 100644 index 0000000..da797e6 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/config--authsettingsv2/README.md @@ -0,0 +1,85 @@ +# Site Auth Settings V2 Config `[Microsoft.Web/sites/config]` + +This module deploys a Site Auth Settings V2 Configuration. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Web/sites/config` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authSettingV2Configuration`](#parameter-authsettingv2configuration) | object | The auth settings V2 configuration. | +| [`kind`](#parameter-kind) | string | Type of site to deploy. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`appName`](#parameter-appname) | string | The name of the parent site resource. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `appName` + +The name of the parent site resource. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `authSettingV2Configuration` + +The auth settings V2 configuration. +- Required: Yes +- Type: object + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `kind` + +Type of site to deploy. +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'app' + 'functionapp' + 'functionapplinux' + 'functionappworkflowapp' + 'functionappworkflowapplinux' + ] + ``` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the site config. | +| `resourceGroupName` | string | The resource group the site config was deployed into. | +| `resourceId` | string | The resource ID of the site config. | + +## Cross-referenced modules + +_None_ diff --git a/bicep-examples/dependencies/modules/webApp/site/config--authsettingsv2/main.bicep b/bicep-examples/dependencies/modules/webApp/site/config--authsettingsv2/main.bicep new file mode 100644 index 0000000..14f9589 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/config--authsettingsv2/main.bicep @@ -0,0 +1,54 @@ +metadata name = 'Site Auth Settings V2 Config' +metadata description = 'This module deploys a Site Auth Settings V2 Configuration.' +metadata owner = 'Azure/module-maintainers' + +@description('Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment.') +param appName string + +@description('Required. Type of site to deploy.') +@allowed([ + 'functionapp' // function app windows os + 'functionapp,linux' // function app linux os + 'functionapp,workflowapp' // logic app workflow + 'functionapp,workflowapp,linux' // logic app docker container + 'app' // normal web app +]) +param kind string + +@description('Required. The auth settings V2 configuration.') +param authSettingV2Configuration object + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +resource app 'Microsoft.Web/sites@2022-09-01' existing = { + name: appName +} + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource appSettings 'Microsoft.Web/sites/config@2022-09-01' = { + name: 'authsettingsV2' + kind: kind + parent: app + properties: authSettingV2Configuration +} + +@description('The name of the site config.') +output name string = appSettings.name + +@description('The resource ID of the site config.') +output resourceId string = appSettings.id + +@description('The resource group the site config was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/bicep-examples/dependencies/modules/webApp/site/config--authsettingsv2/main.json b/bicep-examples/dependencies/modules/webApp/site/config--authsettingsv2/main.json new file mode 100644 index 0000000..3ecec71 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/config--authsettingsv2/main.json @@ -0,0 +1,94 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "1120403064106188130" + }, + "name": "Site Auth Settings V2 Config", + "description": "This module deploys a Site Auth Settings V2 Configuration.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "appName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "functionapp", + "functionapp,linux", + "functionapp,workflowapp", + "functionapp,workflowapp,linux", + "app" + ], + "metadata": { + "description": "Required. Type of site to deploy." + } + }, + "authSettingV2Configuration": { + "type": "object", + "metadata": { + "description": "Required. The auth settings V2 configuration." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Web/sites/config", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}', parameters('appName'), 'authsettingsV2')]", + "kind": "[parameters('kind')]", + "properties": "[parameters('authSettingV2Configuration')]" + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the site config." + }, + "value": "authsettingsV2" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the site config." + }, + "value": "[resourceId('Microsoft.Web/sites/config', parameters('appName'), 'authsettingsV2')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the site config was deployed into." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/site/config--authsettingsv2/version.json b/bicep-examples/dependencies/modules/webApp/site/config--authsettingsv2/version.json new file mode 100644 index 0000000..96236a6 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/config--authsettingsv2/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.4", + "pathFilters": [ + "./main.json" + ] +} diff --git a/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/README.md b/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/README.md new file mode 100644 index 0000000..20be37a --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/README.md @@ -0,0 +1,84 @@ +# Web/Function Apps Hybrid Connection Relay `[Microsoft.Web/sites/hybridConnectionNamespaces/relays]` + +This module deploys a Site Hybrid Connection Namespace Relay. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Web/sites/hybridConnectionNamespaces/relays` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites/hybridConnectionNamespaces/relays) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`hybridConnectionResourceId`](#parameter-hybridconnectionresourceid) | string | The resource ID of the relay namespace hybrid connection. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`appName`](#parameter-appname) | string | The name of the parent web site. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`sendKeyName`](#parameter-sendkeyname) | string | Name of the authorization rule send key to use. | + +### Parameter: `appName` + +The name of the parent web site. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hybridConnectionResourceId` + +The resource ID of the relay namespace hybrid connection. +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `sendKeyName` + +Name of the authorization rule send key to use. +- Required: No +- Type: string +- Default: `'defaultSender'` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the hybrid connection relay.. | +| `resourceGroupName` | string | The name of the resource group the resource was deployed into. | +| `resourceId` | string | The resource ID of the hybrid connection relay. | + +## Cross-referenced modules + +_None_ diff --git a/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/main.bicep b/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/main.bicep new file mode 100644 index 0000000..f1972af --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/main.bicep @@ -0,0 +1,66 @@ +metadata name = 'Web/Function Apps Hybrid Connection Relay' +metadata description = 'This module deploys a Site Hybrid Connection Namespace Relay.' +metadata owner = 'Azure/module-maintainers' + +@description('Required. The resource ID of the relay namespace hybrid connection.') +param hybridConnectionResourceId string + +@description('Conditional. The name of the parent web site. Required if the template is used in a standalone deployment.') +param appName string + +@description('Optional. Name of the authorization rule send key to use.') +param sendKeyName string = 'defaultSender' + +@description('Optional. Location for all Resources.') +param location string = resourceGroup().location + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource namespace 'Microsoft.Relay/namespaces@2021-11-01' existing = { + name: split(hybridConnectionResourceId, '/')[8] + scope: resourceGroup(split(hybridConnectionResourceId, '/')[2], split(hybridConnectionResourceId, '/')[4]) + + resource hybridConnection 'hybridConnections@2021-11-01' existing = { + name: split(hybridConnectionResourceId, '/')[10] + + resource authorizationRule 'authorizationRules@2021-11-01' existing = { + name: sendKeyName + } + } +} + +resource hybridConnectionRelay 'Microsoft.Web/sites/hybridConnectionNamespaces/relays@2022-09-01' = { + name: '${appName}/${namespace.name}/${namespace::hybridConnection.name}' + properties: { + serviceBusNamespace: namespace.name + serviceBusSuffix: split(substring(namespace.properties.serviceBusEndpoint, indexOf(namespace.properties.serviceBusEndpoint, '.servicebus')), ':')[0] + relayName: namespace::hybridConnection.name + relayArmUri: namespace::hybridConnection.id + hostname: split(json(namespace::hybridConnection.properties.userMetadata)[0].value, ':')[0] + port: int(split(json(namespace::hybridConnection.properties.userMetadata)[0].value, ':')[1]) + sendKeyName: namespace::hybridConnection::authorizationRule.name + sendKeyValue: namespace::hybridConnection::authorizationRule.listKeys().primaryKey + } +} + +@description('The name of the hybrid connection relay..') +output name string = hybridConnectionRelay.name + +@description('The resource ID of the hybrid connection relay.') +output resourceId string = hybridConnectionRelay.id + +@description('The name of the resource group the resource was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/main.json b/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/main.json new file mode 100644 index 0000000..bc3ae19 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/main.json @@ -0,0 +1,103 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "10458383238656360850" + }, + "name": "Web/Function Apps Hybrid Connection Relay", + "description": "This module deploys a Site Hybrid Connection Namespace Relay.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "hybridConnectionResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the relay namespace hybrid connection." + } + }, + "appName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent web site. Required if the template is used in a standalone deployment." + } + }, + "sendKeyName": { + "type": "string", + "defaultValue": "defaultSender", + "metadata": { + "description": "Optional. Name of the authorization rule send key to use." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Web/sites/hybridConnectionNamespaces/relays", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}/{2}', parameters('appName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]", + "properties": { + "serviceBusNamespace": "[split(parameters('hybridConnectionResourceId'), '/')[8]]", + "serviceBusSuffix": "[split(substring(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces', split(parameters('hybridConnectionResourceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, indexOf(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces', split(parameters('hybridConnectionResourceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, '.servicebus')), ':')[0]]", + "relayName": "[split(parameters('hybridConnectionResourceId'), '/')[10]]", + "relayArmUri": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]", + "hostname": "[split(json(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '2021-11-01').userMetadata)[0].value, ':')[0]]", + "port": "[int(split(json(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '2021-11-01').userMetadata)[0].value, ':')[1])]", + "sendKeyName": "[parameters('sendKeyName')]", + "sendKeyValue": "[listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections/authorizationRules', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10], parameters('sendKeyName')), '2021-11-01').primaryKey]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the hybrid connection relay.." + }, + "value": "[format('{0}/{1}/{2}', parameters('appName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the hybrid connection relay." + }, + "value": "[resourceId('Microsoft.Web/sites/hybridConnectionNamespaces/relays', split(format('{0}/{1}/{2}', parameters('appName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[0], split(format('{0}/{1}/{2}', parameters('appName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[1], split(format('{0}/{1}/{2}', parameters('appName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[2])]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the resource was deployed into." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/version.json b/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/version.json new file mode 100644 index 0000000..96236a6 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.4", + "pathFilters": [ + "./main.json" + ] +} diff --git a/bicep-examples/dependencies/modules/webApp/site/main.bicep b/bicep-examples/dependencies/modules/webApp/site/main.bicep new file mode 100644 index 0000000..b2ac05d --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/main.bicep @@ -0,0 +1,559 @@ +metadata name = 'Web/Function Apps' +metadata description = 'This module deploys a Web or Function App.' +metadata owner = 'Azure/module-maintainers' + +@description('Required. Name of the site.') +param name string + +@description('Optional. Location for all Resources.') +param location string = resourceGroup().location + +@description('Required. Type of site to deploy.') +@allowed([ + 'functionapp' // function app windows os + 'functionapp,linux' // function app linux os + 'functionapp,workflowapp' // logic app workflow + 'functionapp,workflowapp,linux' // logic app docker container + 'app' // normal web app +]) +param kind string + +@description('Required. The resource ID of the app service plan to use for the site.') +param serverFarmResourceId string + +@description('Optional. Configures a site to accept only HTTPS requests. Issues redirect for HTTP requests.') +param httpsOnly bool = true + +@description('Optional. If client affinity is enabled.') +param clientAffinityEnabled bool = true + +@description('Optional. The resource ID of the app service environment to use for this resource.') +param appServiceEnvironmentResourceId string = '' + +@description('Optional. The managed identity definition for this resource.') +param managedIdentities managedIdentitiesType + +@description('Optional. The resource ID of the assigned identity to be used to access a key vault with.') +param keyVaultAccessIdentityResourceId string = '' + +@description('Optional. Checks if Customer provided storage account is required.') +param storageAccountRequired bool = false + +@description('Optional. Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}.') +param virtualNetworkSubnetId string = '' + +@description('Optional. To enable accessing content over virtual network.') +param vnetContentShareEnabled bool = false + +@description('Optional. To enable pulling image over Virtual Network.') +param vnetImagePullEnabled bool = false + +@description('Optional. Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied.') +param vnetRouteAllEnabled bool = false + +@description('Optional. Stop SCM (KUDU) site when the app is stopped.') +param scmSiteAlsoStopped bool = false + +@description('Optional. The site config object.') +param siteConfig object = {} + +@description('Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions.') +param storageAccountResourceId string = '' + +@description('Optional. Resource ID of the app insight to leverage for this resource.') +param appInsightResourceId string = '' + +@description('Optional. For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons.') +param setAzureWebJobsDashboard bool = contains(kind, 'functionapp') ? true : false + +@description('Optional. The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING.') +param appSettingsKeyValuePairs object = {} + +@description('Optional. The auth settings V2 configuration.') +param authSettingV2Configuration object = {} + +@description('Optional. The lock settings of the service.') +param lock lockType + +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') +param privateEndpoints privateEndpointType + +@description('Optional. Configuration for deployment slots for an app.') +param slots array = [] + +@description('Optional. Tags of the resource.') +param tags object? + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') +param roleAssignments roleAssignmentType + +@description('Optional. The diagnostic settings of the service.') +param diagnosticSettings diagnosticSettingType + +@description('Optional. To enable client certificate authentication (TLS mutual authentication).') +param clientCertEnabled bool = false + +@description('Optional. Client certificate authentication comma-separated exclusion paths.') +param clientCertExclusionPaths string = '' + +@description('Optional. This composes with ClientCertEnabled setting.
- ClientCertEnabled: false means ClientCert is ignored.- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted.') +@allowed([ + 'Optional' + 'OptionalInteractiveUser' + 'Required' +]) +param clientCertMode string = 'Optional' + +@description('Optional. If specified during app creation, the app is cloned from a source app.') +param cloningInfo object = {} + +@description('Optional. Size of the function container.') +param containerSize int = -1 + +@description('Optional. Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification.') +param customDomainVerificationId string = '' + +@description('Optional. Maximum allowed daily memory-time quota (applicable on dynamic apps only).') +param dailyMemoryTimeQuota int = -1 + +@description('Optional. Setting this value to false disables the app (takes the app offline).') +param enabled bool = true + +@description('Optional. Hostname SSL states are used to manage the SSL bindings for app\'s hostnames.') +param hostNameSslStates array = [] + +@description('Optional. Hyper-V sandbox.') +param hyperV bool = false + +@description('Optional. Site redundancy mode.') +@allowed([ + 'ActiveActive' + 'Failover' + 'GeoRedundant' + 'Manual' + 'None' +]) +param redundancyMode string = 'None' + +@description('Optional. The site publishing credential policy names which are associated with the sites.') +param basicPublishingCredentialsPolicies array = [] + +@description('Optional. Names of hybrid connection relays to connect app with.') +param hybridConnectionRelays array = [] + +@description('Optional. Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set.') +@allowed([ + '' + 'Enabled' + 'Disabled' +]) +param publicNetworkAccess string = '' + +var formattedUserAssignedIdentities = reduce(map((managedIdentities.?userAssignedResourcesIds ?? []), (id) => { '${id}': {} }), {}, (cur, next) => union(cur, next)) // Converts the flat array to an object like { '${id1}': {}, '${id2}': {} } + +var identity = !empty(managedIdentities) ? { + type: (managedIdentities.?systemAssigned ?? false) ? (!empty(managedIdentities.?userAssignedResourcesIds ?? {}) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(managedIdentities.?userAssignedResourcesIds ?? {}) ? 'UserAssigned' : null) + userAssignedIdentities: !empty(formattedUserAssignedIdentities) ? formattedUserAssignedIdentities : null +} : null + +var enableReferencedModulesTelemetry = false + +var builtInRoleNames = { + 'App Compliance Automation Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f37683f-2463-46b6-9ce7-9b788b988ba2') + Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') + Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') + Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') + 'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168') + 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') + 'Web Plan Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b') + 'Website Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772') +} + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource app 'Microsoft.Web/sites@2022-09-01' = { + name: name + location: location + kind: kind + tags: tags + identity: identity + properties: { + serverFarmId: serverFarmResourceId + clientAffinityEnabled: clientAffinityEnabled + httpsOnly: httpsOnly + hostingEnvironmentProfile: !empty(appServiceEnvironmentResourceId) ? { + id: appServiceEnvironmentResourceId + } : null + storageAccountRequired: storageAccountRequired + keyVaultReferenceIdentity: !empty(keyVaultAccessIdentityResourceId) ? keyVaultAccessIdentityResourceId : null + virtualNetworkSubnetId: !empty(virtualNetworkSubnetId) ? virtualNetworkSubnetId : any(null) + siteConfig: siteConfig + clientCertEnabled: clientCertEnabled + clientCertExclusionPaths: !empty(clientCertExclusionPaths) ? clientCertExclusionPaths : null + clientCertMode: clientCertMode + cloningInfo: !empty(cloningInfo) ? cloningInfo : null + containerSize: containerSize != -1 ? containerSize : null + customDomainVerificationId: !empty(customDomainVerificationId) ? customDomainVerificationId : null + dailyMemoryTimeQuota: dailyMemoryTimeQuota != -1 ? dailyMemoryTimeQuota : null + enabled: enabled + hostNameSslStates: hostNameSslStates + hyperV: hyperV + redundancyMode: redundancyMode + publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) ? 'Disabled' : 'Enabled') + vnetContentShareEnabled: vnetContentShareEnabled + vnetImagePullEnabled: vnetImagePullEnabled + vnetRouteAllEnabled: vnetRouteAllEnabled + scmSiteAlsoStopped: scmSiteAlsoStopped + } +} + +module app_appsettings 'config--appsettings/main.bicep' = if (!empty(appSettingsKeyValuePairs)) { + name: '${uniqueString(deployment().name, location)}-Site-Config-AppSettings' + params: { + appName: app.name + kind: kind + storageAccountResourceId: storageAccountResourceId + appInsightResourceId: appInsightResourceId + setAzureWebJobsDashboard: setAzureWebJobsDashboard + appSettingsKeyValuePairs: appSettingsKeyValuePairs + enableDefaultTelemetry: enableReferencedModulesTelemetry + } +} + +module app_authsettingsv2 'config--authsettingsv2/main.bicep' = if (!empty(authSettingV2Configuration)) { + name: '${uniqueString(deployment().name, location)}-Site-Config-AuthSettingsV2' + params: { + appName: app.name + kind: kind + authSettingV2Configuration: authSettingV2Configuration + enableDefaultTelemetry: enableReferencedModulesTelemetry + } +} + +@batchSize(1) +module app_slots 'slot/main.bicep' = [for (slot, index) in slots: { + name: '${uniqueString(deployment().name, location)}-Slot-${slot.name}' + params: { + name: slot.name + appName: app.name + location: location + kind: kind + serverFarmResourceId: serverFarmResourceId + httpsOnly: contains(slot, 'httpsOnly') ? slot.httpsOnly : httpsOnly + appServiceEnvironmentResourceId: !empty(appServiceEnvironmentResourceId) ? appServiceEnvironmentResourceId : '' + clientAffinityEnabled: contains(slot, 'clientAffinityEnabled') ? slot.clientAffinityEnabled : clientAffinityEnabled + managedIdentities: contains(slot, 'managedIdentities') ? slot.managedIdentities : managedIdentities + keyVaultAccessIdentityResourceId: contains(slot, 'keyVaultAccessIdentityResourceId') ? slot.keyVaultAccessIdentityResourceId : keyVaultAccessIdentityResourceId + storageAccountRequired: contains(slot, 'storageAccountRequired') ? slot.storageAccountRequired : storageAccountRequired + virtualNetworkSubnetId: contains(slot, 'virtualNetworkSubnetId') ? slot.virtualNetworkSubnetId : virtualNetworkSubnetId + siteConfig: contains(slot, 'siteConfig') ? slot.siteConfig : siteConfig + storageAccountResourceId: contains(slot, 'storageAccountResourceId') ? slot.storageAccountResourceId : storageAccountResourceId + appInsightResourceId: contains(slot, 'appInsightResourceId') ? slot.appInsightResourceId : appInsightResourceId + setAzureWebJobsDashboard: contains(slot, 'setAzureWebJobsDashboard') ? slot.setAzureWebJobsDashboard : setAzureWebJobsDashboard + authSettingV2Configuration: contains(slot, 'authSettingV2Configuration') ? slot.authSettingV2Configuration : authSettingV2Configuration + enableDefaultTelemetry: enableReferencedModulesTelemetry + diagnosticSettings: slot.?diagnosticSettings + roleAssignments: contains(slot, 'roleAssignments') ? slot.roleAssignments : roleAssignments + appSettingsKeyValuePairs: contains(slot, 'appSettingsKeyValuePairs') ? slot.appSettingsKeyValuePairs : appSettingsKeyValuePairs + lock: slot.?lock ?? lock + privateEndpoints: contains(slot, 'privateEndpoints') ? slot.privateEndpoints : privateEndpoints + tags: slot.?tags ?? tags + clientCertEnabled: contains(slot, 'clientCertEnabled') ? slot.clientCertEnabled : false + clientCertExclusionPaths: contains(slot, 'clientCertExclusionPaths') ? slot.clientCertExclusionPaths : '' + clientCertMode: contains(slot, 'clientCertMode') ? slot.clientCertMode : 'Optional' + cloningInfo: contains(slot, 'cloningInfo') ? slot.cloningInfo : {} + containerSize: contains(slot, 'containerSize') ? slot.containerSize : -1 + customDomainVerificationId: contains(slot, 'customDomainVerificationId') ? slot.customDomainVerificationId : '' + dailyMemoryTimeQuota: contains(slot, 'dailyMemoryTimeQuota') ? slot.dailyMemoryTimeQuota : -1 + enabled: contains(slot, 'enabled') ? slot.enabled : true + hostNameSslStates: contains(slot, 'hostNameSslStates') ? slot.hostNameSslStates : [] + hyperV: contains(slot, 'hyperV') ? slot.hyperV : false + publicNetworkAccess: contains(slot, 'publicNetworkAccess') ? slot.publicNetworkAccess : '' + redundancyMode: contains(slot, 'redundancyMode') ? slot.redundancyMode : 'None' + vnetContentShareEnabled: contains(slot, 'vnetContentShareEnabled') ? slot.vnetContentShareEnabled : false + vnetImagePullEnabled: contains(slot, 'vnetImagePullEnabled') ? slot.vnetImagePullEnabled : false + vnetRouteAllEnabled: contains(slot, 'vnetRouteAllEnabled') ? slot.vnetRouteAllEnabled : false + hybridConnectionRelays: contains(slot, 'hybridConnectionRelays') ? slot.hybridConnectionRelays : [] + } +}] + +module app_basicPublishingCredentialsPolicies 'basic-publishing-credentials-policy/main.bicep' = [for (basicPublishingCredentialsPolicy, index) in basicPublishingCredentialsPolicies: { + name: '${uniqueString(deployment().name, location)}-Site-Publis-Cred-${index}' + params: { + webAppName: app.name + name: basicPublishingCredentialsPolicy.name + enableDefaultTelemetry: enableReferencedModulesTelemetry + } +}] + +module app_hybridConnectionRelays 'hybrid-connection-namespace/relay/main.bicep' = [for (hybridConnectionRelay, index) in hybridConnectionRelays: { + name: '${uniqueString(deployment().name, location)}-HybridConnectionRelay-${index}' + params: { + hybridConnectionResourceId: hybridConnectionRelay.resourceId + appName: app.name + sendKeyName: contains(hybridConnectionRelay, 'sendKeyName') ? hybridConnectionRelay.sendKeyName : null + enableDefaultTelemetry: enableReferencedModulesTelemetry + } +}] + +resource app_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' + properties: { + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' + } + scope: app +} + +resource app_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = [for (diagnosticSetting, index) in (diagnosticSettings ?? []): { + name: diagnosticSetting.?name ?? '${name}-diagnosticSettings' + properties: { + storageAccountId: diagnosticSetting.?storageAccountResourceId + workspaceId: diagnosticSetting.?workspaceResourceId + eventHubAuthorizationRuleId: diagnosticSetting.?eventHubAuthorizationRuleResourceId + eventHubName: diagnosticSetting.?eventHubName + metrics: diagnosticSetting.?metricCategories ?? [ + { + category: 'AllMetrics' + timeGrain: null + enabled: true + } + ] + logs: diagnosticSetting.?logCategoriesAndGroups ?? [ + { + categoryGroup: 'AllLogs' + enabled: true + } + ] + marketplacePartnerId: diagnosticSetting.?marketplacePartnerResourceId + logAnalyticsDestinationType: diagnosticSetting.?logAnalyticsDestinationType + } + scope: app +}] + +resource app_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (roleAssignment, index) in (roleAssignments ?? []): { + name: guid(app.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName) + properties: { + roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] : roleAssignment.roleDefinitionIdOrName + principalId: roleAssignment.principalId + description: roleAssignment.?description + principalType: roleAssignment.?principalType + condition: roleAssignment.?condition + conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set + delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId + } + scope: app +}] + +module app_privateEndpoints '../../network/private-endpoint/main.bicep' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { + name: '${uniqueString(deployment().name, location)}-app-PrivateEndpoint-${index}' + params: { + groupIds: [ + privateEndpoint.?service ?? 'sites' + ] + name: privateEndpoint.?name ?? 'pep-${last(split(app.id, '/'))}-${privateEndpoint.?service ?? 'sites'}-${index}' + serviceResourceId: app.id + subnetResourceId: privateEndpoint.subnetResourceId + enableDefaultTelemetry: privateEndpoint.?enableDefaultTelemetry ?? enableReferencedModulesTelemetry + location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location + lock: privateEndpoint.?lock ?? lock + privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName + privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds + roleAssignments: privateEndpoint.?roleAssignments + tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections + customDnsConfigs: privateEndpoint.?customDnsConfigs + ipConfigurations: privateEndpoint.?ipConfigurations + applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds + customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName + } +}] + +@description('The name of the site.') +output name string = app.name + +@description('The resource ID of the site.') +output resourceId string = app.id + +@description('The list of the slots.') +output slots array = [for (slot, index) in slots: app_slots[index].name] + +@description('The list of the slot resource ids.') +output slotResourceIds array = [for (slot, index) in slots: app_slots[index].outputs.resourceId] + +@description('The resource group the site was deployed into.') +output resourceGroupName string = resourceGroup().name + +@description('The principal ID of the system assigned identity.') +output systemAssignedMIPrincipalId string = (managedIdentities.?systemAssigned ?? false) && contains(app.identity, 'principalId') ? app.identity.principalId : '' + +@description('The principal ID of the system assigned identity of slots.') +output slotSystemAssignedPrincipalIds array = [for (slot, index) in slots: app_slots[index].outputs.systemAssignedMIPrincipalId] + +@description('The location the resource was deployed into.') +output location string = app.location + +@description('Default hostname of the app.') +output defaultHostname string = app.properties.defaultHostName + +// =============== // +// Definitions // +// =============== // + +type managedIdentitiesType = { + @description('Optional. Enables system assigned managed identity on the resource.') + systemAssigned: bool? + + @description('Optional. The resource ID(s) to assign to the resource.') + userAssignedResourcesIds: string[]? +}? + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? + +type roleAssignmentType = { + @description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') + roleDefinitionIdOrName: string + + @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.') + principalId: string + + @description('Optional. The principal type of the assigned principal ID.') + principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device' | null)? + + @description('Optional. The description of the role assignment.') + description: string? + + @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') + condition: string? + + @description('Optional. Version of the condition.') + conditionVersion: '2.0'? + + @description('Optional. The Resource Id of the delegated managed identity resource.') + delegatedManagedIdentityResourceId: string? +}[]? + +type privateEndpointType = { + @description('Optional. The name of the private endpoint.') + name: string? + + @description('Optional. The location to deploy the private endpoint to.') + location: string? + + @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + service: string? + + @description('Required. Resource ID of the subnet where the endpoint needs to be created.') + subnetResourceId: string + + @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') + privateDnsZoneGroupName: string? + + @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') + privateDnsZoneResourceIds: string[]? + + @description('Optional. Custom DNS configurations.') + customDnsConfigs: { + @description('Required. Fqdn that resolves to private endpoint ip address.') + fqdn: string? + + @description('Required. A list of private ip addresses of the private endpoint.') + ipAddresses: string[] + }[]? + + @description('Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints.') + ipConfigurations: { + @description('Required. The name of the resource that is unique within a resource group.') + name: string + + @description('Required. Properties of private endpoint IP configurations.') + properties: { + @description('Required. The ID of a group obtained from the remote resource that this private endpoint should connect to.') + groupId: string + + @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') + memberName: string + + @description('Required. A private ip address obtained from the private endpoint\'s subnet.') + privateIPAddress: string + } + }[]? + + @description('Optional. Application security groups in which the private endpoint IP configuration is included.') + applicationSecurityGroupResourceIds: string[]? + + @description('Optional. The custom name of the network interface attached to the private endpoint.') + customNetworkInterfaceName: string? + + @description('Optional. Specify the type of lock.') + lock: lockType + + @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') + roleAssignments: roleAssignmentType + + @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') + tags: object? + + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + + @description('Optional. Enable/Disable usage telemetry for module.') + enableTelemetry: bool? +}[]? + +type diagnosticSettingType = { + @description('Optional. The name of diagnostic setting.') + name: string? + + @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to \'\' to disable log collection.') + logCategoriesAndGroups: { + @description('Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here.') + category: string? + + @description('Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to \'AllLogs\' to collect all logs.') + categoryGroup: string? + }[]? + + @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to \'\' to disable log collection.') + metricCategories: { + @description('Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to \'AllMetrics\' to collect all metrics.') + category: string + }[]? + + @description('Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.') + logAnalyticsDestinationType: ('Dedicated' | 'AzureDiagnostics' | null)? + + @description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') + workspaceResourceId: string? + + @description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') + storageAccountResourceId: string? + + @description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') + eventHubAuthorizationRuleResourceId: string? + + @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') + eventHubName: string? + + @description('Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.') + marketplacePartnerResourceId: string? +}[]? diff --git a/bicep-examples/dependencies/modules/webApp/site/main.json b/bicep-examples/dependencies/modules/webApp/site/main.json new file mode 100644 index 0000000..72f1e89 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/main.json @@ -0,0 +1,4095 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "3962832552855663187" + }, + "name": "Web/Function Apps", + "description": "This module deploys a Web or Function App.", + "owner": "Azure/module-maintainers" + }, + "definitions": { + "managedIdentitiesType": { + "type": "object", + "properties": { + "systemAssigned": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enables system assigned managed identity on the resource." + } + }, + "userAssignedResourcesIds": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The resource ID(s) to assign to the resource." + } + } + }, + "nullable": true + }, + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + }, + "roleAssignmentType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." + } + } + } + }, + "nullable": true + }, + "privateEndpointType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the private endpoint." + } + }, + "location": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The location to deploy the private endpoint to." + } + }, + "service": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + } + }, + "subnetResourceId": { + "type": "string", + "metadata": { + "description": "Required. Resource ID of the subnet where the endpoint needs to be created." + } + }, + "privateDnsZoneGroupName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." + } + }, + "privateDnsZoneResourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." + } + }, + "customDnsConfigs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fqdn": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Required. Fqdn that resolves to private endpoint ip address." + } + }, + "ipAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. A list of private ip addresses of the private endpoint." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. Custom DNS configurations." + } + }, + "ipConfigurations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the resource that is unique within a resource group." + } + }, + "properties": { + "type": "object", + "properties": { + "groupId": { + "type": "string", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "memberName": { + "type": "string", + "metadata": { + "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "privateIPAddress": { + "type": "string", + "metadata": { + "description": "Required. A private ip address obtained from the private endpoint's subnet." + } + } + }, + "metadata": { + "description": "Required. Properties of private endpoint IP configurations." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." + } + }, + "applicationSecurityGroupResourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. Application security groups in which the private endpoint IP configuration is included." + } + }, + "customNetworkInterfaceName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The custom name of the network interface attached to the private endpoint." + } + }, + "lock": { + "$ref": "#/definitions/lockType", + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "$ref": "#/definitions/roleAssignmentType", + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." + } + }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, + "enableTelemetry": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + } + } + }, + "nullable": true + }, + "diagnosticSettingType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of diagnostic setting." + } + }, + "logCategoriesAndGroups": { + "type": "array", + "items": { + "type": "object", + "properties": { + "category": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here." + } + }, + "categoryGroup": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection." + } + }, + "metricCategories": { + "type": "array", + "items": { + "type": "object", + "properties": { + "category": { + "type": "string", + "metadata": { + "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection." + } + }, + "logAnalyticsDestinationType": { + "type": "string", + "allowedValues": [ + "AzureDiagnostics", + "Dedicated" + ], + "nullable": true, + "metadata": { + "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type." + } + }, + "workspaceResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "storageAccountResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "eventHubAuthorizationRuleResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." + } + }, + "eventHubName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "marketplacePartnerResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs." + } + } + } + }, + "nullable": true + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the site." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "functionapp", + "functionapp,linux", + "functionapp,workflowapp", + "functionapp,workflowapp,linux", + "app" + ], + "metadata": { + "description": "Required. Type of site to deploy." + } + }, + "serverFarmResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the app service plan to use for the site." + } + }, + "httpsOnly": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Configures a site to accept only HTTPS requests. Issues redirect for HTTP requests." + } + }, + "clientAffinityEnabled": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. If client affinity is enabled." + } + }, + "appServiceEnvironmentResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The resource ID of the app service environment to use for this resource." + } + }, + "managedIdentities": { + "$ref": "#/definitions/managedIdentitiesType", + "metadata": { + "description": "Optional. The managed identity definition for this resource." + } + }, + "keyVaultAccessIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The resource ID of the assigned identity to be used to access a key vault with." + } + }, + "storageAccountRequired": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Checks if Customer provided storage account is required." + } + }, + "virtualNetworkSubnetId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}." + } + }, + "vnetContentShareEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. To enable accessing content over virtual network." + } + }, + "vnetImagePullEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. To enable pulling image over Virtual Network." + } + }, + "vnetRouteAllEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied." + } + }, + "scmSiteAlsoStopped": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Stop SCM (KUDU) site when the app is stopped." + } + }, + "siteConfig": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. The site config object." + } + }, + "storageAccountResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions." + } + }, + "appInsightResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the app insight to leverage for this resource." + } + }, + "setAzureWebJobsDashboard": { + "type": "bool", + "defaultValue": "[if(contains(parameters('kind'), 'functionapp'), true(), false())]", + "metadata": { + "description": "Optional. For function apps. If true the app settings \"AzureWebJobsDashboard\" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons." + } + }, + "appSettingsKeyValuePairs": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING." + } + }, + "authSettingV2Configuration": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. The auth settings V2 configuration." + } + }, + "lock": { + "$ref": "#/definitions/lockType", + "metadata": { + "description": "Optional. The lock settings of the service." + } + }, + "privateEndpoints": { + "$ref": "#/definitions/privateEndpointType", + "metadata": { + "description": "Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible." + } + }, + "slots": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Configuration for deployment slots for an app." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "roleAssignments": { + "$ref": "#/definitions/roleAssignmentType", + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "diagnosticSettings": { + "$ref": "#/definitions/diagnosticSettingType", + "metadata": { + "description": "Optional. The diagnostic settings of the service." + } + }, + "clientCertEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. To enable client certificate authentication (TLS mutual authentication)." + } + }, + "clientCertExclusionPaths": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Client certificate authentication comma-separated exclusion paths." + } + }, + "clientCertMode": { + "type": "string", + "defaultValue": "Optional", + "allowedValues": [ + "Optional", + "OptionalInteractiveUser", + "Required" + ], + "metadata": { + "description": "Optional. This composes with ClientCertEnabled setting.- ClientCertEnabled: false means ClientCert is ignored.- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted." + } + }, + "cloningInfo": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. If specified during app creation, the app is cloned from a source app." + } + }, + "containerSize": { + "type": "int", + "defaultValue": -1, + "metadata": { + "description": "Optional. Size of the function container." + } + }, + "customDomainVerificationId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification." + } + }, + "dailyMemoryTimeQuota": { + "type": "int", + "defaultValue": -1, + "metadata": { + "description": "Optional. Maximum allowed daily memory-time quota (applicable on dynamic apps only)." + } + }, + "enabled": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Setting this value to false disables the app (takes the app offline)." + } + }, + "hostNameSslStates": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Hostname SSL states are used to manage the SSL bindings for app's hostnames." + } + }, + "hyperV": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Hyper-V sandbox." + } + }, + "redundancyMode": { + "type": "string", + "defaultValue": "None", + "allowedValues": [ + "ActiveActive", + "Failover", + "GeoRedundant", + "Manual", + "None" + ], + "metadata": { + "description": "Optional. Site redundancy mode." + } + }, + "basicPublishingCredentialsPolicies": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. The site publishing credential policy names which are associated with the sites." + } + }, + "hybridConnectionRelays": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Names of hybrid connection relays to connect app with." + } + }, + "publicNetworkAccess": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "", + "Enabled", + "Disabled" + ], + "metadata": { + "description": "Optional. Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set." + } + } + }, + "variables": { + "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", + "enableReferencedModulesTelemetry": false, + "builtInRoleNames": { + "App Compliance Automation Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f37683f-2463-46b6-9ce7-9b788b988ba2')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Web Plan Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b')]", + "Website Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772')]" + } + }, + "resources": { + "defaultTelemetry": { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + "app": { + "type": "Microsoft.Web/sites", + "apiVersion": "2022-09-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "kind": "[parameters('kind')]", + "tags": "[parameters('tags')]", + "identity": "[variables('identity')]", + "properties": { + "serverFarmId": "[parameters('serverFarmResourceId')]", + "clientAffinityEnabled": "[parameters('clientAffinityEnabled')]", + "httpsOnly": "[parameters('httpsOnly')]", + "hostingEnvironmentProfile": "[if(not(empty(parameters('appServiceEnvironmentResourceId'))), createObject('id', parameters('appServiceEnvironmentResourceId')), null())]", + "storageAccountRequired": "[parameters('storageAccountRequired')]", + "keyVaultReferenceIdentity": "[if(not(empty(parameters('keyVaultAccessIdentityResourceId'))), parameters('keyVaultAccessIdentityResourceId'), null())]", + "virtualNetworkSubnetId": "[if(not(empty(parameters('virtualNetworkSubnetId'))), parameters('virtualNetworkSubnetId'), null())]", + "siteConfig": "[parameters('siteConfig')]", + "clientCertEnabled": "[parameters('clientCertEnabled')]", + "clientCertExclusionPaths": "[if(not(empty(parameters('clientCertExclusionPaths'))), parameters('clientCertExclusionPaths'), null())]", + "clientCertMode": "[parameters('clientCertMode')]", + "cloningInfo": "[if(not(empty(parameters('cloningInfo'))), parameters('cloningInfo'), null())]", + "containerSize": "[if(not(equals(parameters('containerSize'), -1)), parameters('containerSize'), null())]", + "customDomainVerificationId": "[if(not(empty(parameters('customDomainVerificationId'))), parameters('customDomainVerificationId'), null())]", + "dailyMemoryTimeQuota": "[if(not(equals(parameters('dailyMemoryTimeQuota'), -1)), parameters('dailyMemoryTimeQuota'), null())]", + "enabled": "[parameters('enabled')]", + "hostNameSslStates": "[parameters('hostNameSslStates')]", + "hyperV": "[parameters('hyperV')]", + "redundancyMode": "[parameters('redundancyMode')]", + "publicNetworkAccess": "[if(not(empty(parameters('publicNetworkAccess'))), parameters('publicNetworkAccess'), if(not(empty(parameters('privateEndpoints'))), 'Disabled', 'Enabled'))]", + "vnetContentShareEnabled": "[parameters('vnetContentShareEnabled')]", + "vnetImagePullEnabled": "[parameters('vnetImagePullEnabled')]", + "vnetRouteAllEnabled": "[parameters('vnetRouteAllEnabled')]", + "scmSiteAlsoStopped": "[parameters('scmSiteAlsoStopped')]" + } + }, + "app_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Web/sites/{0}', parameters('name'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", + "properties": { + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + }, + "dependsOn": [ + "app" + ] + }, + "app_diagnosticSettings": { + "copy": { + "name": "app_diagnosticSettings", + "count": "[length(coalesce(parameters('diagnosticSettings'), createArray()))]" + }, + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "scope": "[format('Microsoft.Web/sites/{0}', parameters('name'))]", + "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", + "properties": { + "storageAccountId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'storageAccountResourceId')]", + "workspaceId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'workspaceResourceId')]", + "eventHubAuthorizationRuleId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubAuthorizationRuleResourceId')]", + "eventHubName": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubName')]", + "metrics": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics', 'timeGrain', null(), 'enabled', true())))]", + "logs": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), createArray(createObject('categoryGroup', 'AllLogs', 'enabled', true())))]", + "marketplacePartnerId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'marketplacePartnerResourceId')]", + "logAnalyticsDestinationType": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logAnalyticsDestinationType')]" + }, + "dependsOn": [ + "app" + ] + }, + "app_roleAssignments": { + "copy": { + "name": "app_roleAssignments", + "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Web/sites/{0}', parameters('name'))]", + "name": "[guid(resourceId('Microsoft.Web/sites', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "properties": { + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", + "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", + "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", + "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]", + "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", + "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" + }, + "dependsOn": [ + "app" + ] + }, + "app_appsettings": { + "condition": "[not(empty(parameters('appSettingsKeyValuePairs')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Site-Config-AppSettings', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "appName": { + "value": "[parameters('name')]" + }, + "kind": { + "value": "[parameters('kind')]" + }, + "storageAccountResourceId": { + "value": "[parameters('storageAccountResourceId')]" + }, + "appInsightResourceId": { + "value": "[parameters('appInsightResourceId')]" + }, + "setAzureWebJobsDashboard": { + "value": "[parameters('setAzureWebJobsDashboard')]" + }, + "appSettingsKeyValuePairs": { + "value": "[parameters('appSettingsKeyValuePairs')]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "12140652943143922490" + }, + "name": "Site App Settings", + "description": "This module deploys a Site App Setting.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "appName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "functionapp", + "functionapp,linux", + "functionapp,workflowapp", + "functionapp,workflowapp,linux", + "app" + ], + "metadata": { + "description": "Required. Type of site to deploy." + } + }, + "storageAccountResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions." + } + }, + "appInsightResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the app insight to leverage for this resource." + } + }, + "setAzureWebJobsDashboard": { + "type": "bool", + "defaultValue": "[if(contains(parameters('kind'), 'functionapp'), true(), false())]", + "metadata": { + "description": "Optional. For function apps. If true the app settings \"AzureWebJobsDashboard\" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons." + } + }, + "appSettingsKeyValuePairs": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Web/sites/config", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}', parameters('appName'), 'appsettings')]", + "kind": "[parameters('kind')]", + "properties": "[union(parameters('appSettingsKeyValuePairs'), if(not(empty(parameters('storageAccountResourceId'))), union(createObject('AzureWebJobsStorage', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};', last(split(parameters('storageAccountResourceId'), '/')), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountResourceId'), '/')[2], split(parameters('storageAccountResourceId'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2023-01-01').keys[0].value)), if(equals(parameters('setAzureWebJobsDashboard'), true()), createObject('AzureWebJobsDashboard', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};', last(split(parameters('storageAccountResourceId'), '/')), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountResourceId'), '/')[2], split(parameters('storageAccountResourceId'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2023-01-01').keys[0].value)), createObject())), createObject()), if(not(empty(parameters('appInsightResourceId'))), createObject('APPINSIGHTS_INSTRUMENTATIONKEY', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('appInsightResourceId'), '/')[2], split(parameters('appInsightResourceId'), '/')[4]), 'Microsoft.Insights/components', last(split(parameters('appInsightResourceId'), '/'))), '2020-02-02').InstrumentationKey, 'APPLICATIONINSIGHTS_CONNECTION_STRING', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('appInsightResourceId'), '/')[2], split(parameters('appInsightResourceId'), '/')[4]), 'Microsoft.Insights/components', last(split(parameters('appInsightResourceId'), '/'))), '2020-02-02').ConnectionString), createObject()))]" + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the site config." + }, + "value": "appsettings" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the site config." + }, + "value": "[resourceId('Microsoft.Web/sites/config', parameters('appName'), 'appsettings')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the site config was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "app" + ] + }, + "app_authsettingsv2": { + "condition": "[not(empty(parameters('authSettingV2Configuration')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Site-Config-AuthSettingsV2', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "appName": { + "value": "[parameters('name')]" + }, + "kind": { + "value": "[parameters('kind')]" + }, + "authSettingV2Configuration": { + "value": "[parameters('authSettingV2Configuration')]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "1120403064106188130" + }, + "name": "Site Auth Settings V2 Config", + "description": "This module deploys a Site Auth Settings V2 Configuration.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "appName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "functionapp", + "functionapp,linux", + "functionapp,workflowapp", + "functionapp,workflowapp,linux", + "app" + ], + "metadata": { + "description": "Required. Type of site to deploy." + } + }, + "authSettingV2Configuration": { + "type": "object", + "metadata": { + "description": "Required. The auth settings V2 configuration." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Web/sites/config", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}', parameters('appName'), 'authsettingsV2')]", + "kind": "[parameters('kind')]", + "properties": "[parameters('authSettingV2Configuration')]" + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the site config." + }, + "value": "authsettingsV2" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the site config." + }, + "value": "[resourceId('Microsoft.Web/sites/config', parameters('appName'), 'authsettingsV2')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the site config was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "app" + ] + }, + "app_slots": { + "copy": { + "name": "app_slots", + "count": "[length(parameters('slots'))]", + "mode": "serial", + "batchSize": 1 + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Slot-{1}', uniqueString(deployment().name, parameters('location')), parameters('slots')[copyIndex()].name)]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('slots')[copyIndex()].name]" + }, + "appName": { + "value": "[parameters('name')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "kind": { + "value": "[parameters('kind')]" + }, + "serverFarmResourceId": { + "value": "[parameters('serverFarmResourceId')]" + }, + "httpsOnly": "[if(contains(parameters('slots')[copyIndex()], 'httpsOnly'), createObject('value', parameters('slots')[copyIndex()].httpsOnly), createObject('value', parameters('httpsOnly')))]", + "appServiceEnvironmentResourceId": "[if(not(empty(parameters('appServiceEnvironmentResourceId'))), createObject('value', parameters('appServiceEnvironmentResourceId')), createObject('value', ''))]", + "clientAffinityEnabled": "[if(contains(parameters('slots')[copyIndex()], 'clientAffinityEnabled'), createObject('value', parameters('slots')[copyIndex()].clientAffinityEnabled), createObject('value', parameters('clientAffinityEnabled')))]", + "managedIdentities": "[if(contains(parameters('slots')[copyIndex()], 'managedIdentities'), createObject('value', parameters('slots')[copyIndex()].managedIdentities), createObject('value', parameters('managedIdentities')))]", + "keyVaultAccessIdentityResourceId": "[if(contains(parameters('slots')[copyIndex()], 'keyVaultAccessIdentityResourceId'), createObject('value', parameters('slots')[copyIndex()].keyVaultAccessIdentityResourceId), createObject('value', parameters('keyVaultAccessIdentityResourceId')))]", + "storageAccountRequired": "[if(contains(parameters('slots')[copyIndex()], 'storageAccountRequired'), createObject('value', parameters('slots')[copyIndex()].storageAccountRequired), createObject('value', parameters('storageAccountRequired')))]", + "virtualNetworkSubnetId": "[if(contains(parameters('slots')[copyIndex()], 'virtualNetworkSubnetId'), createObject('value', parameters('slots')[copyIndex()].virtualNetworkSubnetId), createObject('value', parameters('virtualNetworkSubnetId')))]", + "siteConfig": "[if(contains(parameters('slots')[copyIndex()], 'siteConfig'), createObject('value', parameters('slots')[copyIndex()].siteConfig), createObject('value', parameters('siteConfig')))]", + "storageAccountResourceId": "[if(contains(parameters('slots')[copyIndex()], 'storageAccountResourceId'), createObject('value', parameters('slots')[copyIndex()].storageAccountResourceId), createObject('value', parameters('storageAccountResourceId')))]", + "appInsightResourceId": "[if(contains(parameters('slots')[copyIndex()], 'appInsightResourceId'), createObject('value', parameters('slots')[copyIndex()].appInsightResourceId), createObject('value', parameters('appInsightResourceId')))]", + "setAzureWebJobsDashboard": "[if(contains(parameters('slots')[copyIndex()], 'setAzureWebJobsDashboard'), createObject('value', parameters('slots')[copyIndex()].setAzureWebJobsDashboard), createObject('value', parameters('setAzureWebJobsDashboard')))]", + "authSettingV2Configuration": "[if(contains(parameters('slots')[copyIndex()], 'authSettingV2Configuration'), createObject('value', parameters('slots')[copyIndex()].authSettingV2Configuration), createObject('value', parameters('authSettingV2Configuration')))]", + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + }, + "diagnosticSettings": { + "value": "[tryGet(parameters('slots')[copyIndex()], 'diagnosticSettings')]" + }, + "roleAssignments": "[if(contains(parameters('slots')[copyIndex()], 'roleAssignments'), createObject('value', parameters('slots')[copyIndex()].roleAssignments), createObject('value', parameters('roleAssignments')))]", + "appSettingsKeyValuePairs": "[if(contains(parameters('slots')[copyIndex()], 'appSettingsKeyValuePairs'), createObject('value', parameters('slots')[copyIndex()].appSettingsKeyValuePairs), createObject('value', parameters('appSettingsKeyValuePairs')))]", + "lock": { + "value": "[coalesce(tryGet(parameters('slots')[copyIndex()], 'lock'), parameters('lock'))]" + }, + "privateEndpoints": "[if(contains(parameters('slots')[copyIndex()], 'privateEndpoints'), createObject('value', parameters('slots')[copyIndex()].privateEndpoints), createObject('value', parameters('privateEndpoints')))]", + "tags": { + "value": "[coalesce(tryGet(parameters('slots')[copyIndex()], 'tags'), parameters('tags'))]" + }, + "clientCertEnabled": "[if(contains(parameters('slots')[copyIndex()], 'clientCertEnabled'), createObject('value', parameters('slots')[copyIndex()].clientCertEnabled), createObject('value', false()))]", + "clientCertExclusionPaths": "[if(contains(parameters('slots')[copyIndex()], 'clientCertExclusionPaths'), createObject('value', parameters('slots')[copyIndex()].clientCertExclusionPaths), createObject('value', ''))]", + "clientCertMode": "[if(contains(parameters('slots')[copyIndex()], 'clientCertMode'), createObject('value', parameters('slots')[copyIndex()].clientCertMode), createObject('value', 'Optional'))]", + "cloningInfo": "[if(contains(parameters('slots')[copyIndex()], 'cloningInfo'), createObject('value', parameters('slots')[copyIndex()].cloningInfo), createObject('value', createObject()))]", + "containerSize": "[if(contains(parameters('slots')[copyIndex()], 'containerSize'), createObject('value', parameters('slots')[copyIndex()].containerSize), createObject('value', -1))]", + "customDomainVerificationId": "[if(contains(parameters('slots')[copyIndex()], 'customDomainVerificationId'), createObject('value', parameters('slots')[copyIndex()].customDomainVerificationId), createObject('value', ''))]", + "dailyMemoryTimeQuota": "[if(contains(parameters('slots')[copyIndex()], 'dailyMemoryTimeQuota'), createObject('value', parameters('slots')[copyIndex()].dailyMemoryTimeQuota), createObject('value', -1))]", + "enabled": "[if(contains(parameters('slots')[copyIndex()], 'enabled'), createObject('value', parameters('slots')[copyIndex()].enabled), createObject('value', true()))]", + "hostNameSslStates": "[if(contains(parameters('slots')[copyIndex()], 'hostNameSslStates'), createObject('value', parameters('slots')[copyIndex()].hostNameSslStates), createObject('value', createArray()))]", + "hyperV": "[if(contains(parameters('slots')[copyIndex()], 'hyperV'), createObject('value', parameters('slots')[copyIndex()].hyperV), createObject('value', false()))]", + "publicNetworkAccess": "[if(contains(parameters('slots')[copyIndex()], 'publicNetworkAccess'), createObject('value', parameters('slots')[copyIndex()].publicNetworkAccess), createObject('value', ''))]", + "redundancyMode": "[if(contains(parameters('slots')[copyIndex()], 'redundancyMode'), createObject('value', parameters('slots')[copyIndex()].redundancyMode), createObject('value', 'None'))]", + "vnetContentShareEnabled": "[if(contains(parameters('slots')[copyIndex()], 'vnetContentShareEnabled'), createObject('value', parameters('slots')[copyIndex()].vnetContentShareEnabled), createObject('value', false()))]", + "vnetImagePullEnabled": "[if(contains(parameters('slots')[copyIndex()], 'vnetImagePullEnabled'), createObject('value', parameters('slots')[copyIndex()].vnetImagePullEnabled), createObject('value', false()))]", + "vnetRouteAllEnabled": "[if(contains(parameters('slots')[copyIndex()], 'vnetRouteAllEnabled'), createObject('value', parameters('slots')[copyIndex()].vnetRouteAllEnabled), createObject('value', false()))]", + "hybridConnectionRelays": "[if(contains(parameters('slots')[copyIndex()], 'hybridConnectionRelays'), createObject('value', parameters('slots')[copyIndex()].hybridConnectionRelays), createObject('value', createArray()))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "842322474793993092" + }, + "name": "Web/Function App Deployment Slots", + "description": "This module deploys a Web or Function App Deployment Slot.", + "owner": "Azure/module-maintainers" + }, + "definitions": { + "managedIdentitiesType": { + "type": "object", + "properties": { + "systemAssigned": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enables system assigned managed identity on the resource." + } + }, + "userAssignedResourcesIds": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The resource ID(s) to assign to the resource." + } + } + }, + "nullable": true + }, + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + }, + "roleAssignmentType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." + } + } + } + }, + "nullable": true + }, + "privateEndpointType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the private endpoint." + } + }, + "location": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The location to deploy the private endpoint to." + } + }, + "service": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + } + }, + "subnetResourceId": { + "type": "string", + "metadata": { + "description": "Required. Resource ID of the subnet where the endpoint needs to be created." + } + }, + "privateDnsZoneGroupName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." + } + }, + "privateDnsZoneResourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." + } + }, + "customDnsConfigs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fqdn": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Required. Fqdn that resolves to private endpoint ip address." + } + }, + "ipAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. A list of private ip addresses of the private endpoint." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. Custom DNS configurations." + } + }, + "ipConfigurations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the resource that is unique within a resource group." + } + }, + "properties": { + "type": "object", + "properties": { + "groupId": { + "type": "string", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "memberName": { + "type": "string", + "metadata": { + "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "privateIPAddress": { + "type": "string", + "metadata": { + "description": "Required. A private ip address obtained from the private endpoint's subnet." + } + } + }, + "metadata": { + "description": "Required. Properties of private endpoint IP configurations." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." + } + }, + "applicationSecurityGroupResourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. Application security groups in which the private endpoint IP configuration is included." + } + }, + "customNetworkInterfaceName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The custom name of the network interface attached to the private endpoint." + } + }, + "lock": { + "$ref": "#/definitions/lockType", + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "$ref": "#/definitions/roleAssignmentType", + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." + } + }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, + "enableTelemetry": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + } + } + }, + "nullable": true + }, + "diagnosticSettingType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of diagnostic setting." + } + }, + "logCategoriesAndGroups": { + "type": "array", + "items": { + "type": "object", + "properties": { + "category": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here." + } + }, + "categoryGroup": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection." + } + }, + "metricCategories": { + "type": "array", + "items": { + "type": "object", + "properties": { + "category": { + "type": "string", + "metadata": { + "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection." + } + }, + "logAnalyticsDestinationType": { + "type": "string", + "allowedValues": [ + "AzureDiagnostics", + "Dedicated" + ], + "nullable": true, + "metadata": { + "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type." + } + }, + "workspaceResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "storageAccountResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "eventHubAuthorizationRuleResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." + } + }, + "eventHubName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "marketplacePartnerResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs." + } + } + } + }, + "nullable": true + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the slot." + } + }, + "appName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "functionapp", + "functionapp,linux", + "functionapp,workflowapp", + "functionapp,workflowapp,linux", + "app" + ], + "metadata": { + "description": "Required. Type of slot to deploy." + } + }, + "serverFarmResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The resource ID of the app service plan to use for the slot." + } + }, + "httpsOnly": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Configures a slot to accept only HTTPS requests. Issues redirect for HTTP requests." + } + }, + "clientAffinityEnabled": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. If client affinity is enabled." + } + }, + "appServiceEnvironmentResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The resource ID of the app service environment to use for this resource." + } + }, + "managedIdentities": { + "$ref": "#/definitions/managedIdentitiesType", + "metadata": { + "description": "Optional. The managed identity definition for this resource." + } + }, + "keyVaultAccessIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The resource ID of the assigned identity to be used to access a key vault with." + } + }, + "storageAccountRequired": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Checks if Customer provided storage account is required." + } + }, + "virtualNetworkSubnetId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}." + } + }, + "siteConfig": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. The site config object." + } + }, + "storageAccountResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions." + } + }, + "appInsightResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the app insight to leverage for this resource." + } + }, + "setAzureWebJobsDashboard": { + "type": "bool", + "defaultValue": "[if(contains(parameters('kind'), 'functionapp'), true(), false())]", + "metadata": { + "description": "Optional. For function apps. If true the app settings \"AzureWebJobsDashboard\" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons." + } + }, + "appSettingsKeyValuePairs": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING." + } + }, + "authSettingV2Configuration": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. The auth settings V2 configuration." + } + }, + "lock": { + "$ref": "#/definitions/lockType", + "metadata": { + "description": "Optional. The lock settings of the service." + } + }, + "privateEndpoints": { + "$ref": "#/definitions/privateEndpointType", + "metadata": { + "description": "Optional. Configuration details for private endpoints." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)." + } + }, + "roleAssignments": { + "$ref": "#/definitions/roleAssignmentType", + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "diagnosticSettings": { + "$ref": "#/definitions/diagnosticSettingType", + "metadata": { + "description": "Optional. The diagnostic settings of the service." + } + }, + "clientCertEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. To enable client certificate authentication (TLS mutual authentication)." + } + }, + "clientCertExclusionPaths": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Client certificate authentication comma-separated exclusion paths." + } + }, + "clientCertMode": { + "type": "string", + "defaultValue": "Optional", + "allowedValues": [ + "Optional", + "OptionalInteractiveUser", + "Required" + ], + "metadata": { + "description": "Optional. This composes with ClientCertEnabled setting.- ClientCertEnabled: false means ClientCert is ignored.- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted." + } + }, + "cloningInfo": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. If specified during app creation, the app is cloned from a source app." + } + }, + "containerSize": { + "type": "int", + "defaultValue": -1, + "metadata": { + "description": "Optional. Size of the function container." + } + }, + "customDomainVerificationId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification." + } + }, + "dailyMemoryTimeQuota": { + "type": "int", + "defaultValue": -1, + "metadata": { + "description": "Optional. Maximum allowed daily memory-time quota (applicable on dynamic apps only)." + } + }, + "enabled": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Setting this value to false disables the app (takes the app offline)." + } + }, + "hostNameSslStates": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Hostname SSL states are used to manage the SSL bindings for app's hostnames." + } + }, + "hyperV": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Hyper-V sandbox." + } + }, + "publicNetworkAccess": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "Enabled", + "Disabled", + "" + ], + "metadata": { + "description": "Optional. Allow or block all public traffic." + } + }, + "redundancyMode": { + "type": "string", + "defaultValue": "None", + "allowedValues": [ + "ActiveActive", + "Failover", + "GeoRedundant", + "Manual", + "None" + ], + "metadata": { + "description": "Optional. Site redundancy mode." + } + }, + "vnetContentShareEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. To enable accessing content over virtual network." + } + }, + "vnetImagePullEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. To enable pulling image over Virtual Network." + } + }, + "vnetRouteAllEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied." + } + }, + "hybridConnectionRelays": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Names of hybrid connection relays to connect app with." + } + } + }, + "variables": { + "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", + "enableReferencedModulesTelemetry": false, + "builtInRoleNames": { + "App Compliance Automation Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f37683f-2463-46b6-9ce7-9b788b988ba2')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Web Plan Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b')]", + "Website Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772')]" + } + }, + "resources": { + "app": { + "existing": true, + "type": "Microsoft.Web/sites", + "apiVersion": "2021-03-01", + "name": "[parameters('appName')]" + }, + "defaultTelemetry": { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + "slot": { + "type": "Microsoft.Web/sites/slots", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}', parameters('appName'), parameters('name'))]", + "location": "[parameters('location')]", + "kind": "[parameters('kind')]", + "tags": "[parameters('tags')]", + "identity": "[variables('identity')]", + "properties": { + "serverFarmId": "[parameters('serverFarmResourceId')]", + "clientAffinityEnabled": "[parameters('clientAffinityEnabled')]", + "httpsOnly": "[parameters('httpsOnly')]", + "hostingEnvironmentProfile": "[if(not(empty(parameters('appServiceEnvironmentResourceId'))), createObject('id', parameters('appServiceEnvironmentResourceId')), null())]", + "storageAccountRequired": "[parameters('storageAccountRequired')]", + "keyVaultReferenceIdentity": "[if(not(empty(parameters('keyVaultAccessIdentityResourceId'))), parameters('keyVaultAccessIdentityResourceId'), null())]", + "virtualNetworkSubnetId": "[if(not(empty(parameters('virtualNetworkSubnetId'))), parameters('virtualNetworkSubnetId'), null())]", + "siteConfig": "[parameters('siteConfig')]", + "clientCertEnabled": "[parameters('clientCertEnabled')]", + "clientCertExclusionPaths": "[if(not(empty(parameters('clientCertExclusionPaths'))), parameters('clientCertExclusionPaths'), null())]", + "clientCertMode": "[parameters('clientCertMode')]", + "cloningInfo": "[if(not(empty(parameters('cloningInfo'))), parameters('cloningInfo'), null())]", + "containerSize": "[if(not(equals(parameters('containerSize'), -1)), parameters('containerSize'), null())]", + "customDomainVerificationId": "[if(not(empty(parameters('customDomainVerificationId'))), parameters('customDomainVerificationId'), null())]", + "dailyMemoryTimeQuota": "[if(not(equals(parameters('dailyMemoryTimeQuota'), -1)), parameters('dailyMemoryTimeQuota'), null())]", + "enabled": "[parameters('enabled')]", + "hostNameSslStates": "[parameters('hostNameSslStates')]", + "hyperV": "[parameters('hyperV')]", + "publicNetworkAccess": "[parameters('publicNetworkAccess')]", + "redundancyMode": "[parameters('redundancyMode')]", + "vnetContentShareEnabled": "[parameters('vnetContentShareEnabled')]", + "vnetImagePullEnabled": "[parameters('vnetImagePullEnabled')]", + "vnetRouteAllEnabled": "[parameters('vnetRouteAllEnabled')]" + }, + "dependsOn": [ + "app" + ] + }, + "slot_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Web/sites/{0}/slots/{1}', parameters('appName'), parameters('name'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", + "properties": { + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + }, + "dependsOn": [ + "slot" + ] + }, + "slot_diagnosticSettings": { + "copy": { + "name": "slot_diagnosticSettings", + "count": "[length(coalesce(parameters('diagnosticSettings'), createArray()))]" + }, + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "scope": "[format('Microsoft.Web/sites/{0}/slots/{1}', parameters('appName'), parameters('name'))]", + "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", + "properties": { + "storageAccountId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'storageAccountResourceId')]", + "workspaceId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'workspaceResourceId')]", + "eventHubAuthorizationRuleId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubAuthorizationRuleResourceId')]", + "eventHubName": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubName')]", + "metrics": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics', 'timeGrain', null(), 'enabled', true())))]", + "logs": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), createArray(createObject('categoryGroup', 'AllLogs', 'enabled', true())))]", + "marketplacePartnerId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'marketplacePartnerResourceId')]", + "logAnalyticsDestinationType": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logAnalyticsDestinationType')]" + }, + "dependsOn": [ + "slot" + ] + }, + "slot_roleAssignments": { + "copy": { + "name": "slot_roleAssignments", + "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Web/sites/{0}/slots/{1}', parameters('appName'), parameters('name'))]", + "name": "[guid(resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "properties": { + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", + "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", + "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", + "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]", + "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", + "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" + }, + "dependsOn": [ + "slot" + ] + }, + "slot_appsettings": { + "condition": "[not(empty(parameters('appSettingsKeyValuePairs')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Slot-{1}-Config-AppSettings', uniqueString(deployment().name, parameters('location')), parameters('name'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "slotName": { + "value": "[parameters('name')]" + }, + "appName": { + "value": "[parameters('appName')]" + }, + "kind": { + "value": "[parameters('kind')]" + }, + "storageAccountResourceId": { + "value": "[parameters('storageAccountResourceId')]" + }, + "appInsightResourceId": { + "value": "[parameters('appInsightResourceId')]" + }, + "setAzureWebJobsDashboard": { + "value": "[parameters('setAzureWebJobsDashboard')]" + }, + "appSettingsKeyValuePairs": { + "value": "[parameters('appSettingsKeyValuePairs')]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "13223616826795830599" + }, + "name": "Site Slot App Settings", + "description": "This module deploys a Site Slot App Setting.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "slotName": { + "type": "string", + "metadata": { + "description": "Required. Slot name to be configured." + } + }, + "appName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "functionapp", + "functionapp,linux", + "functionapp,workflowapp", + "functionapp,workflowapp,linux", + "app" + ], + "metadata": { + "description": "Required. Type of slot to deploy." + } + }, + "storageAccountResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions." + } + }, + "appInsightResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the app insight to leverage for this resource." + } + }, + "setAzureWebJobsDashboard": { + "type": "bool", + "defaultValue": "[if(contains(parameters('kind'), 'functionapp'), true(), false())]", + "metadata": { + "description": "Optional. For function apps. If true the app settings \"AzureWebJobsDashboard\" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons." + } + }, + "appSettingsKeyValuePairs": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Web/sites/slots/config", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}/{2}', parameters('appName'), parameters('slotName'), 'appsettings')]", + "kind": "[parameters('kind')]", + "properties": "[union(parameters('appSettingsKeyValuePairs'), if(not(empty(parameters('storageAccountResourceId'))), union(createObject('AzureWebJobsStorage', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};', last(split(parameters('storageAccountResourceId'), '/')), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountResourceId'), '/')[2], split(parameters('storageAccountResourceId'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2023-01-01').keys[0].value)), if(equals(parameters('setAzureWebJobsDashboard'), true()), createObject('AzureWebJobsDashboard', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};', last(split(parameters('storageAccountResourceId'), '/')), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountResourceId'), '/')[2], split(parameters('storageAccountResourceId'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2023-01-01').keys[0].value)), createObject())), createObject()), if(not(empty(parameters('appInsightResourceId'))), createObject('APPINSIGHTS_INSTRUMENTATIONKEY', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('appInsightResourceId'), '/')[2], split(parameters('appInsightResourceId'), '/')[4]), 'Microsoft.Insights/components', last(split(parameters('appInsightResourceId'), '/'))), '2020-02-02').InstrumentationKey, 'APPLICATIONINSIGHTS_CONNECTION_STRING', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('appInsightResourceId'), '/')[2], split(parameters('appInsightResourceId'), '/')[4]), 'Microsoft.Insights/components', last(split(parameters('appInsightResourceId'), '/'))), '2020-02-02').ConnectionString), createObject()))]" + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the slot config." + }, + "value": "appsettings" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the slot config." + }, + "value": "[resourceId('Microsoft.Web/sites/slots/config', parameters('appName'), parameters('slotName'), 'appsettings')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the slot config was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "app", + "slot" + ] + }, + "slot_authsettingsv2": { + "condition": "[not(empty(parameters('authSettingV2Configuration')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Slot-{1}-Config-AuthSettingsV2', uniqueString(deployment().name, parameters('location')), parameters('name'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "slotName": { + "value": "[parameters('name')]" + }, + "appName": { + "value": "[parameters('appName')]" + }, + "kind": { + "value": "[parameters('kind')]" + }, + "authSettingV2Configuration": { + "value": "[parameters('authSettingV2Configuration')]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "16157844933162881953" + }, + "name": "Site Slot Auth Settings V2 Config", + "description": "This module deploys a Site Auth Settings V2 Configuration.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "appName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." + } + }, + "slotName": { + "type": "string", + "metadata": { + "description": "Required. Slot name to be configured." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "functionapp", + "functionapp,linux", + "functionapp,workflowapp", + "functionapp,workflowapp,linux", + "app" + ], + "metadata": { + "description": "Required. Type of slot to deploy." + } + }, + "authSettingV2Configuration": { + "type": "object", + "metadata": { + "description": "Required. The auth settings V2 configuration." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Web/sites/slots/config", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}/{2}', parameters('appName'), parameters('slotName'), 'authsettingsV2')]", + "kind": "[parameters('kind')]", + "properties": "[parameters('authSettingV2Configuration')]" + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the slot config." + }, + "value": "authsettingsV2" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the slot config." + }, + "value": "[resourceId('Microsoft.Web/sites/slots/config', parameters('appName'), parameters('slotName'), 'authsettingsV2')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the slot config was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "app", + "slot" + ] + }, + "slot_hybridConnectionRelays": { + "copy": { + "name": "slot_hybridConnectionRelays", + "count": "[length(parameters('hybridConnectionRelays'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Slot-HybridConnectionRelay-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "hybridConnectionResourceId": { + "value": "[parameters('hybridConnectionRelays')[copyIndex()].resourceId]" + }, + "appName": { + "value": "[parameters('appName')]" + }, + "slotName": { + "value": "[parameters('name')]" + }, + "sendKeyName": "[if(contains(parameters('hybridConnectionRelays')[copyIndex()], 'sendKeyName'), createObject('value', parameters('hybridConnectionRelays')[copyIndex()].sendKeyName), createObject('value', null()))]", + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "11888981629758921842" + }, + "name": "Web/Function Apps Slot Hybrid Connection Relay", + "description": "This module deploys a Site Slot Hybrid Connection Namespace Relay.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "hybridConnectionResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the relay namespace hybrid connection." + } + }, + "slotName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the site slot. Required if the template is used in a standalone deployment." + } + }, + "appName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent web site. Required if the template is used in a standalone deployment." + } + }, + "sendKeyName": { + "type": "string", + "defaultValue": "defaultSender", + "metadata": { + "description": "Optional. Name of the authorization rule send key to use." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]", + "properties": { + "serviceBusNamespace": "[split(parameters('hybridConnectionResourceId'), '/')[8]]", + "serviceBusSuffix": "[split(substring(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces', split(parameters('hybridConnectionResourceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, indexOf(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces', split(parameters('hybridConnectionResourceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, '.servicebus')), ':')[0]]", + "relayName": "[split(parameters('hybridConnectionResourceId'), '/')[10]]", + "relayArmUri": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]", + "hostname": "[split(json(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '2021-11-01').userMetadata)[0].value, ':')[0]]", + "port": "[int(split(json(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '2021-11-01').userMetadata)[0].value, ':')[1])]", + "sendKeyName": "[parameters('sendKeyName')]", + "sendKeyValue": "[listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections/authorizationRules', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10], parameters('sendKeyName')), '2021-11-01').primaryKey]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the hybrid connection relay.." + }, + "value": "[format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the hybrid connection relay." + }, + "value": "[resourceId('Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays', split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[0], split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[1], split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[2], split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[3])]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the resource was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "app", + "slot" + ] + }, + "slot_privateEndpoints": { + "copy": { + "name": "slot_privateEndpoints", + "count": "[length(coalesce(parameters('privateEndpoints'), createArray()))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-app-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "groupIds": { + "value": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites')]" + ] + }, + "name": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites'), copyIndex()))]" + }, + "serviceResourceId": { + "value": "[resourceId('Microsoft.Web/sites', parameters('appName'))]" + }, + "subnetResourceId": { + "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" + }, + "enableDefaultTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableDefaultTelemetry'), variables('enableReferencedModulesTelemetry'))]" + }, + "location": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" + }, + "lock": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'lock'), parameters('lock'))]" + }, + "privateDnsZoneGroupName": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroupName')]" + }, + "privateDnsZoneResourceIds": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneResourceIds')]" + }, + "roleAssignments": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'roleAssignments')]" + }, + "tags": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" + }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, + "customDnsConfigs": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" + }, + "ipConfigurations": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'ipConfigurations')]" + }, + "applicationSecurityGroupResourceIds": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'applicationSecurityGroupResourceIds')]" + }, + "customNetworkInterfaceName": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "12078057657290521609" + }, + "name": "Private Endpoints", + "description": "This module deploys a Private Endpoint.", + "owner": "Azure/module-maintainers" + }, + "definitions": { + "roleAssignmentType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." + } + } + } + }, + "nullable": true + }, + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + }, + "ipConfigurationsType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the resource that is unique within a resource group." + } + }, + "properties": { + "type": "object", + "properties": { + "groupId": { + "type": "string", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "memberName": { + "type": "string", + "metadata": { + "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "privateIPAddress": { + "type": "string", + "metadata": { + "description": "Required. A private ip address obtained from the private endpoint's subnet." + } + } + }, + "metadata": { + "description": "Required. Properties of private endpoint IP configurations." + } + } + } + }, + "nullable": true + }, + "customDnsConfigType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fqdn": { + "type": "string", + "metadata": { + "description": "Required. Fqdn that resolves to private endpoint ip address." + } + }, + "ipAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. A list of private ip addresses of the private endpoint." + } + } + } + }, + "nullable": true + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the private endpoint resource to create." + } + }, + "subnetResourceId": { + "type": "string", + "metadata": { + "description": "Required. Resource ID of the subnet where the endpoint needs to be created." + } + }, + "serviceResourceId": { + "type": "string", + "metadata": { + "description": "Required. Resource ID of the resource that needs to be connected to the network." + } + }, + "applicationSecurityGroupResourceIds": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Application security groups in which the private endpoint IP configuration is included." + } + }, + "customNetworkInterfaceName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The custom name of the network interface attached to the private endpoint." + } + }, + "ipConfigurations": { + "$ref": "#/definitions/ipConfigurationsType", + "nullable": true, + "metadata": { + "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." + } + }, + "groupIds": { + "type": "array", + "metadata": { + "description": "Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to." + } + }, + "privateDnsZoneGroupName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." + } + }, + "privateDnsZoneResourceIds": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "lock": { + "$ref": "#/definitions/lockType", + "metadata": { + "description": "Optional. The lock settings of the service." + } + }, + "roleAssignments": { + "$ref": "#/definitions/roleAssignmentType", + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." + } + }, + "customDnsConfigs": { + "$ref": "#/definitions/customDnsConfigType", + "nullable": true, + "metadata": { + "description": "Optional. Custom DNS configurations." + } + }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + } + }, + "variables": { + "enableReferencedModulesTelemetry": false, + "builtInRoleNames": { + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", + "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", + "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", + "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", + "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]" + } + }, + "resources": { + "defaultTelemetry": { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + "privateEndpoint": { + "type": "Microsoft.Network/privateEndpoints", + "apiVersion": "2023-04-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "copy": [ + { + "name": "applicationSecurityGroups", + "count": "[length(coalesce(parameters('applicationSecurityGroupResourceIds'), createArray()))]", + "input": { + "id": "[coalesce(parameters('applicationSecurityGroupResourceIds'), createArray())[copyIndex('applicationSecurityGroups')]]" + } + } + ], + "customDnsConfigs": "[parameters('customDnsConfigs')]", + "customNetworkInterfaceName": "[coalesce(parameters('customNetworkInterfaceName'), '')]", + "ipConfigurations": "[coalesce(parameters('ipConfigurations'), createArray())]", + "manualPrivateLinkServiceConnections": "[coalesce(parameters('manualPrivateLinkServiceConnections'), createArray())]", + "privateLinkServiceConnections": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[parameters('serviceResourceId')]", + "groupIds": "[parameters('groupIds')]" + } + } + ], + "subnet": { + "id": "[parameters('subnetResourceId')]" + } + } + }, + "privateEndpoint_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", + "properties": { + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + }, + "dependsOn": [ + "privateEndpoint" + ] + }, + "privateEndpoint_roleAssignments": { + "copy": { + "name": "privateEndpoint_roleAssignments", + "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "name": "[guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "properties": { + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", + "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", + "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", + "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]", + "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", + "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" + }, + "dependsOn": [ + "privateEndpoint" + ] + }, + "privateEndpoint_privateDnsZoneGroup": { + "condition": "[not(empty(parameters('privateDnsZoneResourceIds')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-PrivateEndpoint-PrivateDnsZoneGroup', uniqueString(deployment().name))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[coalesce(parameters('privateDnsZoneGroupName'), 'default')]" + }, + "privateDNSResourceIds": { + "value": "[coalesce(parameters('privateDnsZoneResourceIds'), createArray())]" + }, + "privateEndpointName": { + "value": "[parameters('name')]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "16391702514342252839" + }, + "name": "Private Endpoint Private DNS Zone Groups", + "description": "This module deploys a Private Endpoint Private DNS Zone Group.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "privateEndpointName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent private endpoint. Required if the template is used in a standalone deployment." + } + }, + "privateDNSResourceIds": { + "type": "array", + "minLength": 1, + "maxLength": 5, + "metadata": { + "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." + } + }, + "name": { + "type": "string", + "defaultValue": "default", + "metadata": { + "description": "Optional. The name of the private DNS zone group." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + } + }, + "variables": { + "copy": [ + { + "name": "privateDnsZoneConfigs", + "count": "[length(parameters('privateDNSResourceIds'))]", + "input": { + "name": "[last(split(parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')], '/'))]", + "properties": { + "privateDnsZoneId": "[parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')]]" + } + } + } + ] + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", + "apiVersion": "2023-04-01", + "name": "[format('{0}/{1}', parameters('privateEndpointName'), parameters('name'))]", + "properties": { + "privateDnsZoneConfigs": "[variables('privateDnsZoneConfigs')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the private endpoint DNS zone group." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the private endpoint DNS zone group." + }, + "value": "[resourceId('Microsoft.Network/privateEndpoints/privateDnsZoneGroups', parameters('privateEndpointName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the private endpoint DNS zone group was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "privateEndpoint" + ] + } + }, + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the private endpoint was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the private endpoint." + }, + "value": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the private endpoint." + }, + "value": "[parameters('name')]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "app" + ] + } + }, + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the slot." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the slot." + }, + "value": "[resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the slot was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "systemAssignedMIPrincipalId": { + "type": "string", + "metadata": { + "description": "The principal ID of the system assigned identity." + }, + "value": "[if(and(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), contains(reference('slot', '2022-09-01', 'full').identity, 'principalId')), reference('slot', '2022-09-01', 'full').identity.principalId, '')]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference('slot', '2022-09-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "app" + ] + }, + "app_basicPublishingCredentialsPolicies": { + "copy": { + "name": "app_basicPublishingCredentialsPolicies", + "count": "[length(parameters('basicPublishingCredentialsPolicies'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Site-Publis-Cred-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "webAppName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "[parameters('basicPublishingCredentialsPolicies')[copyIndex()].name]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "5305729672150633375" + }, + "name": "Web Site Basic Publishing Credentials Policies", + "description": "This module deploys a Web Site Basic Publishing Credentials Policy.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "allowedValues": [ + "scm", + "ftp" + ], + "metadata": { + "description": "Required. The name of the resource." + } + }, + "webAppName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent web site. Required if the template is used in a standalone deployment." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Web/sites/basicPublishingCredentialsPolicies", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}', parameters('webAppName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "allow": true + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the basic publishing credential policy." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the basic publishing credential policy." + }, + "value": "[resourceId('Microsoft.Web/sites/basicPublishingCredentialsPolicies', parameters('webAppName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the basic publishing credential policy was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Web/sites/basicPublishingCredentialsPolicies', parameters('webAppName'), parameters('name')), '2022-09-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "app" + ] + }, + "app_hybridConnectionRelays": { + "copy": { + "name": "app_hybridConnectionRelays", + "count": "[length(parameters('hybridConnectionRelays'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-HybridConnectionRelay-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "hybridConnectionResourceId": { + "value": "[parameters('hybridConnectionRelays')[copyIndex()].resourceId]" + }, + "appName": { + "value": "[parameters('name')]" + }, + "sendKeyName": "[if(contains(parameters('hybridConnectionRelays')[copyIndex()], 'sendKeyName'), createObject('value', parameters('hybridConnectionRelays')[copyIndex()].sendKeyName), createObject('value', null()))]", + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "10458383238656360850" + }, + "name": "Web/Function Apps Hybrid Connection Relay", + "description": "This module deploys a Site Hybrid Connection Namespace Relay.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "hybridConnectionResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the relay namespace hybrid connection." + } + }, + "appName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent web site. Required if the template is used in a standalone deployment." + } + }, + "sendKeyName": { + "type": "string", + "defaultValue": "defaultSender", + "metadata": { + "description": "Optional. Name of the authorization rule send key to use." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Web/sites/hybridConnectionNamespaces/relays", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}/{2}', parameters('appName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]", + "properties": { + "serviceBusNamespace": "[split(parameters('hybridConnectionResourceId'), '/')[8]]", + "serviceBusSuffix": "[split(substring(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces', split(parameters('hybridConnectionResourceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, indexOf(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces', split(parameters('hybridConnectionResourceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, '.servicebus')), ':')[0]]", + "relayName": "[split(parameters('hybridConnectionResourceId'), '/')[10]]", + "relayArmUri": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]", + "hostname": "[split(json(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '2021-11-01').userMetadata)[0].value, ':')[0]]", + "port": "[int(split(json(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '2021-11-01').userMetadata)[0].value, ':')[1])]", + "sendKeyName": "[parameters('sendKeyName')]", + "sendKeyValue": "[listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections/authorizationRules', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10], parameters('sendKeyName')), '2021-11-01').primaryKey]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the hybrid connection relay.." + }, + "value": "[format('{0}/{1}/{2}', parameters('appName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the hybrid connection relay." + }, + "value": "[resourceId('Microsoft.Web/sites/hybridConnectionNamespaces/relays', split(format('{0}/{1}/{2}', parameters('appName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[0], split(format('{0}/{1}/{2}', parameters('appName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[1], split(format('{0}/{1}/{2}', parameters('appName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[2])]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the resource was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "app" + ] + }, + "app_privateEndpoints": { + "copy": { + "name": "app_privateEndpoints", + "count": "[length(coalesce(parameters('privateEndpoints'), createArray()))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-app-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "groupIds": { + "value": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites')]" + ] + }, + "name": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites'), copyIndex()))]" + }, + "serviceResourceId": { + "value": "[resourceId('Microsoft.Web/sites', parameters('name'))]" + }, + "subnetResourceId": { + "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" + }, + "enableDefaultTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableDefaultTelemetry'), variables('enableReferencedModulesTelemetry'))]" + }, + "location": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" + }, + "lock": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'lock'), parameters('lock'))]" + }, + "privateDnsZoneGroupName": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroupName')]" + }, + "privateDnsZoneResourceIds": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneResourceIds')]" + }, + "roleAssignments": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'roleAssignments')]" + }, + "tags": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" + }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, + "customDnsConfigs": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" + }, + "ipConfigurations": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'ipConfigurations')]" + }, + "applicationSecurityGroupResourceIds": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'applicationSecurityGroupResourceIds')]" + }, + "customNetworkInterfaceName": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "12078057657290521609" + }, + "name": "Private Endpoints", + "description": "This module deploys a Private Endpoint.", + "owner": "Azure/module-maintainers" + }, + "definitions": { + "roleAssignmentType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." + } + } + } + }, + "nullable": true + }, + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + }, + "ipConfigurationsType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the resource that is unique within a resource group." + } + }, + "properties": { + "type": "object", + "properties": { + "groupId": { + "type": "string", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "memberName": { + "type": "string", + "metadata": { + "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "privateIPAddress": { + "type": "string", + "metadata": { + "description": "Required. A private ip address obtained from the private endpoint's subnet." + } + } + }, + "metadata": { + "description": "Required. Properties of private endpoint IP configurations." + } + } + } + }, + "nullable": true + }, + "customDnsConfigType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fqdn": { + "type": "string", + "metadata": { + "description": "Required. Fqdn that resolves to private endpoint ip address." + } + }, + "ipAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. A list of private ip addresses of the private endpoint." + } + } + } + }, + "nullable": true + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the private endpoint resource to create." + } + }, + "subnetResourceId": { + "type": "string", + "metadata": { + "description": "Required. Resource ID of the subnet where the endpoint needs to be created." + } + }, + "serviceResourceId": { + "type": "string", + "metadata": { + "description": "Required. Resource ID of the resource that needs to be connected to the network." + } + }, + "applicationSecurityGroupResourceIds": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Application security groups in which the private endpoint IP configuration is included." + } + }, + "customNetworkInterfaceName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The custom name of the network interface attached to the private endpoint." + } + }, + "ipConfigurations": { + "$ref": "#/definitions/ipConfigurationsType", + "nullable": true, + "metadata": { + "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." + } + }, + "groupIds": { + "type": "array", + "metadata": { + "description": "Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to." + } + }, + "privateDnsZoneGroupName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." + } + }, + "privateDnsZoneResourceIds": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "lock": { + "$ref": "#/definitions/lockType", + "metadata": { + "description": "Optional. The lock settings of the service." + } + }, + "roleAssignments": { + "$ref": "#/definitions/roleAssignmentType", + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." + } + }, + "customDnsConfigs": { + "$ref": "#/definitions/customDnsConfigType", + "nullable": true, + "metadata": { + "description": "Optional. Custom DNS configurations." + } + }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + } + }, + "variables": { + "enableReferencedModulesTelemetry": false, + "builtInRoleNames": { + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", + "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", + "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", + "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", + "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]" + } + }, + "resources": { + "defaultTelemetry": { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + "privateEndpoint": { + "type": "Microsoft.Network/privateEndpoints", + "apiVersion": "2023-04-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "copy": [ + { + "name": "applicationSecurityGroups", + "count": "[length(coalesce(parameters('applicationSecurityGroupResourceIds'), createArray()))]", + "input": { + "id": "[coalesce(parameters('applicationSecurityGroupResourceIds'), createArray())[copyIndex('applicationSecurityGroups')]]" + } + } + ], + "customDnsConfigs": "[parameters('customDnsConfigs')]", + "customNetworkInterfaceName": "[coalesce(parameters('customNetworkInterfaceName'), '')]", + "ipConfigurations": "[coalesce(parameters('ipConfigurations'), createArray())]", + "manualPrivateLinkServiceConnections": "[coalesce(parameters('manualPrivateLinkServiceConnections'), createArray())]", + "privateLinkServiceConnections": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[parameters('serviceResourceId')]", + "groupIds": "[parameters('groupIds')]" + } + } + ], + "subnet": { + "id": "[parameters('subnetResourceId')]" + } + } + }, + "privateEndpoint_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", + "properties": { + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + }, + "dependsOn": [ + "privateEndpoint" + ] + }, + "privateEndpoint_roleAssignments": { + "copy": { + "name": "privateEndpoint_roleAssignments", + "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "name": "[guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "properties": { + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", + "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", + "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", + "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]", + "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", + "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" + }, + "dependsOn": [ + "privateEndpoint" + ] + }, + "privateEndpoint_privateDnsZoneGroup": { + "condition": "[not(empty(parameters('privateDnsZoneResourceIds')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-PrivateEndpoint-PrivateDnsZoneGroup', uniqueString(deployment().name))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[coalesce(parameters('privateDnsZoneGroupName'), 'default')]" + }, + "privateDNSResourceIds": { + "value": "[coalesce(parameters('privateDnsZoneResourceIds'), createArray())]" + }, + "privateEndpointName": { + "value": "[parameters('name')]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "16391702514342252839" + }, + "name": "Private Endpoint Private DNS Zone Groups", + "description": "This module deploys a Private Endpoint Private DNS Zone Group.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "privateEndpointName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent private endpoint. Required if the template is used in a standalone deployment." + } + }, + "privateDNSResourceIds": { + "type": "array", + "minLength": 1, + "maxLength": 5, + "metadata": { + "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." + } + }, + "name": { + "type": "string", + "defaultValue": "default", + "metadata": { + "description": "Optional. The name of the private DNS zone group." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + } + }, + "variables": { + "copy": [ + { + "name": "privateDnsZoneConfigs", + "count": "[length(parameters('privateDNSResourceIds'))]", + "input": { + "name": "[last(split(parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')], '/'))]", + "properties": { + "privateDnsZoneId": "[parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')]]" + } + } + } + ] + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", + "apiVersion": "2023-04-01", + "name": "[format('{0}/{1}', parameters('privateEndpointName'), parameters('name'))]", + "properties": { + "privateDnsZoneConfigs": "[variables('privateDnsZoneConfigs')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the private endpoint DNS zone group." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the private endpoint DNS zone group." + }, + "value": "[resourceId('Microsoft.Network/privateEndpoints/privateDnsZoneGroups', parameters('privateEndpointName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the private endpoint DNS zone group was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "privateEndpoint" + ] + } + }, + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the private endpoint was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the private endpoint." + }, + "value": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the private endpoint." + }, + "value": "[parameters('name')]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "app" + ] + } + }, + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the site." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the site." + }, + "value": "[resourceId('Microsoft.Web/sites', parameters('name'))]" + }, + "slots": { + "type": "array", + "metadata": { + "description": "The list of the slots." + }, + "copy": { + "count": "[length(parameters('slots'))]", + "input": "[format('{0}-Slot-{1}', uniqueString(deployment().name, parameters('location')), parameters('slots')[copyIndex()].name)]" + } + }, + "slotResourceIds": { + "type": "array", + "metadata": { + "description": "The list of the slot resource ids." + }, + "copy": { + "count": "[length(parameters('slots'))]", + "input": "[reference(format('app_slots[{0}]', copyIndex())).outputs.resourceId.value]" + } + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the site was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "systemAssignedMIPrincipalId": { + "type": "string", + "metadata": { + "description": "The principal ID of the system assigned identity." + }, + "value": "[if(and(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), contains(reference('app', '2022-09-01', 'full').identity, 'principalId')), reference('app', '2022-09-01', 'full').identity.principalId, '')]" + }, + "slotSystemAssignedPrincipalIds": { + "type": "array", + "metadata": { + "description": "The principal ID of the system assigned identity of slots." + }, + "copy": { + "count": "[length(parameters('slots'))]", + "input": "[reference(format('app_slots[{0}]', copyIndex())).outputs.systemAssignedMIPrincipalId.value]" + } + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference('app', '2022-09-01', 'full').location]" + }, + "defaultHostname": { + "type": "string", + "metadata": { + "description": "Default hostname of the app." + }, + "value": "[reference('app').defaultHostName]" + } + } +} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/README.md b/bicep-examples/dependencies/modules/webApp/site/slot/README.md new file mode 100644 index 0000000..e929296 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/slot/README.md @@ -0,0 +1,851 @@ +# Web/Function App Deployment Slots `[Microsoft.Web/sites/slots]` + +This module deploys a Web or Function App Deployment Slot. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) +- [Notes](#Notes) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | +| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | +| `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | +| `Microsoft.Web/sites/slots` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites/slots) | +| `Microsoft.Web/sites/slots/config` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) | +| `Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites/slots/hybridConnectionNamespaces/relays) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-kind) | string | Type of slot to deploy. | +| [`name`](#parameter-name) | string | Name of the slot. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`appName`](#parameter-appname) | string | The name of the parent site resource. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`appInsightResourceId`](#parameter-appinsightresourceid) | string | Resource ID of the app insight to leverage for this resource. | +| [`appServiceEnvironmentResourceId`](#parameter-appserviceenvironmentresourceid) | string | The resource ID of the app service environment to use for this resource. | +| [`appSettingsKeyValuePairs`](#parameter-appsettingskeyvaluepairs) | object | The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. | +| [`authSettingV2Configuration`](#parameter-authsettingv2configuration) | object | The auth settings V2 configuration. | +| [`clientAffinityEnabled`](#parameter-clientaffinityenabled) | bool | If client affinity is enabled. | +| [`clientCertEnabled`](#parameter-clientcertenabled) | bool | To enable client certificate authentication (TLS mutual authentication). | +| [`clientCertExclusionPaths`](#parameter-clientcertexclusionpaths) | string | Client certificate authentication comma-separated exclusion paths. | +| [`clientCertMode`](#parameter-clientcertmode) | string | This composes with ClientCertEnabled setting.- ClientCertEnabled: false means ClientCert is ignored.- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted. | +| [`cloningInfo`](#parameter-cloninginfo) | object | If specified during app creation, the app is cloned from a source app. | +| [`containerSize`](#parameter-containersize) | int | Size of the function container. | +| [`customDomainVerificationId`](#parameter-customdomainverificationid) | string | Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification. | +| [`dailyMemoryTimeQuota`](#parameter-dailymemorytimequota) | int | Maximum allowed daily memory-time quota (applicable on dynamic apps only). | +| [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. | +| [`enabled`](#parameter-enabled) | bool | Setting this value to false disables the app (takes the app offline). | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| [`hostNameSslStates`](#parameter-hostnamesslstates) | array | Hostname SSL states are used to manage the SSL bindings for app's hostnames. | +| [`httpsOnly`](#parameter-httpsonly) | bool | Configures a slot to accept only HTTPS requests. Issues redirect for HTTP requests. | +| [`hybridConnectionRelays`](#parameter-hybridconnectionrelays) | array | Names of hybrid connection relays to connect app with. | +| [`hyperV`](#parameter-hyperv) | bool | Hyper-V sandbox. | +| [`keyVaultAccessIdentityResourceId`](#parameter-keyvaultaccessidentityresourceid) | string | The resource ID of the assigned identity to be used to access a key vault with. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | +| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Allow or block all public traffic. | +| [`redundancyMode`](#parameter-redundancymode) | string | Site redundancy mode. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`serverFarmResourceId`](#parameter-serverfarmresourceid) | string | The resource ID of the app service plan to use for the slot. | +| [`setAzureWebJobsDashboard`](#parameter-setazurewebjobsdashboard) | bool | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. | +| [`siteConfig`](#parameter-siteconfig) | object | The site config object. | +| [`storageAccountRequired`](#parameter-storageaccountrequired) | bool | Checks if Customer provided storage account is required. | +| [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`virtualNetworkSubnetId`](#parameter-virtualnetworksubnetid) | string | Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}. | +| [`vnetContentShareEnabled`](#parameter-vnetcontentshareenabled) | bool | To enable accessing content over virtual network. | +| [`vnetImagePullEnabled`](#parameter-vnetimagepullenabled) | bool | To enable pulling image over Virtual Network. | +| [`vnetRouteAllEnabled`](#parameter-vnetrouteallenabled) | bool | Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. | + +### Parameter: `appInsightResourceId` + +Resource ID of the app insight to leverage for this resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `appName` + +The name of the parent site resource. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `appServiceEnvironmentResourceId` + +The resource ID of the app service environment to use for this resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `appSettingsKeyValuePairs` + +The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `authSettingV2Configuration` + +The auth settings V2 configuration. +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `clientAffinityEnabled` + +If client affinity is enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `clientCertEnabled` + +To enable client certificate authentication (TLS mutual authentication). +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `clientCertExclusionPaths` + +Client certificate authentication comma-separated exclusion paths. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `clientCertMode` + +This composes with ClientCertEnabled setting.- ClientCertEnabled: false means ClientCert is ignored.- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted. +- Required: No +- Type: string +- Default: `'Optional'` +- Allowed: + ```Bicep + [ + 'Optional' + 'OptionalInteractiveUser' + 'Required' + ] + ``` + +### Parameter: `cloningInfo` + +If specified during app creation, the app is cloned from a source app. +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `containerSize` + +Size of the function container. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `customDomainVerificationId` + +Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dailyMemoryTimeQuota` + +Maximum allowed daily memory-time quota (applicable on dynamic apps only). +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `diagnosticSettings` + +The diagnostic settings of the service. +- Required: No +- Type: array + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | + +### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` + +Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.eventHubName` + +Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.logAnalyticsDestinationType` + +Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. + +- Required: No +- Type: string +- Allowed: `[AzureDiagnostics, Dedicated]` + +### Parameter: `diagnosticSettings.logCategoriesAndGroups` + +Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. + +- Required: No +- Type: array + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | +| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | + +### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` + +Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` + +Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. + +- Required: No +- Type: string + + +### Parameter: `diagnosticSettings.marketplacePartnerResourceId` + +Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.metricCategories` + +Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. + +- Required: No +- Type: array + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | + +### Parameter: `diagnosticSettings.metricCategories.category` + +Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. + +- Required: Yes +- Type: string + + +### Parameter: `diagnosticSettings.name` + +Optional. The name of diagnostic setting. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.storageAccountResourceId` + +Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. + +- Required: No +- Type: string + +### Parameter: `diagnosticSettings.workspaceResourceId` + +Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. + +- Required: No +- Type: string + +### Parameter: `enabled` + +Setting this value to false disables the app (takes the app offline). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hostNameSslStates` + +Hostname SSL states are used to manage the SSL bindings for app's hostnames. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `httpsOnly` + +Configures a slot to accept only HTTPS requests. Issues redirect for HTTP requests. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hybridConnectionRelays` + +Names of hybrid connection relays to connect app with. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `hyperV` + +Hyper-V sandbox. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `keyVaultAccessIdentityResourceId` + +The resource ID of the assigned identity to be used to access a key vault with. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `kind` + +Type of slot to deploy. +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'app' + 'functionapp' + 'functionapplinux' + 'functionappworkflowapp' + 'functionappworkflowapplinux' + ] + ``` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + +- Required: No +- Type: string + +### Parameter: `managedIdentities` + +The managed identity definition for this resource. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | +| [`userAssignedResourcesIds`](#parameter-managedidentitiesuserassignedresourcesids) | No | array | Optional. The resource ID(s) to assign to the resource. | + +### Parameter: `managedIdentities.systemAssigned` + +Optional. Enables system assigned managed identity on the resource. + +- Required: No +- Type: bool + +### Parameter: `managedIdentities.userAssignedResourcesIds` + +Optional. The resource ID(s) to assign to the resource. + +- Required: No +- Type: array + +### Parameter: `name` + +Name of the slot. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. +- Required: No +- Type: array + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | +| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | + +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` + +Optional. Application security groups in which the private endpoint IP configuration is included. + +- Required: No +- Type: array + +### Parameter: `privateEndpoints.customDnsConfigs` + +Optional. Custom DNS configurations. + +- Required: No +- Type: array + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | + +### Parameter: `privateEndpoints.customDnsConfigs.fqdn` + +Required. Fqdn that resolves to private endpoint ip address. + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` + +Required. A list of private ip addresses of the private endpoint. + +- Required: Yes +- Type: array + + +### Parameter: `privateEndpoints.customNetworkInterfaceName` + +Optional. The custom name of the network interface attached to the private endpoint. + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.enableTelemetry` + +Optional. Enable/Disable usage telemetry for module. + +- Required: No +- Type: bool + +### Parameter: `privateEndpoints.ipConfigurations` + +Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. + +- Required: No +- Type: array + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | +| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | + +### Parameter: `privateEndpoints.ipConfigurations.name` + +Required. The name of the resource that is unique within a resource group. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.ipConfigurations.properties` + +Required. Properties of private endpoint IP configurations. + +- Required: Yes +- Type: object + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | +| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | + +### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` + +Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` + +Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` + +Required. A private ip address obtained from the private endpoint's subnet. + +- Required: Yes +- Type: string + + + +### Parameter: `privateEndpoints.location` + +Optional. The location to deploy the private endpoint to. + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.lock` + +Optional. Specify the type of lock. + +- Required: No +- Type: object + +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` + +Optional. Manual PrivateLink Service Connections. + +- Required: No +- Type: array + +### Parameter: `privateEndpoints.name` + +Optional. The name of the private endpoint. + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` + +Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. + +- Required: No +- Type: array + +### Parameter: `privateEndpoints.roleAssignments` + +Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: No +- Type: array + +### Parameter: `privateEndpoints.service` + +Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.subnetResourceId` + +Required. Resource ID of the subnet where the endpoint needs to be created. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.tags` + +Optional. Tags to be applied on all resources/resource groups in this deployment. + +- Required: No +- Type: object + +### Parameter: `publicNetworkAccess` + +Allow or block all public traffic. +- Required: No +- Type: string +- Default: `''` +- Allowed: + ```Bicep + [ + '' + 'Disabled' + 'Enabled' + ] + ``` + +### Parameter: `redundancyMode` + +Site redundancy mode. +- Required: No +- Type: string +- Default: `'None'` +- Allowed: + ```Bicep + [ + 'ActiveActive' + 'Failover' + 'GeoRedundant' + 'Manual' + 'None' + ] + ``` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | +| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | + +### Parameter: `roleAssignments.condition` + +Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" + +- Required: No +- Type: string + +### Parameter: `roleAssignments.conditionVersion` + +Optional. Version of the condition. + +- Required: No +- Type: string +- Allowed: `[2.0]` + +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` + +Optional. The Resource Id of the delegated managed identity resource. + +- Required: No +- Type: string + +### Parameter: `roleAssignments.description` + +Optional. The description of the role assignment. + +- Required: No +- Type: string + +### Parameter: `roleAssignments.principalId` + +Required. The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `roleAssignments.principalType` + +Optional. The principal type of the assigned principal ID. + +- Required: No +- Type: string +- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` + +### Parameter: `roleAssignments.roleDefinitionIdOrName` + +Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. + +- Required: Yes +- Type: string + +### Parameter: `serverFarmResourceId` + +The resource ID of the app service plan to use for the slot. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `setAzureWebJobsDashboard` + +For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. +- Required: No +- Type: bool +- Default: `[if(contains(parameters('kind'), 'functionapp'), true(), false())]` + +### Parameter: `siteConfig` + +The site config object. +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `storageAccountRequired` + +Checks if Customer provided storage account is required. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `storageAccountResourceId` + +Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object + +### Parameter: `virtualNetworkSubnetId` + +Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `vnetContentShareEnabled` + +To enable accessing content over virtual network. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `vnetImagePullEnabled` + +To enable pulling image over Virtual Network. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `vnetRouteAllEnabled` + +Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the slot. | +| `resourceGroupName` | string | The resource group the slot was deployed into. | +| `resourceId` | string | The resource ID of the slot. | +| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | + +## Notes + +### Parameter Usage: `appSettingsKeyValuePairs` + +AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING are set separately (check parameters storageAccountId, setAzureWebJobsDashboard, appInsightId). +For all other app settings key-value pairs use this object. + +
diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/config--appsettings/README.md b/bicep-examples/dependencies/modules/webApp/site/slot/config--appsettings/README.md
new file mode 100644
index 0000000..ffdebce
--- /dev/null
+++ b/bicep-examples/dependencies/modules/webApp/site/slot/config--appsettings/README.md
@@ -0,0 +1,161 @@
+# Site Slot App Settings `[Microsoft.Web/sites/slots/config]`
+
+This module deploys a Site Slot App Setting.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
+- [Notes](#Notes)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.Web/sites/slots/config` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) |
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`kind`](#parameter-kind) | string | Type of slot to deploy. |
+| [`slotName`](#parameter-slotname) | string | Slot name to be configured. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`appName`](#parameter-appname) | string | The name of the parent site resource. Required if the template is used in a standalone deployment. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`appInsightResourceId`](#parameter-appinsightresourceid) | string | Resource ID of the app insight to leverage for this resource. |
+| [`appSettingsKeyValuePairs`](#parameter-appsettingskeyvaluepairs) | object | The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). |
+| [`setAzureWebJobsDashboard`](#parameter-setazurewebjobsdashboard) | bool | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. |
+| [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. |
+
+### Parameter: `appInsightResourceId`
+
+Resource ID of the app insight to leverage for this resource.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `appName`
+
+The name of the parent site resource. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `appSettingsKeyValuePairs`
+
+The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING.
+- Required: No
+- Type: object
+- Default: `{}`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via the Customer Usage Attribution ID (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `kind`
+
+Type of slot to deploy.
+- Required: Yes
+- Type: string
+- Allowed:
+ ```Bicep
+ [
+ 'app'
+ 'functionapp'
+ 'functionapplinux'
+ 'functionappworkflowapp'
+ 'functionappworkflowapplinux'
+ ]
+ ```
+
+### Parameter: `setAzureWebJobsDashboard`
+
+For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons.
+- Required: No
+- Type: bool
+- Default: `[if(contains(parameters('kind'), 'functionapp'), true(), false())]`
+
+### Parameter: `slotName`
+
+Slot name to be configured.
+- Required: Yes
+- Type: string
+
+### Parameter: `storageAccountResourceId`
+
+Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions.
+- Required: No
+- Type: string
+- Default: `''`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the slot config. |
+| `resourceGroupName` | string | The resource group the slot config was deployed into. |
+| `resourceId` | string | The resource ID of the slot config. |
+
+## Cross-referenced modules
+
+_None_
+
+## Notes
+
+### Parameter Usage: `appSettingsKeyValuePairs`
+
+AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING are set separately (check parameters storageAccountId, setAzureWebJobsDashboard, appInsightId).
+For all other app settings key-value pairs use this object.
+
+Parameter JSON format
+
+```json
+"appSettingsKeyValuePairs": {
+ "value": {
+ "AzureFunctionsJobHost__logging__logLevel__default": "Trace",
+ "EASYAUTH_SECRET": "https://adp-[[namePrefix]]-az-kv-x-001.vault.azure.net/secrets/Modules-Test-SP-Password",
+ "FUNCTIONS_EXTENSION_VERSION": "~4",
+ "FUNCTIONS_WORKER_RUNTIME": "dotnet"
+ }
+}
+```
+
+Bicep format
+
+```bicep
+appSettingsKeyValuePairs: {
+ AzureFunctionsJobHost__logging__logLevel__default: 'Trace'
+ EASYAUTH_SECRET: 'https://adp-[[namePrefix]]-az-kv-x-001.vault.azure.net/secrets/Modules-Test-SP-Password'
+ FUNCTIONS_EXTENSION_VERSION: '~4'
+ FUNCTIONS_WORKER_RUNTIME: 'dotnet'
+}
+```
+
+
+ + +
diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/config--appsettings/main.bicep b/bicep-examples/dependencies/modules/webApp/site/slot/config--appsettings/main.bicep new file mode 100644 index 0000000..5f3ea19 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/slot/config--appsettings/main.bicep @@ -0,0 +1,93 @@ +metadata name = 'Site Slot App Settings' +metadata description = 'This module deploys a Site Slot App Setting.' +metadata owner = 'Azure/module-maintainers' + +@description('Required. Slot name to be configured.') +param slotName string + +@description('Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment.') +param appName string + +@description('Required. Type of slot to deploy.') +@allowed([ + 'functionapp' // function app windows os + 'functionapp,linux' // function app linux os + 'functionapp,workflowapp' // logic app workflow + 'functionapp,workflowapp,linux' // logic app docker container + 'app' // normal web app +]) +param kind string + +@description('Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions.') +param storageAccountResourceId string = '' + +@description('Optional. Resource ID of the app insight to leverage for this resource.') +param appInsightResourceId string = '' + +@description('Optional. For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons.') +param setAzureWebJobsDashboard bool = contains(kind, 'functionapp') ? true : false + +@description('Optional. The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING.') +param appSettingsKeyValuePairs object = {} + +@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +var azureWebJobsValues = !empty(storageAccountResourceId) ? union({ + AzureWebJobsStorage: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};AccountKey=${storageAccount.listKeys().keys[0].value};' + }, ((setAzureWebJobsDashboard == true) ? { + AzureWebJobsDashboard: 'DefaultEndpointsProtocol=https;AccountName=${storageAccount.name};AccountKey=${storageAccount.listKeys().keys[0].value};' + } : {})) : {} + +var appInsightsValues = !empty(appInsightResourceId) ? { + APPINSIGHTS_INSTRUMENTATIONKEY: appInsight.properties.InstrumentationKey + APPLICATIONINSIGHTS_CONNECTION_STRING: appInsight.properties.ConnectionString +} : {} + +var expandedAppSettings = union(appSettingsKeyValuePairs, azureWebJobsValues, appInsightsValues) + +resource app 'Microsoft.Web/sites@2022-09-01' existing = { + name: appName + + resource slot 'slots' existing = { + name: slotName + } +} + +resource appInsight 'Microsoft.Insights/components@2020-02-02' existing = if (!empty(appInsightResourceId)) { + name: last(split(appInsightResourceId, '/'))! + scope: resourceGroup(split(appInsightResourceId, '/')[2], split(appInsightResourceId, '/')[4]) +} + +resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' existing = if (!empty(storageAccountResourceId)) { + name: last(split(storageAccountResourceId, '/'))! + scope: resourceGroup(split(storageAccountResourceId, '/')[2], split(storageAccountResourceId, '/')[4]) +} + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource slotSettings 'Microsoft.Web/sites/slots/config@2022-09-01' = { + name: 'appsettings' + kind: kind + parent: app::slot + properties: expandedAppSettings +} + +@description('The name of the slot config.') +output name string = slotSettings.name + +@description('The resource ID of the slot config.') +output resourceId string = slotSettings.id + +@description('The resource group the slot config was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/config--appsettings/main.json b/bicep-examples/dependencies/modules/webApp/site/slot/config--appsettings/main.json new file mode 100644 index 0000000..c4220e1 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/slot/config--appsettings/main.json @@ -0,0 +1,122 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "13223616826795830599" + }, + "name": "Site Slot App Settings", + "description": "This module deploys a Site Slot App Setting.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "slotName": { + "type": "string", + "metadata": { + "description": "Required. Slot name to be configured." + } + }, + "appName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "functionapp", + "functionapp,linux", + "functionapp,workflowapp", + "functionapp,workflowapp,linux", + "app" + ], + "metadata": { + "description": "Required. Type of slot to deploy." + } + }, + "storageAccountResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions." + } + }, + "appInsightResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the app insight to leverage for this resource." + } + }, + "setAzureWebJobsDashboard": { + "type": "bool", + "defaultValue": "[if(contains(parameters('kind'), 'functionapp'), true(), false())]", + "metadata": { + "description": "Optional. For function apps. If true the app settings \"AzureWebJobsDashboard\" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons." + } + }, + "appSettingsKeyValuePairs": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Web/sites/slots/config", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}/{2}', parameters('appName'), parameters('slotName'), 'appsettings')]", + "kind": "[parameters('kind')]", + "properties": "[union(parameters('appSettingsKeyValuePairs'), if(not(empty(parameters('storageAccountResourceId'))), union(createObject('AzureWebJobsStorage', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};', last(split(parameters('storageAccountResourceId'), '/')), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountResourceId'), '/')[2], split(parameters('storageAccountResourceId'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2023-01-01').keys[0].value)), if(equals(parameters('setAzureWebJobsDashboard'), true()), createObject('AzureWebJobsDashboard', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};', last(split(parameters('storageAccountResourceId'), '/')), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountResourceId'), '/')[2], split(parameters('storageAccountResourceId'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2023-01-01').keys[0].value)), createObject())), createObject()), if(not(empty(parameters('appInsightResourceId'))), createObject('APPINSIGHTS_INSTRUMENTATIONKEY', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('appInsightResourceId'), '/')[2], split(parameters('appInsightResourceId'), '/')[4]), 'Microsoft.Insights/components', last(split(parameters('appInsightResourceId'), '/'))), '2020-02-02').InstrumentationKey, 'APPLICATIONINSIGHTS_CONNECTION_STRING', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('appInsightResourceId'), '/')[2], split(parameters('appInsightResourceId'), '/')[4]), 'Microsoft.Insights/components', last(split(parameters('appInsightResourceId'), '/'))), '2020-02-02').ConnectionString), createObject()))]" + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the slot config." + }, + "value": "appsettings" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the slot config." + }, + "value": "[resourceId('Microsoft.Web/sites/slots/config', parameters('appName'), parameters('slotName'), 'appsettings')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the slot config was deployed into." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/config--appsettings/version.json b/bicep-examples/dependencies/modules/webApp/site/slot/config--appsettings/version.json new file mode 100644 index 0000000..96236a6 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/slot/config--appsettings/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.4", + "pathFilters": [ + "./main.json" + ] +} diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/config--authsettingsv2/README.md b/bicep-examples/dependencies/modules/webApp/site/slot/config--authsettingsv2/README.md new file mode 100644 index 0000000..2d99aea --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/slot/config--authsettingsv2/README.md @@ -0,0 +1,92 @@ +# Site Slot Auth Settings V2 Config `[Microsoft.Web/sites/slots/config]` + +This module deploys a Site Auth Settings V2 Configuration. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Web/sites/slots/config` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authSettingV2Configuration`](#parameter-authsettingv2configuration) | object | The auth settings V2 configuration. | +| [`kind`](#parameter-kind) | string | Type of slot to deploy. | +| [`slotName`](#parameter-slotname) | string | Slot name to be configured. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`appName`](#parameter-appname) | string | The name of the parent site resource. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | + +### Parameter: `appName` + +The name of the parent site resource. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `authSettingV2Configuration` + +The auth settings V2 configuration. +- Required: Yes +- Type: object + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `kind` + +Type of slot to deploy. +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'app' + 'functionapp' + 'functionapplinux' + 'functionappworkflowapp' + 'functionappworkflowapplinux' + ] + ``` + +### Parameter: `slotName` + +Slot name to be configured. +- Required: Yes +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the slot config. | +| `resourceGroupName` | string | The resource group the slot config was deployed into. | +| `resourceId` | string | The resource ID of the slot config. | + +## Cross-referenced modules + +_None_ diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/config--authsettingsv2/main.bicep b/bicep-examples/dependencies/modules/webApp/site/slot/config--authsettingsv2/main.bicep new file mode 100644 index 0000000..739d774 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/slot/config--authsettingsv2/main.bicep @@ -0,0 +1,61 @@ +metadata name = 'Site Slot Auth Settings V2 Config' +metadata description = 'This module deploys a Site Auth Settings V2 Configuration.' +metadata owner = 'Azure/module-maintainers' + +@description('Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment.') +param appName string + +@description('Required. Slot name to be configured.') +param slotName string + +@description('Required. Type of slot to deploy.') +@allowed([ + 'functionapp' // function app windows os + 'functionapp,linux' // function app linux os + 'functionapp,workflowapp' // logic app workflow + 'functionapp,workflowapp,linux' // logic app docker container + 'app' // normal web app +]) +param kind string + +@description('Required. The auth settings V2 configuration.') +param authSettingV2Configuration object + +@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource app 'Microsoft.Web/sites@2022-09-01' existing = { + name: appName + + resource slot 'slots' existing = { + name: slotName + } +} + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource slotSettings 'Microsoft.Web/sites/slots/config@2022-09-01' = { + name: 'authsettingsV2' + kind: kind + parent: app::slot + properties: authSettingV2Configuration +} + +@description('The name of the slot config.') +output name string = slotSettings.name + +@description('The resource ID of the slot config.') +output resourceId string = slotSettings.id + +@description('The resource group the slot config was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/config--authsettingsv2/main.json b/bicep-examples/dependencies/modules/webApp/site/slot/config--authsettingsv2/main.json new file mode 100644 index 0000000..bfdb1d3 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/slot/config--authsettingsv2/main.json @@ -0,0 +1,100 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "16157844933162881953" + }, + "name": "Site Slot Auth Settings V2 Config", + "description": "This module deploys a Site Auth Settings V2 Configuration.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "appName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." + } + }, + "slotName": { + "type": "string", + "metadata": { + "description": "Required. Slot name to be configured." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "functionapp", + "functionapp,linux", + "functionapp,workflowapp", + "functionapp,workflowapp,linux", + "app" + ], + "metadata": { + "description": "Required. Type of slot to deploy." + } + }, + "authSettingV2Configuration": { + "type": "object", + "metadata": { + "description": "Required. The auth settings V2 configuration." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Web/sites/slots/config", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}/{2}', parameters('appName'), parameters('slotName'), 'authsettingsV2')]", + "kind": "[parameters('kind')]", + "properties": "[parameters('authSettingV2Configuration')]" + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the slot config." + }, + "value": "authsettingsV2" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the slot config." + }, + "value": "[resourceId('Microsoft.Web/sites/slots/config', parameters('appName'), parameters('slotName'), 'authsettingsV2')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the slot config was deployed into." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/config--authsettingsv2/version.json b/bicep-examples/dependencies/modules/webApp/site/slot/config--authsettingsv2/version.json new file mode 100644 index 0000000..96236a6 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/slot/config--authsettingsv2/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.4", + "pathFilters": [ + "./main.json" + ] +} diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/hybrid-connection-namespace/relay/README.md b/bicep-examples/dependencies/modules/webApp/site/slot/hybrid-connection-namespace/relay/README.md new file mode 100644 index 0000000..33b7318 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/slot/hybrid-connection-namespace/relay/README.md @@ -0,0 +1,91 @@ +# Web/Function Apps Slot Hybrid Connection Relay `[Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays]` + +This module deploys a Site Slot Hybrid Connection Namespace Relay. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites/slots/hybridConnectionNamespaces/relays) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`hybridConnectionResourceId`](#parameter-hybridconnectionresourceid) | string | The resource ID of the relay namespace hybrid connection. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`appName`](#parameter-appname) | string | The name of the parent web site. Required if the template is used in a standalone deployment. | +| [`slotName`](#parameter-slotname) | string | The name of the site slot. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`sendKeyName`](#parameter-sendkeyname) | string | Name of the authorization rule send key to use. | + +### Parameter: `appName` + +The name of the parent web site. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hybridConnectionResourceId` + +The resource ID of the relay namespace hybrid connection. +- Required: Yes +- Type: string + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `sendKeyName` + +Name of the authorization rule send key to use. +- Required: No +- Type: string +- Default: `'defaultSender'` + +### Parameter: `slotName` + +The name of the site slot. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the hybrid connection relay.. | +| `resourceGroupName` | string | The name of the resource group the resource was deployed into. | +| `resourceId` | string | The resource ID of the hybrid connection relay. | + +## Cross-referenced modules + +_None_ diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/hybrid-connection-namespace/relay/main.bicep b/bicep-examples/dependencies/modules/webApp/site/slot/hybrid-connection-namespace/relay/main.bicep new file mode 100644 index 0000000..fe51fdf --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/slot/hybrid-connection-namespace/relay/main.bicep @@ -0,0 +1,69 @@ +metadata name = 'Web/Function Apps Slot Hybrid Connection Relay' +metadata description = 'This module deploys a Site Slot Hybrid Connection Namespace Relay.' +metadata owner = 'Azure/module-maintainers' + +@description('Required. The resource ID of the relay namespace hybrid connection.') +param hybridConnectionResourceId string + +@description('Conditional. The name of the site slot. Required if the template is used in a standalone deployment.') +param slotName string + +@description('Conditional. The name of the parent web site. Required if the template is used in a standalone deployment.') +param appName string + +@description('Optional. Name of the authorization rule send key to use.') +param sendKeyName string = 'defaultSender' + +@description('Optional. Location for all Resources.') +param location string = resourceGroup().location + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource namespace 'Microsoft.Relay/namespaces@2021-11-01' existing = { + name: split(hybridConnectionResourceId, '/')[8] + scope: resourceGroup(split(hybridConnectionResourceId, '/')[2], split(hybridConnectionResourceId, '/')[4]) + + resource hybridConnection 'hybridConnections@2021-11-01' existing = { + name: split(hybridConnectionResourceId, '/')[10] + + resource authorizationRule 'authorizationRules@2021-11-01' existing = { + name: sendKeyName + } + } +} + +resource hybridConnectionRelay 'Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays@2022-09-01' = { + name: '${appName}/${slotName}/${namespace.name}/${namespace::hybridConnection.name}' + properties: { + serviceBusNamespace: namespace.name + serviceBusSuffix: split(substring(namespace.properties.serviceBusEndpoint, indexOf(namespace.properties.serviceBusEndpoint, '.servicebus')), ':')[0] + relayName: namespace::hybridConnection.name + relayArmUri: namespace::hybridConnection.id + hostname: split(json(namespace::hybridConnection.properties.userMetadata)[0].value, ':')[0] + port: int(split(json(namespace::hybridConnection.properties.userMetadata)[0].value, ':')[1]) + sendKeyName: namespace::hybridConnection::authorizationRule.name + sendKeyValue: namespace::hybridConnection::authorizationRule.listKeys().primaryKey + } +} + +@description('The name of the hybrid connection relay..') +output name string = hybridConnectionRelay.name + +@description('The resource ID of the hybrid connection relay.') +output resourceId string = hybridConnectionRelay.id + +@description('The name of the resource group the resource was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/hybrid-connection-namespace/relay/main.json b/bicep-examples/dependencies/modules/webApp/site/slot/hybrid-connection-namespace/relay/main.json new file mode 100644 index 0000000..5381c32 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/slot/hybrid-connection-namespace/relay/main.json @@ -0,0 +1,109 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "11888981629758921842" + }, + "name": "Web/Function Apps Slot Hybrid Connection Relay", + "description": "This module deploys a Site Slot Hybrid Connection Namespace Relay.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "hybridConnectionResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the relay namespace hybrid connection." + } + }, + "slotName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the site slot. Required if the template is used in a standalone deployment." + } + }, + "appName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent web site. Required if the template is used in a standalone deployment." + } + }, + "sendKeyName": { + "type": "string", + "defaultValue": "defaultSender", + "metadata": { + "description": "Optional. Name of the authorization rule send key to use." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]", + "properties": { + "serviceBusNamespace": "[split(parameters('hybridConnectionResourceId'), '/')[8]]", + "serviceBusSuffix": "[split(substring(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces', split(parameters('hybridConnectionResourceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, indexOf(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces', split(parameters('hybridConnectionResourceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, '.servicebus')), ':')[0]]", + "relayName": "[split(parameters('hybridConnectionResourceId'), '/')[10]]", + "relayArmUri": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]", + "hostname": "[split(json(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '2021-11-01').userMetadata)[0].value, ':')[0]]", + "port": "[int(split(json(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '2021-11-01').userMetadata)[0].value, ':')[1])]", + "sendKeyName": "[parameters('sendKeyName')]", + "sendKeyValue": "[listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections/authorizationRules', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10], parameters('sendKeyName')), '2021-11-01').primaryKey]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the hybrid connection relay.." + }, + "value": "[format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the hybrid connection relay." + }, + "value": "[resourceId('Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays', split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[0], split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[1], split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[2], split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[3])]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the resource was deployed into." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/hybrid-connection-namespace/relay/version.json b/bicep-examples/dependencies/modules/webApp/site/slot/hybrid-connection-namespace/relay/version.json new file mode 100644 index 0000000..96236a6 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/slot/hybrid-connection-namespace/relay/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.4", + "pathFilters": [ + "./main.json" + ] +} diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/main.bicep b/bicep-examples/dependencies/modules/webApp/site/slot/main.bicep new file mode 100644 index 0000000..e38a90e --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/slot/main.bicep @@ -0,0 +1,492 @@ +metadata name = 'Web/Function App Deployment Slots' +metadata description = 'This module deploys a Web or Function App Deployment Slot.' +metadata owner = 'Azure/module-maintainers' + +@description('Required. Name of the slot.') +param name string + +@description('Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment.') +param appName string + +@description('Optional. Location for all Resources.') +param location string = resourceGroup().location + +@description('Required. Type of slot to deploy.') +@allowed([ + 'functionapp' // function app windows os + 'functionapp,linux' // function app linux os + 'functionapp,workflowapp' // logic app workflow + 'functionapp,workflowapp,linux' // logic app docker container + 'app' // normal web app +]) +param kind string + +@description('Optional. The resource ID of the app service plan to use for the slot.') +param serverFarmResourceId string = '' + +@description('Optional. Configures a slot to accept only HTTPS requests. Issues redirect for HTTP requests.') +param httpsOnly bool = true + +@description('Optional. If client affinity is enabled.') +param clientAffinityEnabled bool = true + +@description('Optional. The resource ID of the app service environment to use for this resource.') +param appServiceEnvironmentResourceId string = '' + +@description('Optional. The managed identity definition for this resource.') +param managedIdentities managedIdentitiesType + +@description('Optional. The resource ID of the assigned identity to be used to access a key vault with.') +param keyVaultAccessIdentityResourceId string = '' + +@description('Optional. Checks if Customer provided storage account is required.') +param storageAccountRequired bool = false + +@description('Optional. Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}.') +param virtualNetworkSubnetId string = '' + +@description('Optional. The site config object.') +param siteConfig object = {} + +@description('Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions.') +param storageAccountResourceId string = '' + +@description('Optional. Resource ID of the app insight to leverage for this resource.') +param appInsightResourceId string = '' + +@description('Optional. For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons.') +param setAzureWebJobsDashboard bool = contains(kind, 'functionapp') ? true : false + +@description('Optional. The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING.') +param appSettingsKeyValuePairs object = {} + +@description('Optional. The auth settings V2 configuration.') +param authSettingV2Configuration object = {} + +@description('Optional. The lock settings of the service.') +param lock lockType + +@description('Optional. Configuration details for private endpoints.') +param privateEndpoints privateEndpointType + +@description('Optional. Tags of the resource.') +param tags object? + +@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') +param roleAssignments roleAssignmentType + +@description('Optional. The diagnostic settings of the service.') +param diagnosticSettings diagnosticSettingType + +@description('Optional. To enable client certificate authentication (TLS mutual authentication).') +param clientCertEnabled bool = false + +@description('Optional. Client certificate authentication comma-separated exclusion paths.') +param clientCertExclusionPaths string = '' + +@description('Optional. This composes with ClientCertEnabled setting.
- ClientCertEnabled: false means ClientCert is ignored.- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted.') +@allowed([ + 'Optional' + 'OptionalInteractiveUser' + 'Required' +]) +param clientCertMode string = 'Optional' + +@description('Optional. If specified during app creation, the app is cloned from a source app.') +param cloningInfo object = {} + +@description('Optional. Size of the function container.') +param containerSize int = -1 + +@description('Optional. Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification.') +param customDomainVerificationId string = '' + +@description('Optional. Maximum allowed daily memory-time quota (applicable on dynamic apps only).') +param dailyMemoryTimeQuota int = -1 + +@description('Optional. Setting this value to false disables the app (takes the app offline).') +param enabled bool = true + +@description('Optional. Hostname SSL states are used to manage the SSL bindings for app\'s hostnames.') +param hostNameSslStates array = [] + +@description('Optional. Hyper-V sandbox.') +param hyperV bool = false + +@description('Optional. Allow or block all public traffic.') +@allowed([ + 'Enabled' + 'Disabled' + '' +]) +param publicNetworkAccess string = '' + +@description('Optional. Site redundancy mode.') +@allowed([ + 'ActiveActive' + 'Failover' + 'GeoRedundant' + 'Manual' + 'None' +]) +param redundancyMode string = 'None' + +@description('Optional. To enable accessing content over virtual network.') +param vnetContentShareEnabled bool = false + +@description('Optional. To enable pulling image over Virtual Network.') +param vnetImagePullEnabled bool = false + +@description('Optional. Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied.') +param vnetRouteAllEnabled bool = false + +@description('Optional. Names of hybrid connection relays to connect app with.') +param hybridConnectionRelays array = [] + +var formattedUserAssignedIdentities = reduce(map((managedIdentities.?userAssignedResourcesIds ?? []), (id) => { '${id}': {} }), {}, (cur, next) => union(cur, next)) // Converts the flat array to an object like { '${id1}': {}, '${id2}': {} } + +var identity = !empty(managedIdentities) ? { + type: (managedIdentities.?systemAssigned ?? false) ? (!empty(managedIdentities.?userAssignedResourcesIds ?? {}) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(managedIdentities.?userAssignedResourcesIds ?? {}) ? 'UserAssigned' : null) + userAssignedIdentities: !empty(formattedUserAssignedIdentities) ? formattedUserAssignedIdentities : null +} : null + +var enableReferencedModulesTelemetry = false + +var builtInRoleNames = { + 'App Compliance Automation Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f37683f-2463-46b6-9ce7-9b788b988ba2') + Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') + Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') + Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') + 'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168') + 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') + 'Web Plan Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b') + 'Website Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772') +} + +resource app 'Microsoft.Web/sites@2021-03-01' existing = { + name: appName +} + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource slot 'Microsoft.Web/sites/slots@2022-09-01' = { + name: name + parent: app + location: location + kind: kind + tags: tags + identity: identity + properties: { + serverFarmId: serverFarmResourceId + clientAffinityEnabled: clientAffinityEnabled + httpsOnly: httpsOnly + hostingEnvironmentProfile: !empty(appServiceEnvironmentResourceId) ? { + id: appServiceEnvironmentResourceId + } : null + storageAccountRequired: storageAccountRequired + keyVaultReferenceIdentity: !empty(keyVaultAccessIdentityResourceId) ? keyVaultAccessIdentityResourceId : any(null) + virtualNetworkSubnetId: !empty(virtualNetworkSubnetId) ? virtualNetworkSubnetId : any(null) + siteConfig: siteConfig + clientCertEnabled: clientCertEnabled + clientCertExclusionPaths: !empty(clientCertExclusionPaths) ? clientCertExclusionPaths : null + clientCertMode: clientCertMode + cloningInfo: !empty(cloningInfo) ? cloningInfo : null + containerSize: containerSize != -1 ? containerSize : null + customDomainVerificationId: !empty(customDomainVerificationId) ? customDomainVerificationId : null + dailyMemoryTimeQuota: dailyMemoryTimeQuota != -1 ? dailyMemoryTimeQuota : null + enabled: enabled + hostNameSslStates: hostNameSslStates + hyperV: hyperV + publicNetworkAccess: publicNetworkAccess + redundancyMode: redundancyMode + vnetContentShareEnabled: vnetContentShareEnabled + vnetImagePullEnabled: vnetImagePullEnabled + vnetRouteAllEnabled: vnetRouteAllEnabled + } +} + +module slot_appsettings 'config--appsettings/main.bicep' = if (!empty(appSettingsKeyValuePairs)) { + name: '${uniqueString(deployment().name, location)}-Slot-${name}-Config-AppSettings' + params: { + slotName: slot.name + appName: app.name + kind: kind + storageAccountResourceId: storageAccountResourceId + appInsightResourceId: appInsightResourceId + setAzureWebJobsDashboard: setAzureWebJobsDashboard + appSettingsKeyValuePairs: appSettingsKeyValuePairs + enableDefaultTelemetry: enableReferencedModulesTelemetry + } +} + +module slot_authsettingsv2 'config--authsettingsv2/main.bicep' = if (!empty(authSettingV2Configuration)) { + name: '${uniqueString(deployment().name, location)}-Slot-${name}-Config-AuthSettingsV2' + params: { + slotName: slot.name + appName: app.name + kind: kind + authSettingV2Configuration: authSettingV2Configuration + enableDefaultTelemetry: enableReferencedModulesTelemetry + } +} + +module slot_hybridConnectionRelays 'hybrid-connection-namespace/relay/main.bicep' = [for (hybridConnectionRelay, index) in hybridConnectionRelays: { + name: '${uniqueString(deployment().name, location)}-Slot-HybridConnectionRelay-${index}' + params: { + hybridConnectionResourceId: hybridConnectionRelay.resourceId + appName: app.name + slotName: slot.name + sendKeyName: contains(hybridConnectionRelay, 'sendKeyName') ? hybridConnectionRelay.sendKeyName : null + enableDefaultTelemetry: enableReferencedModulesTelemetry + } +}] + +resource slot_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' + properties: { + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' + } + scope: slot +} + +resource slot_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = [for (diagnosticSetting, index) in (diagnosticSettings ?? []): { + name: diagnosticSetting.?name ?? '${name}-diagnosticSettings' + properties: { + storageAccountId: diagnosticSetting.?storageAccountResourceId + workspaceId: diagnosticSetting.?workspaceResourceId + eventHubAuthorizationRuleId: diagnosticSetting.?eventHubAuthorizationRuleResourceId + eventHubName: diagnosticSetting.?eventHubName + metrics: diagnosticSetting.?metricCategories ?? [ + { + category: 'AllMetrics' + timeGrain: null + enabled: true + } + ] + logs: diagnosticSetting.?logCategoriesAndGroups ?? [ + { + categoryGroup: 'AllLogs' + enabled: true + } + ] + marketplacePartnerId: diagnosticSetting.?marketplacePartnerResourceId + logAnalyticsDestinationType: diagnosticSetting.?logAnalyticsDestinationType + } + scope: slot +}] + +resource slot_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (roleAssignment, index) in (roleAssignments ?? []): { + name: guid(slot.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName) + properties: { + roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] : roleAssignment.roleDefinitionIdOrName + principalId: roleAssignment.principalId + description: roleAssignment.?description + principalType: roleAssignment.?principalType + condition: roleAssignment.?condition + conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set + delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId + } + scope: slot +}] + +module slot_privateEndpoints '../../../privateEndpoint/privateEndpoint.bicep' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { + name: '${uniqueString(deployment().name, location)}-app-PrivateEndpoint-${index}' + params: { + groupIds: [ + privateEndpoint.?service ?? 'sites' + ] + name: privateEndpoint.?name ?? 'pep-${last(split(app.id, '/'))}-${privateEndpoint.?service ?? 'sites'}-${index}' + serviceResourceId: app.id + subnetResourceId: privateEndpoint.subnetResourceId + enableDefaultTelemetry: privateEndpoint.?enableDefaultTelemetry ?? enableReferencedModulesTelemetry + location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location + lock: privateEndpoint.?lock ?? lock + privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName + privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds + roleAssignments: privateEndpoint.?roleAssignments + tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections + customDnsConfigs: privateEndpoint.?customDnsConfigs + ipConfigurations: privateEndpoint.?ipConfigurations + applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds + customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName + } +}] + +@description('The name of the slot.') +output name string = slot.name + +@description('The resource ID of the slot.') +output resourceId string = slot.id + +@description('The resource group the slot was deployed into.') +output resourceGroupName string = resourceGroup().name + +@description('The principal ID of the system assigned identity.') +output systemAssignedMIPrincipalId string = (managedIdentities.?systemAssigned ?? false) && contains(slot.identity, 'principalId') ? slot.identity.principalId : '' + +@description('The location the resource was deployed into.') +output location string = slot.location + +// =============== // +// Definitions // +// =============== // + +type managedIdentitiesType = { + @description('Optional. Enables system assigned managed identity on the resource.') + systemAssigned: bool? + + @description('Optional. The resource ID(s) to assign to the resource.') + userAssignedResourcesIds: string[]? +}? + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? + +type roleAssignmentType = { + @description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') + roleDefinitionIdOrName: string + + @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.') + principalId: string + + @description('Optional. The principal type of the assigned principal ID.') + principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device' | null)? + + @description('Optional. The description of the role assignment.') + description: string? + + @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') + condition: string? + + @description('Optional. Version of the condition.') + conditionVersion: '2.0'? + + @description('Optional. The Resource Id of the delegated managed identity resource.') + delegatedManagedIdentityResourceId: string? +}[]? + +type privateEndpointType = { + @description('Optional. The name of the private endpoint.') + name: string? + + @description('Optional. The location to deploy the private endpoint to.') + location: string? + + @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + service: string? + + @description('Required. Resource ID of the subnet where the endpoint needs to be created.') + subnetResourceId: string + + @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') + privateDnsZoneGroupName: string? + + @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') + privateDnsZoneResourceIds: string[]? + + @description('Optional. Custom DNS configurations.') + customDnsConfigs: { + @description('Required. Fqdn that resolves to private endpoint ip address.') + fqdn: string? + + @description('Required. A list of private ip addresses of the private endpoint.') + ipAddresses: string[] + }[]? + + @description('Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints.') + ipConfigurations: { + @description('Required. The name of the resource that is unique within a resource group.') + name: string + + @description('Required. Properties of private endpoint IP configurations.') + properties: { + @description('Required. The ID of a group obtained from the remote resource that this private endpoint should connect to.') + groupId: string + + @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') + memberName: string + + @description('Required. A private ip address obtained from the private endpoint\'s subnet.') + privateIPAddress: string + } + }[]? + + @description('Optional. Application security groups in which the private endpoint IP configuration is included.') + applicationSecurityGroupResourceIds: string[]? + + @description('Optional. The custom name of the network interface attached to the private endpoint.') + customNetworkInterfaceName: string? + + @description('Optional. Specify the type of lock.') + lock: lockType + + @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') + roleAssignments: roleAssignmentType + + @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') + tags: object? + + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + + @description('Optional. Enable/Disable usage telemetry for module.') + enableTelemetry: bool? +}[]? + +type diagnosticSettingType = { + @description('Optional. The name of diagnostic setting.') + name: string? + + @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to \'\' to disable log collection.') + logCategoriesAndGroups: { + @description('Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here.') + category: string? + + @description('Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to \'AllLogs\' to collect all logs.') + categoryGroup: string? + }[]? + + @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to \'\' to disable log collection.') + metricCategories: { + @description('Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to \'AllMetrics\' to collect all metrics.') + category: string + }[]? + + @description('Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.') + logAnalyticsDestinationType: ('Dedicated' | 'AzureDiagnostics' | null)? + + @description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') + workspaceResourceId: string? + + @description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') + storageAccountResourceId: string? + + @description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') + eventHubAuthorizationRuleResourceId: string? + + @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') + eventHubName: string? + + @description('Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.') + marketplacePartnerResourceId: string? +}[]? diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/main.json b/bicep-examples/dependencies/modules/webApp/site/slot/main.json new file mode 100644 index 0000000..8a83959 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/slot/main.json @@ -0,0 +1,1936 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "842322474793993092" + }, + "name": "Web/Function App Deployment Slots", + "description": "This module deploys a Web or Function App Deployment Slot.", + "owner": "Azure/module-maintainers" + }, + "definitions": { + "managedIdentitiesType": { + "type": "object", + "properties": { + "systemAssigned": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enables system assigned managed identity on the resource." + } + }, + "userAssignedResourcesIds": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The resource ID(s) to assign to the resource." + } + } + }, + "nullable": true + }, + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + }, + "roleAssignmentType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." + } + } + } + }, + "nullable": true + }, + "privateEndpointType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the private endpoint." + } + }, + "location": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The location to deploy the private endpoint to." + } + }, + "service": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + } + }, + "subnetResourceId": { + "type": "string", + "metadata": { + "description": "Required. Resource ID of the subnet where the endpoint needs to be created." + } + }, + "privateDnsZoneGroupName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." + } + }, + "privateDnsZoneResourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." + } + }, + "customDnsConfigs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fqdn": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Required. Fqdn that resolves to private endpoint ip address." + } + }, + "ipAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. A list of private ip addresses of the private endpoint." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. Custom DNS configurations." + } + }, + "ipConfigurations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the resource that is unique within a resource group." + } + }, + "properties": { + "type": "object", + "properties": { + "groupId": { + "type": "string", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "memberName": { + "type": "string", + "metadata": { + "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "privateIPAddress": { + "type": "string", + "metadata": { + "description": "Required. A private ip address obtained from the private endpoint's subnet." + } + } + }, + "metadata": { + "description": "Required. Properties of private endpoint IP configurations." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." + } + }, + "applicationSecurityGroupResourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. Application security groups in which the private endpoint IP configuration is included." + } + }, + "customNetworkInterfaceName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The custom name of the network interface attached to the private endpoint." + } + }, + "lock": { + "$ref": "#/definitions/lockType", + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "$ref": "#/definitions/roleAssignmentType", + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." + } + }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, + "enableTelemetry": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + } + } + }, + "nullable": true + }, + "diagnosticSettingType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of diagnostic setting." + } + }, + "logCategoriesAndGroups": { + "type": "array", + "items": { + "type": "object", + "properties": { + "category": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here." + } + }, + "categoryGroup": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection." + } + }, + "metricCategories": { + "type": "array", + "items": { + "type": "object", + "properties": { + "category": { + "type": "string", + "metadata": { + "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection." + } + }, + "logAnalyticsDestinationType": { + "type": "string", + "allowedValues": [ + "AzureDiagnostics", + "Dedicated" + ], + "nullable": true, + "metadata": { + "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type." + } + }, + "workspaceResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "storageAccountResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "eventHubAuthorizationRuleResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." + } + }, + "eventHubName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "marketplacePartnerResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs." + } + } + } + }, + "nullable": true + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the slot." + } + }, + "appName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "functionapp", + "functionapp,linux", + "functionapp,workflowapp", + "functionapp,workflowapp,linux", + "app" + ], + "metadata": { + "description": "Required. Type of slot to deploy." + } + }, + "serverFarmResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The resource ID of the app service plan to use for the slot." + } + }, + "httpsOnly": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Configures a slot to accept only HTTPS requests. Issues redirect for HTTP requests." + } + }, + "clientAffinityEnabled": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. If client affinity is enabled." + } + }, + "appServiceEnvironmentResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The resource ID of the app service environment to use for this resource." + } + }, + "managedIdentities": { + "$ref": "#/definitions/managedIdentitiesType", + "metadata": { + "description": "Optional. The managed identity definition for this resource." + } + }, + "keyVaultAccessIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The resource ID of the assigned identity to be used to access a key vault with." + } + }, + "storageAccountRequired": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Checks if Customer provided storage account is required." + } + }, + "virtualNetworkSubnetId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}." + } + }, + "siteConfig": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. The site config object." + } + }, + "storageAccountResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions." + } + }, + "appInsightResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the app insight to leverage for this resource." + } + }, + "setAzureWebJobsDashboard": { + "type": "bool", + "defaultValue": "[if(contains(parameters('kind'), 'functionapp'), true(), false())]", + "metadata": { + "description": "Optional. For function apps. If true the app settings \"AzureWebJobsDashboard\" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons." + } + }, + "appSettingsKeyValuePairs": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING." + } + }, + "authSettingV2Configuration": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. The auth settings V2 configuration." + } + }, + "lock": { + "$ref": "#/definitions/lockType", + "metadata": { + "description": "Optional. The lock settings of the service." + } + }, + "privateEndpoints": { + "$ref": "#/definitions/privateEndpointType", + "metadata": { + "description": "Optional. Configuration details for private endpoints." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)." + } + }, + "roleAssignments": { + "$ref": "#/definitions/roleAssignmentType", + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "diagnosticSettings": { + "$ref": "#/definitions/diagnosticSettingType", + "metadata": { + "description": "Optional. The diagnostic settings of the service." + } + }, + "clientCertEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. To enable client certificate authentication (TLS mutual authentication)." + } + }, + "clientCertExclusionPaths": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Client certificate authentication comma-separated exclusion paths." + } + }, + "clientCertMode": { + "type": "string", + "defaultValue": "Optional", + "allowedValues": [ + "Optional", + "OptionalInteractiveUser", + "Required" + ], + "metadata": { + "description": "Optional. This composes with ClientCertEnabled setting.- ClientCertEnabled: false means ClientCert is ignored.- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted." + } + }, + "cloningInfo": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. If specified during app creation, the app is cloned from a source app." + } + }, + "containerSize": { + "type": "int", + "defaultValue": -1, + "metadata": { + "description": "Optional. Size of the function container." + } + }, + "customDomainVerificationId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification." + } + }, + "dailyMemoryTimeQuota": { + "type": "int", + "defaultValue": -1, + "metadata": { + "description": "Optional. Maximum allowed daily memory-time quota (applicable on dynamic apps only)." + } + }, + "enabled": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Setting this value to false disables the app (takes the app offline)." + } + }, + "hostNameSslStates": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Hostname SSL states are used to manage the SSL bindings for app's hostnames." + } + }, + "hyperV": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Hyper-V sandbox." + } + }, + "publicNetworkAccess": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "Enabled", + "Disabled", + "" + ], + "metadata": { + "description": "Optional. Allow or block all public traffic." + } + }, + "redundancyMode": { + "type": "string", + "defaultValue": "None", + "allowedValues": [ + "ActiveActive", + "Failover", + "GeoRedundant", + "Manual", + "None" + ], + "metadata": { + "description": "Optional. Site redundancy mode." + } + }, + "vnetContentShareEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. To enable accessing content over virtual network." + } + }, + "vnetImagePullEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. To enable pulling image over Virtual Network." + } + }, + "vnetRouteAllEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied." + } + }, + "hybridConnectionRelays": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Names of hybrid connection relays to connect app with." + } + } + }, + "variables": { + "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", + "enableReferencedModulesTelemetry": false, + "builtInRoleNames": { + "App Compliance Automation Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f37683f-2463-46b6-9ce7-9b788b988ba2')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Web Plan Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b')]", + "Website Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772')]" + } + }, + "resources": { + "app": { + "existing": true, + "type": "Microsoft.Web/sites", + "apiVersion": "2021-03-01", + "name": "[parameters('appName')]" + }, + "defaultTelemetry": { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + "slot": { + "type": "Microsoft.Web/sites/slots", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}', parameters('appName'), parameters('name'))]", + "location": "[parameters('location')]", + "kind": "[parameters('kind')]", + "tags": "[parameters('tags')]", + "identity": "[variables('identity')]", + "properties": { + "serverFarmId": "[parameters('serverFarmResourceId')]", + "clientAffinityEnabled": "[parameters('clientAffinityEnabled')]", + "httpsOnly": "[parameters('httpsOnly')]", + "hostingEnvironmentProfile": "[if(not(empty(parameters('appServiceEnvironmentResourceId'))), createObject('id', parameters('appServiceEnvironmentResourceId')), null())]", + "storageAccountRequired": "[parameters('storageAccountRequired')]", + "keyVaultReferenceIdentity": "[if(not(empty(parameters('keyVaultAccessIdentityResourceId'))), parameters('keyVaultAccessIdentityResourceId'), null())]", + "virtualNetworkSubnetId": "[if(not(empty(parameters('virtualNetworkSubnetId'))), parameters('virtualNetworkSubnetId'), null())]", + "siteConfig": "[parameters('siteConfig')]", + "clientCertEnabled": "[parameters('clientCertEnabled')]", + "clientCertExclusionPaths": "[if(not(empty(parameters('clientCertExclusionPaths'))), parameters('clientCertExclusionPaths'), null())]", + "clientCertMode": "[parameters('clientCertMode')]", + "cloningInfo": "[if(not(empty(parameters('cloningInfo'))), parameters('cloningInfo'), null())]", + "containerSize": "[if(not(equals(parameters('containerSize'), -1)), parameters('containerSize'), null())]", + "customDomainVerificationId": "[if(not(empty(parameters('customDomainVerificationId'))), parameters('customDomainVerificationId'), null())]", + "dailyMemoryTimeQuota": "[if(not(equals(parameters('dailyMemoryTimeQuota'), -1)), parameters('dailyMemoryTimeQuota'), null())]", + "enabled": "[parameters('enabled')]", + "hostNameSslStates": "[parameters('hostNameSslStates')]", + "hyperV": "[parameters('hyperV')]", + "publicNetworkAccess": "[parameters('publicNetworkAccess')]", + "redundancyMode": "[parameters('redundancyMode')]", + "vnetContentShareEnabled": "[parameters('vnetContentShareEnabled')]", + "vnetImagePullEnabled": "[parameters('vnetImagePullEnabled')]", + "vnetRouteAllEnabled": "[parameters('vnetRouteAllEnabled')]" + }, + "dependsOn": [ + "app" + ] + }, + "slot_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Web/sites/{0}/slots/{1}', parameters('appName'), parameters('name'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", + "properties": { + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + }, + "dependsOn": [ + "slot" + ] + }, + "slot_diagnosticSettings": { + "copy": { + "name": "slot_diagnosticSettings", + "count": "[length(coalesce(parameters('diagnosticSettings'), createArray()))]" + }, + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "scope": "[format('Microsoft.Web/sites/{0}/slots/{1}', parameters('appName'), parameters('name'))]", + "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", + "properties": { + "storageAccountId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'storageAccountResourceId')]", + "workspaceId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'workspaceResourceId')]", + "eventHubAuthorizationRuleId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubAuthorizationRuleResourceId')]", + "eventHubName": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubName')]", + "metrics": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics', 'timeGrain', null(), 'enabled', true())))]", + "logs": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), createArray(createObject('categoryGroup', 'AllLogs', 'enabled', true())))]", + "marketplacePartnerId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'marketplacePartnerResourceId')]", + "logAnalyticsDestinationType": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logAnalyticsDestinationType')]" + }, + "dependsOn": [ + "slot" + ] + }, + "slot_roleAssignments": { + "copy": { + "name": "slot_roleAssignments", + "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Web/sites/{0}/slots/{1}', parameters('appName'), parameters('name'))]", + "name": "[guid(resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "properties": { + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", + "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", + "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", + "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]", + "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", + "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" + }, + "dependsOn": [ + "slot" + ] + }, + "slot_appsettings": { + "condition": "[not(empty(parameters('appSettingsKeyValuePairs')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Slot-{1}-Config-AppSettings', uniqueString(deployment().name, parameters('location')), parameters('name'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "slotName": { + "value": "[parameters('name')]" + }, + "appName": { + "value": "[parameters('appName')]" + }, + "kind": { + "value": "[parameters('kind')]" + }, + "storageAccountResourceId": { + "value": "[parameters('storageAccountResourceId')]" + }, + "appInsightResourceId": { + "value": "[parameters('appInsightResourceId')]" + }, + "setAzureWebJobsDashboard": { + "value": "[parameters('setAzureWebJobsDashboard')]" + }, + "appSettingsKeyValuePairs": { + "value": "[parameters('appSettingsKeyValuePairs')]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "13223616826795830599" + }, + "name": "Site Slot App Settings", + "description": "This module deploys a Site Slot App Setting.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "slotName": { + "type": "string", + "metadata": { + "description": "Required. Slot name to be configured." + } + }, + "appName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "functionapp", + "functionapp,linux", + "functionapp,workflowapp", + "functionapp,workflowapp,linux", + "app" + ], + "metadata": { + "description": "Required. Type of slot to deploy." + } + }, + "storageAccountResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions." + } + }, + "appInsightResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the app insight to leverage for this resource." + } + }, + "setAzureWebJobsDashboard": { + "type": "bool", + "defaultValue": "[if(contains(parameters('kind'), 'functionapp'), true(), false())]", + "metadata": { + "description": "Optional. For function apps. If true the app settings \"AzureWebJobsDashboard\" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons." + } + }, + "appSettingsKeyValuePairs": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Web/sites/slots/config", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}/{2}', parameters('appName'), parameters('slotName'), 'appsettings')]", + "kind": "[parameters('kind')]", + "properties": "[union(parameters('appSettingsKeyValuePairs'), if(not(empty(parameters('storageAccountResourceId'))), union(createObject('AzureWebJobsStorage', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};', last(split(parameters('storageAccountResourceId'), '/')), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountResourceId'), '/')[2], split(parameters('storageAccountResourceId'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2023-01-01').keys[0].value)), if(equals(parameters('setAzureWebJobsDashboard'), true()), createObject('AzureWebJobsDashboard', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};', last(split(parameters('storageAccountResourceId'), '/')), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountResourceId'), '/')[2], split(parameters('storageAccountResourceId'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2023-01-01').keys[0].value)), createObject())), createObject()), if(not(empty(parameters('appInsightResourceId'))), createObject('APPINSIGHTS_INSTRUMENTATIONKEY', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('appInsightResourceId'), '/')[2], split(parameters('appInsightResourceId'), '/')[4]), 'Microsoft.Insights/components', last(split(parameters('appInsightResourceId'), '/'))), '2020-02-02').InstrumentationKey, 'APPLICATIONINSIGHTS_CONNECTION_STRING', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('appInsightResourceId'), '/')[2], split(parameters('appInsightResourceId'), '/')[4]), 'Microsoft.Insights/components', last(split(parameters('appInsightResourceId'), '/'))), '2020-02-02').ConnectionString), createObject()))]" + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the slot config." + }, + "value": "appsettings" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the slot config." + }, + "value": "[resourceId('Microsoft.Web/sites/slots/config', parameters('appName'), parameters('slotName'), 'appsettings')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the slot config was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "app", + "slot" + ] + }, + "slot_authsettingsv2": { + "condition": "[not(empty(parameters('authSettingV2Configuration')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Slot-{1}-Config-AuthSettingsV2', uniqueString(deployment().name, parameters('location')), parameters('name'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "slotName": { + "value": "[parameters('name')]" + }, + "appName": { + "value": "[parameters('appName')]" + }, + "kind": { + "value": "[parameters('kind')]" + }, + "authSettingV2Configuration": { + "value": "[parameters('authSettingV2Configuration')]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "16157844933162881953" + }, + "name": "Site Slot Auth Settings V2 Config", + "description": "This module deploys a Site Auth Settings V2 Configuration.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "appName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." + } + }, + "slotName": { + "type": "string", + "metadata": { + "description": "Required. Slot name to be configured." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "functionapp", + "functionapp,linux", + "functionapp,workflowapp", + "functionapp,workflowapp,linux", + "app" + ], + "metadata": { + "description": "Required. Type of slot to deploy." + } + }, + "authSettingV2Configuration": { + "type": "object", + "metadata": { + "description": "Required. The auth settings V2 configuration." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Web/sites/slots/config", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}/{2}', parameters('appName'), parameters('slotName'), 'authsettingsV2')]", + "kind": "[parameters('kind')]", + "properties": "[parameters('authSettingV2Configuration')]" + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the slot config." + }, + "value": "authsettingsV2" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the slot config." + }, + "value": "[resourceId('Microsoft.Web/sites/slots/config', parameters('appName'), parameters('slotName'), 'authsettingsV2')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the slot config was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "app", + "slot" + ] + }, + "slot_hybridConnectionRelays": { + "copy": { + "name": "slot_hybridConnectionRelays", + "count": "[length(parameters('hybridConnectionRelays'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-Slot-HybridConnectionRelay-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "hybridConnectionResourceId": { + "value": "[parameters('hybridConnectionRelays')[copyIndex()].resourceId]" + }, + "appName": { + "value": "[parameters('appName')]" + }, + "slotName": { + "value": "[parameters('name')]" + }, + "sendKeyName": "[if(contains(parameters('hybridConnectionRelays')[copyIndex()], 'sendKeyName'), createObject('value', parameters('hybridConnectionRelays')[copyIndex()].sendKeyName), createObject('value', null()))]", + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "11888981629758921842" + }, + "name": "Web/Function Apps Slot Hybrid Connection Relay", + "description": "This module deploys a Site Slot Hybrid Connection Namespace Relay.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "hybridConnectionResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the relay namespace hybrid connection." + } + }, + "slotName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the site slot. Required if the template is used in a standalone deployment." + } + }, + "appName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent web site. Required if the template is used in a standalone deployment." + } + }, + "sendKeyName": { + "type": "string", + "defaultValue": "defaultSender", + "metadata": { + "description": "Optional. Name of the authorization rule send key to use." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays", + "apiVersion": "2022-09-01", + "name": "[format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]", + "properties": { + "serviceBusNamespace": "[split(parameters('hybridConnectionResourceId'), '/')[8]]", + "serviceBusSuffix": "[split(substring(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces', split(parameters('hybridConnectionResourceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, indexOf(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces', split(parameters('hybridConnectionResourceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, '.servicebus')), ':')[0]]", + "relayName": "[split(parameters('hybridConnectionResourceId'), '/')[10]]", + "relayArmUri": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]", + "hostname": "[split(json(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '2021-11-01').userMetadata)[0].value, ':')[0]]", + "port": "[int(split(json(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '2021-11-01').userMetadata)[0].value, ':')[1])]", + "sendKeyName": "[parameters('sendKeyName')]", + "sendKeyValue": "[listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections/authorizationRules', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10], parameters('sendKeyName')), '2021-11-01').primaryKey]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the hybrid connection relay.." + }, + "value": "[format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the hybrid connection relay." + }, + "value": "[resourceId('Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays', split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[0], split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[1], split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[2], split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[3])]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the resource was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "app", + "slot" + ] + }, + "slot_privateEndpoints": { + "copy": { + "name": "slot_privateEndpoints", + "count": "[length(coalesce(parameters('privateEndpoints'), createArray()))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-app-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "groupIds": { + "value": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites')]" + ] + }, + "name": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites'), copyIndex()))]" + }, + "serviceResourceId": { + "value": "[resourceId('Microsoft.Web/sites', parameters('appName'))]" + }, + "subnetResourceId": { + "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" + }, + "enableDefaultTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableDefaultTelemetry'), variables('enableReferencedModulesTelemetry'))]" + }, + "location": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" + }, + "lock": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'lock'), parameters('lock'))]" + }, + "privateDnsZoneGroupName": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroupName')]" + }, + "privateDnsZoneResourceIds": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneResourceIds')]" + }, + "roleAssignments": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'roleAssignments')]" + }, + "tags": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" + }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, + "customDnsConfigs": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" + }, + "ipConfigurations": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'ipConfigurations')]" + }, + "applicationSecurityGroupResourceIds": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'applicationSecurityGroupResourceIds')]" + }, + "customNetworkInterfaceName": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "12078057657290521609" + }, + "name": "Private Endpoints", + "description": "This module deploys a Private Endpoint.", + "owner": "Azure/module-maintainers" + }, + "definitions": { + "roleAssignmentType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." + } + } + } + }, + "nullable": true + }, + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + }, + "ipConfigurationsType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the resource that is unique within a resource group." + } + }, + "properties": { + "type": "object", + "properties": { + "groupId": { + "type": "string", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "memberName": { + "type": "string", + "metadata": { + "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "privateIPAddress": { + "type": "string", + "metadata": { + "description": "Required. A private ip address obtained from the private endpoint's subnet." + } + } + }, + "metadata": { + "description": "Required. Properties of private endpoint IP configurations." + } + } + } + }, + "nullable": true + }, + "customDnsConfigType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fqdn": { + "type": "string", + "metadata": { + "description": "Required. Fqdn that resolves to private endpoint ip address." + } + }, + "ipAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. A list of private ip addresses of the private endpoint." + } + } + } + }, + "nullable": true + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the private endpoint resource to create." + } + }, + "subnetResourceId": { + "type": "string", + "metadata": { + "description": "Required. Resource ID of the subnet where the endpoint needs to be created." + } + }, + "serviceResourceId": { + "type": "string", + "metadata": { + "description": "Required. Resource ID of the resource that needs to be connected to the network." + } + }, + "applicationSecurityGroupResourceIds": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Application security groups in which the private endpoint IP configuration is included." + } + }, + "customNetworkInterfaceName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The custom name of the network interface attached to the private endpoint." + } + }, + "ipConfigurations": { + "$ref": "#/definitions/ipConfigurationsType", + "nullable": true, + "metadata": { + "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." + } + }, + "groupIds": { + "type": "array", + "metadata": { + "description": "Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to." + } + }, + "privateDnsZoneGroupName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." + } + }, + "privateDnsZoneResourceIds": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "lock": { + "$ref": "#/definitions/lockType", + "metadata": { + "description": "Optional. The lock settings of the service." + } + }, + "roleAssignments": { + "$ref": "#/definitions/roleAssignmentType", + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." + } + }, + "customDnsConfigs": { + "$ref": "#/definitions/customDnsConfigType", + "nullable": true, + "metadata": { + "description": "Optional. Custom DNS configurations." + } + }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + } + }, + "variables": { + "enableReferencedModulesTelemetry": false, + "builtInRoleNames": { + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", + "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", + "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", + "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", + "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]" + } + }, + "resources": { + "defaultTelemetry": { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + "privateEndpoint": { + "type": "Microsoft.Network/privateEndpoints", + "apiVersion": "2023-04-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "copy": [ + { + "name": "applicationSecurityGroups", + "count": "[length(coalesce(parameters('applicationSecurityGroupResourceIds'), createArray()))]", + "input": { + "id": "[coalesce(parameters('applicationSecurityGroupResourceIds'), createArray())[copyIndex('applicationSecurityGroups')]]" + } + } + ], + "customDnsConfigs": "[parameters('customDnsConfigs')]", + "customNetworkInterfaceName": "[coalesce(parameters('customNetworkInterfaceName'), '')]", + "ipConfigurations": "[coalesce(parameters('ipConfigurations'), createArray())]", + "manualPrivateLinkServiceConnections": "[coalesce(parameters('manualPrivateLinkServiceConnections'), createArray())]", + "privateLinkServiceConnections": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[parameters('serviceResourceId')]", + "groupIds": "[parameters('groupIds')]" + } + } + ], + "subnet": { + "id": "[parameters('subnetResourceId')]" + } + } + }, + "privateEndpoint_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", + "properties": { + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + }, + "dependsOn": [ + "privateEndpoint" + ] + }, + "privateEndpoint_roleAssignments": { + "copy": { + "name": "privateEndpoint_roleAssignments", + "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "name": "[guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "properties": { + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", + "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", + "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", + "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]", + "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", + "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" + }, + "dependsOn": [ + "privateEndpoint" + ] + }, + "privateEndpoint_privateDnsZoneGroup": { + "condition": "[not(empty(parameters('privateDnsZoneResourceIds')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-PrivateEndpoint-PrivateDnsZoneGroup', uniqueString(deployment().name))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[coalesce(parameters('privateDnsZoneGroupName'), 'default')]" + }, + "privateDNSResourceIds": { + "value": "[coalesce(parameters('privateDnsZoneResourceIds'), createArray())]" + }, + "privateEndpointName": { + "value": "[parameters('name')]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "16391702514342252839" + }, + "name": "Private Endpoint Private DNS Zone Groups", + "description": "This module deploys a Private Endpoint Private DNS Zone Group.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "privateEndpointName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent private endpoint. Required if the template is used in a standalone deployment." + } + }, + "privateDNSResourceIds": { + "type": "array", + "minLength": 1, + "maxLength": 5, + "metadata": { + "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." + } + }, + "name": { + "type": "string", + "defaultValue": "default", + "metadata": { + "description": "Optional. The name of the private DNS zone group." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + } + }, + "variables": { + "copy": [ + { + "name": "privateDnsZoneConfigs", + "count": "[length(parameters('privateDNSResourceIds'))]", + "input": { + "name": "[last(split(parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')], '/'))]", + "properties": { + "privateDnsZoneId": "[parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')]]" + } + } + } + ] + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", + "apiVersion": "2023-04-01", + "name": "[format('{0}/{1}', parameters('privateEndpointName'), parameters('name'))]", + "properties": { + "privateDnsZoneConfigs": "[variables('privateDnsZoneConfigs')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the private endpoint DNS zone group." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the private endpoint DNS zone group." + }, + "value": "[resourceId('Microsoft.Network/privateEndpoints/privateDnsZoneGroups', parameters('privateEndpointName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the private endpoint DNS zone group was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "privateEndpoint" + ] + } + }, + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the private endpoint was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the private endpoint." + }, + "value": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the private endpoint." + }, + "value": "[parameters('name')]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "app" + ] + } + }, + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the slot." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the slot." + }, + "value": "[resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the slot was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "systemAssignedMIPrincipalId": { + "type": "string", + "metadata": { + "description": "The principal ID of the system assigned identity." + }, + "value": "[if(and(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), contains(reference('slot', '2022-09-01', 'full').identity, 'principalId')), reference('slot', '2022-09-01', 'full').identity.principalId, '')]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference('slot', '2022-09-01', 'full').location]" + } + } +} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/version.json b/bicep-examples/dependencies/modules/webApp/site/slot/version.json new file mode 100644 index 0000000..96236a6 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/slot/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.4", + "pathFilters": [ + "./main.json" + ] +} diff --git a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppCommon/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppCommon/dependencies.bicep new file mode 100644 index 0000000..72e118b --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppCommon/dependencies.bicep @@ -0,0 +1,148 @@ +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +@description('Required. The name of the Server Farm to create.') +param serverFarmName string + +@description('Required. The name of the Storage Account to create.') +param storageAccountName string + +@description('Required. The name of the Application Insights instance to create.') +param applicationInsightsName string + +@description('Required. The name of the Relay Namespace to create.') +param relayNamespaceName string + +@description('Required. The name of the Hybrid Connection to create.') +param hybridConnectionName string + +var addressPrefix = '10.0.0.0/16' + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 16, 0) + } + } + ] + } +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.azurewebsites.net' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = { + name: storageAccountName + location: location + sku: { + name: 'Standard_LRS' + } + kind: 'StorageV2' + properties: {} +} + +resource serverFarm 'Microsoft.Web/serverfarms@2022-03-01' = { + name: serverFarmName + location: location + sku: { + name: 'S1' + tier: 'Standard' + size: 'S1' + family: 'S' + capacity: 1 + } + properties: {} +} + +resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = { + name: applicationInsightsName + location: location + kind: '' + properties: {} +} + +resource namespace 'Microsoft.Relay/namespaces@2021-11-01' = { + name: relayNamespaceName + location: location + sku: { + name: 'Standard' + } + properties: {} +} + +resource hybridConnection 'Microsoft.Relay/namespaces/hybridConnections@2021-11-01' = { + name: hybridConnectionName + parent: namespace + properties: { + requiresClientAuthorization: true + userMetadata: '[{"key":"endpoint","value":"db-server.constoso.com:1433"}]' + } +} + +resource authorizationRule 'Microsoft.Relay/namespaces/hybridConnections/authorizationRules@2021-11-01' = { + name: 'defaultSender' + parent: hybridConnection + properties: { + rights: [ + 'Send' + ] + } +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId + +@description('The resource ID of the created Managed Identity.') +output managedIdentityResourceId string = managedIdentity.id + +@description('The resource ID of the created Server Farm.') +output serverFarmResourceId string = serverFarm.id + +@description('The resource ID of the created Storage Account.') +output storageAccountResourceId string = storageAccount.id + +@description('The resource ID of the created Application Insights instance.') +output applicationInsightsResourceId string = applicationInsights.id + +@description('The resource ID of the created Private DNS Zone.') +output privateDNSZoneResourceId string = privateDNSZone.id + +@description('The resource ID of the created Hybrid Connection.') +output hybridConnectionResourceId string = hybridConnection.id diff --git a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppCommon/main.test.bicep b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppCommon/main.test.bicep new file mode 100644 index 0000000..9219cb3 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppCommon/main.test.bicep @@ -0,0 +1,201 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-web.sites-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'wsfacom' + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '[[namePrefix]]' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-nestedDependencies' + params: { + virtualNetworkName: 'dep-[[namePrefix]]-vnet-${serviceShort}' + managedIdentityName: 'dep-[[namePrefix]]-msi-${serviceShort}' + serverFarmName: 'dep-[[namePrefix]]-sf-${serviceShort}' + storageAccountName: 'dep[[namePrefix]]st${serviceShort}' + applicationInsightsName: 'dep-[[namePrefix]]-appi-${serviceShort}' + relayNamespaceName: 'dep-[[namePrefix]]-ns-${serviceShort}' + hybridConnectionName: 'dep-[[namePrefix]]-hc-${serviceShort}' + } +} + +// Diagnostics +// =========== +module diagnosticDependencies '../../../../../.shared/.templates/diagnostic.dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' + params: { + storageAccountName: 'dep${namePrefix}diasa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}' + eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}' + location: location + } +} + +// ============== // +// Test Execution // +// ============== // +// For the below test case, please consider the guidelines described here: https://github.com/Azure/ResourceModules/wiki/Getting%20started%20-%20Scenario%202%20Onboard%20module%20library%20and%20CI%20environment#microsoftwebsites +module testDeployment '../../../main.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-test-${serviceShort}' + params: { + enableDefaultTelemetry: enableDefaultTelemetry + name: '${namePrefix}${serviceShort}001' + kind: 'functionapp' + serverFarmResourceId: nestedDependencies.outputs.serverFarmResourceId + appInsightResourceId: nestedDependencies.outputs.applicationInsightsResourceId + appSettingsKeyValuePairs: { + AzureFunctionsJobHost__logging__logLevel__default: 'Trace' + EASYAUTH_SECRET: 'https://${namePrefix}-KeyVault${environment().suffixes.keyvaultDns}/secrets/Modules-Test-SP-Password' + FUNCTIONS_EXTENSION_VERSION: '~4' + FUNCTIONS_WORKER_RUNTIME: 'dotnet' + } + authSettingV2Configuration: { + globalValidation: { + requireAuthentication: true + unauthenticatedClientAction: 'Return401' + } + httpSettings: { + forwardProxy: { + convention: 'NoProxy' + } + requireHttps: true + routes: { + apiPrefix: '/.auth' + } + } + identityProviders: { + azureActiveDirectory: { + enabled: true + login: { + disableWWWAuthenticate: false + } + registration: { + clientId: 'd874dd2f-2032-4db1-a053-f0ec243685aa' + clientSecretSettingName: 'EASYAUTH_SECRET' + openIdIssuer: 'https://sts.windows.net/${tenant().tenantId}/v2.0/' + } + validation: { + allowedAudiences: [ + 'api://d874dd2f-2032-4db1-a053-f0ec243685aa' + ] + defaultAuthorizationPolicy: { + allowedPrincipals: {} + } + jwtClaimChecks: {} + } + } + } + login: { + allowedExternalRedirectUrls: [ + 'string' + ] + cookieExpiration: { + convention: 'FixedTime' + timeToExpiration: '08:00:00' + } + nonce: { + nonceExpirationInterval: '00:05:00' + validateNonce: true + } + preserveUrlFragmentsForLogins: false + routes: {} + tokenStore: { + azureBlobStorage: {} + enabled: true + fileSystem: {} + tokenRefreshExtensionHours: 72 + } + } + platform: { + enabled: true + runtimeVersion: '~1' + } + } + diagnosticSettings: [ + { + name: 'customSetting' + metricCategories: [ + { + category: 'AllMetrics' + } + ] + eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId + workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + } + ] + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } + privateEndpoints: [ + { + subnetResourceId: nestedDependencies.outputs.subnetResourceId + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } + ] + roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + ] + setAzureWebJobsDashboard: true + keyVaultAccessIdentityResourceId: nestedDependencies.outputs.managedIdentityResourceId + siteConfig: { + alwaysOn: true + use32BitWorkerProcess: false + } + storageAccountResourceId: nestedDependencies.outputs.storageAccountResourceId + managedIdentities: { + systemAssigned: true + userAssignedResourcesIds: [ + nestedDependencies.outputs.managedIdentityResourceId + ] + } + hybridConnectionRelays: [ + { + resourceId: nestedDependencies.outputs.hybridConnectionResourceId + sendKeyName: 'defaultSender' + } + ] + } +} diff --git a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppMin/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppMin/dependencies.bicep new file mode 100644 index 0000000..cd93e7e --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppMin/dependencies.bicep @@ -0,0 +1,21 @@ +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +@description('Required. The name of the Server Farm to create.') +param serverFarmName string + +resource serverFarm 'Microsoft.Web/serverfarms@2022-03-01' = { + name: serverFarmName + location: location + sku: { + name: 'S1' + tier: 'Standard' + size: 'S1' + family: 'S' + capacity: 1 + } + properties: {} +} + +@description('The resource ID of the created Server Farm.') +output serverFarmResourceId string = serverFarm.id diff --git a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppMin/main.test.bicep b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppMin/main.test.bicep new file mode 100644 index 0000000..29a4169 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppMin/main.test.bicep @@ -0,0 +1,58 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-web.sites-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'wsfamin' + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '[[namePrefix]]' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-nestedDependencies' + params: { + serverFarmName: 'dep-${namePrefix}-sf-${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../../main.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-test-${serviceShort}' + params: { + enableDefaultTelemetry: enableDefaultTelemetry + name: '${namePrefix}${serviceShort}001' + kind: 'functionapp' + serverFarmResourceId: nestedDependencies.outputs.serverFarmResourceId + siteConfig: { + alwaysOn: true + } + } +} diff --git a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppCommon/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppCommon/dependencies.bicep new file mode 100644 index 0000000..79da8b0 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppCommon/dependencies.bicep @@ -0,0 +1,119 @@ +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +@description('Required. The name of the Server Farm to create.') +param serverFarmName string + +@description('Required. The name of the Relay Namespace to create.') +param relayNamespaceName string + +@description('Required. The name of the Hybrid Connection to create.') +param hybridConnectionName string + +var addressPrefix = '10.0.0.0/16' + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 16, 0) + } + } + ] + } +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.azurewebsites.net' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +resource serverFarm 'Microsoft.Web/serverfarms@2022-03-01' = { + name: serverFarmName + location: location + sku: { + name: 'S1' + tier: 'Standard' + size: 'S1' + family: 'S' + capacity: 1 + } + properties: {} +} + +resource relayNamespace 'Microsoft.Relay/namespaces@2021-11-01' = { + name: relayNamespaceName + location: location + sku: { + name: 'Standard' + } + properties: {} +} + +resource hybridConnection 'Microsoft.Relay/namespaces/hybridConnections@2021-11-01' = { + name: hybridConnectionName + parent: relayNamespace + properties: { + requiresClientAuthorization: true + userMetadata: '[{"key":"endpoint","value":"db-server.constoso.com:1433"}]' + } +} + +resource authorizationRule 'Microsoft.Relay/namespaces/hybridConnections/authorizationRules@2021-11-01' = { + name: 'defaultSender' + parent: hybridConnection + properties: { + rights: [ + 'Send' + ] + } +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId + +@description('The resource ID of the created Managed Identity.') +output managedIdentityResourceId string = managedIdentity.id + +@description('The resource ID of the created Server Farm.') +output serverFarmResourceId string = serverFarm.id + +@description('The resource ID of the created Private DNS Zone.') +output privateDNSZoneResourceId string = privateDNSZone.id + +@description('The resource ID of the created Hybrid Connection.') +output hybridConnectionResourceId string = hybridConnection.id diff --git a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppCommon/main.test.bicep b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppCommon/main.test.bicep new file mode 100644 index 0000000..ddf1838 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppCommon/main.test.bicep @@ -0,0 +1,200 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-web.sites-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'wswa' + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '[[namePrefix]]' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-nestedDependencies' + params: { + virtualNetworkName: 'dep-[[namePrefix]]-vnet-${serviceShort}' + managedIdentityName: 'dep-[[namePrefix]]-msi-${serviceShort}' + serverFarmName: 'dep-[[namePrefix]]-sf-${serviceShort}' + relayNamespaceName: 'dep-[[namePrefix]]-ns-${serviceShort}' + hybridConnectionName: 'dep-[[namePrefix]]-hc-${serviceShort}' + } +} + +// Diagnostics +// =========== +module diagnosticDependencies '../../../../../.shared/.templates/diagnostic.dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-diagnosticDependencies' + params: { + storageAccountName: 'dep${namePrefix}diasa${serviceShort}01' + logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' + eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}' + eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}' + location: location + } +} + +// ============== // +// Test Execution // +// ============== // +module testDeployment '../../../main.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-test-${serviceShort}' + params: { + enableDefaultTelemetry: enableDefaultTelemetry + name: '${namePrefix}${serviceShort}001' + kind: 'app' + serverFarmResourceId: nestedDependencies.outputs.serverFarmResourceId + diagnosticSettings: [ + { + name: 'customSetting' + metricCategories: [ + { + category: 'AllMetrics' + } + ] + eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId + workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + } + ] + httpsOnly: true + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } + slots: [ + { + name: 'slot1' + diagnosticSettings: [ + { + name: 'customSetting' + eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId + workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + } + ] + privateEndpoints: [ + { + subnetResourceId: nestedDependencies.outputs.subnetResourceId + privateDnsZoneResourceIds: [ + + nestedDependencies.outputs.privateDNSZoneResourceId + + ] + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } + ] + roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + ] + siteConfig: { + alwaysOn: true + metadata: [ + { + name: 'CURRENT_STACK' + value: 'dotnetcore' + } + ] + } + hybridConnectionRelays: [ + { + resourceId: nestedDependencies.outputs.hybridConnectionResourceId + sendKeyName: 'defaultSender' + } + ] + } + { + name: 'slot2' + } + ] + privateEndpoints: [ + { + subnetResourceId: nestedDependencies.outputs.subnetResourceId + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } + ] + roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + ] + siteConfig: { + alwaysOn: true + metadata: [ + { + name: 'CURRENT_STACK' + value: 'dotnetcore' + } + ] + } + managedIdentities: { + systemAssigned: true + userAssignedResourcesIds: [ + nestedDependencies.outputs.managedIdentityResourceId + ] + } + basicPublishingCredentialsPolicies: [ + { + name: 'ftp' + } + { + name: 'scm' + } + + ] + hybridConnectionRelays: [ + { + resourceId: nestedDependencies.outputs.hybridConnectionResourceId + sendKeyName: 'defaultSender' + } + ] + scmSiteAlsoStopped: true + vnetContentShareEnabled: true + vnetImagePullEnabled: true + vnetRouteAllEnabled: true + publicNetworkAccess: 'Disabled' + } +} diff --git a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppMin/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppMin/dependencies.bicep new file mode 100644 index 0000000..cd93e7e --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppMin/dependencies.bicep @@ -0,0 +1,21 @@ +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +@description('Required. The name of the Server Farm to create.') +param serverFarmName string + +resource serverFarm 'Microsoft.Web/serverfarms@2022-03-01' = { + name: serverFarmName + location: location + sku: { + name: 'S1' + tier: 'Standard' + size: 'S1' + family: 'S' + capacity: 1 + } + properties: {} +} + +@description('The resource ID of the created Server Farm.') +output serverFarmResourceId string = serverFarm.id diff --git a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppMin/main.test.bicep b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppMin/main.test.bicep new file mode 100644 index 0000000..38c74f7 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppMin/main.test.bicep @@ -0,0 +1,55 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-web.sites-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'wswamin' + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '[[namePrefix]]' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-nestedDependencies' + params: { + serverFarmName: 'dep-${namePrefix}-sf-${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../../main.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-test-${serviceShort}' + params: { + enableDefaultTelemetry: enableDefaultTelemetry + name: '${namePrefix}${serviceShort}001' + kind: 'app' + serverFarmResourceId: nestedDependencies.outputs.serverFarmResourceId + } +} diff --git a/bicep-examples/dependencies/modules/webApp/site/version.json b/bicep-examples/dependencies/modules/webApp/site/version.json new file mode 100644 index 0000000..96236a6 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.4", + "pathFilters": [ + "./main.json" + ] +} diff --git a/bicep-examples/dependencies/modules/webApp/static-site/README.md b/bicep-examples/dependencies/modules/webApp/static-site/README.md new file mode 100644 index 0000000..98a80f1 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/README.md @@ -0,0 +1,949 @@ +# Static Web Apps `[Microsoft.Web/staticSites]` + +This module deploys a Static Web App. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | +| `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | +| `Microsoft.Web/staticSites` | [2021-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-03-01/staticSites) | +| `Microsoft.Web/staticSites/config` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/staticSites/config) | +| `Microsoft.Web/staticSites/customDomains` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-03-01/staticSites/customDomains) | +| `Microsoft.Web/staticSites/linkedBackends` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-03-01/staticSites/linkedBackends) | + +## Usage examples + +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. + +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/web.static-site:1.0.0`. + +- [Using only defaults](#example-1-using-only-defaults) +- [Using large parameter set](#example-2-using-large-parameter-set) +- [WAF-aligned](#example-3-waf-aligned) + +### Example 1: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. + + +
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "wssmin001"
+ },
+ // Non-required parameters
+ "enableDefaultTelemetry": {
+ "value": "
+
+### Example 2: _Using large parameter set_
+
+This instance deploys the module with most of its features enabled.
+
+
+via Bicep module
+
+```bicep
+module staticSite 'br:bicep/modules/web.static-site:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-wssmax'
+ params: {
+ // Required parameters
+ name: 'wssmax001'
+ // Non-required parameters
+ allowConfigFileUpdates: true
+ appSettings: {
+ foo: 'bar'
+ setting: 1
+ }
+ enableDefaultTelemetry: '
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "wssmax001"
+ },
+ // Non-required parameters
+ "allowConfigFileUpdates": {
+ "value": true
+ },
+ "appSettings": {
+ "value": {
+ "foo": "bar",
+ "setting": 1
+ }
+ },
+ "enableDefaultTelemetry": {
+ "value": "
+
+### Example 3: _WAF-aligned_
+
+This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.
+
+
+via Bicep module
+
+```bicep
+module staticSite 'br:bicep/modules/web.static-site:1.0.0' = {
+ name: '${uniqueString(deployment().name, location)}-test-wsswaf'
+ params: {
+ // Required parameters
+ name: 'wsswaf001'
+ // Non-required parameters
+ allowConfigFileUpdates: true
+ appSettings: {
+ foo: 'bar'
+ setting: 1
+ }
+ enableDefaultTelemetry: '
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "wsswaf001"
+ },
+ // Non-required parameters
+ "allowConfigFileUpdates": {
+ "value": true
+ },
+ "appSettings": {
+ "value": {
+ "foo": "bar",
+ "setting": 1
+ }
+ },
+ "enableDefaultTelemetry": {
+ "value": "
+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the static site. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowConfigFileUpdates`](#parameter-allowconfigfileupdates) | bool | False if config file is locked for this static web app; otherwise, true. | +| [`appSettings`](#parameter-appsettings) | object | Static site app settings. | +| [`branch`](#parameter-branch) | string | The branch name of the GitHub repository. | +| [`buildProperties`](#parameter-buildproperties) | object | Build properties for the static site. | +| [`customDomains`](#parameter-customdomains) | array | The custom domains associated with this static site. The deployment will fail as long as the validation records are not present. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enterpriseGradeCdnStatus`](#parameter-enterprisegradecdnstatus) | string | State indicating the status of the enterprise grade CDN serving traffic to the static web app. | +| [`functionAppSettings`](#parameter-functionappsettings) | object | Function app settings. | +| [`linkedBackend`](#parameter-linkedbackend) | object | Object with "resourceId" and "location" of the a user defined function app. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | +| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'sku' to be 'Standard'. | +| [`provider`](#parameter-provider) | string | The provider that submitted the last deployment to the primary environment of the static site. | +| [`repositoryToken`](#parameter-repositorytoken) | securestring | The Personal Access Token for accessing the GitHub repository. | +| [`repositoryUrl`](#parameter-repositoryurl) | string | The name of the GitHub repository. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sku`](#parameter-sku) | string | Type of static site to deploy. | +| [`stagingEnvironmentPolicy`](#parameter-stagingenvironmentpolicy) | string | State indicating whether staging environments are allowed or not allowed for a static web app. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`templateProperties`](#parameter-templateproperties) | object | Template Options for the static site. | + +### Parameter: `allowConfigFileUpdates` + +False if config file is locked for this static web app; otherwise, true. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `appSettings` + +Static site app settings. +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `branch` + +The branch name of the GitHub repository. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `buildProperties` + +Build properties for the static site. +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `customDomains` + +The custom domains associated with this static site. The deployment will fail as long as the validation records are not present. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enterpriseGradeCdnStatus` + +State indicating the status of the enterprise grade CDN serving traffic to the static web app. +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: + ```Bicep + [ + 'Disabled' + 'Disabling' + 'Enabled' + 'Enabling' + ] + ``` + +### Parameter: `functionAppSettings` + +Function app settings. +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `linkedBackend` + +Object with "resourceId" and "location" of the a user defined function app. +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + +- Required: No +- Type: string + +### Parameter: `managedIdentities` + +The managed identity definition for this resource. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | +| [`userAssignedResourcesIds`](#parameter-managedidentitiesuserassignedresourcesids) | No | array | Optional. The resource ID(s) to assign to the resource. | + +### Parameter: `managedIdentities.systemAssigned` + +Optional. Enables system assigned managed identity on the resource. + +- Required: No +- Type: bool + +### Parameter: `managedIdentities.userAssignedResourcesIds` + +Optional. The resource ID(s) to assign to the resource. + +- Required: No +- Type: array + +### Parameter: `name` + +Name of the static site. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'sku' to be 'Standard'. +- Required: No +- Type: array + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | +| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | + +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` + +Optional. Application security groups in which the private endpoint IP configuration is included. + +- Required: No +- Type: array + +### Parameter: `privateEndpoints.customDnsConfigs` + +Optional. Custom DNS configurations. + +- Required: No +- Type: array + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | +| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | + +### Parameter: `privateEndpoints.customDnsConfigs.fqdn` + +Required. Fqdn that resolves to private endpoint ip address. + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` + +Required. A list of private ip addresses of the private endpoint. + +- Required: Yes +- Type: array + + +### Parameter: `privateEndpoints.customNetworkInterfaceName` + +Optional. The custom name of the network interface attached to the private endpoint. + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.enableTelemetry` + +Optional. Enable/Disable usage telemetry for module. + +- Required: No +- Type: bool + +### Parameter: `privateEndpoints.ipConfigurations` + +Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. + +- Required: No +- Type: array + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | +| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | + +### Parameter: `privateEndpoints.ipConfigurations.name` + +Required. The name of the resource that is unique within a resource group. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.ipConfigurations.properties` + +Required. Properties of private endpoint IP configurations. + +- Required: Yes +- Type: object + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | +| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | +| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | + +### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` + +Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` + +Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` + +Required. A private ip address obtained from the private endpoint's subnet. + +- Required: Yes +- Type: string + + + +### Parameter: `privateEndpoints.location` + +Optional. The location to deploy the private endpoint to. + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.lock` + +Optional. Specify the type of lock. + +- Required: No +- Type: object + +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` + +Optional. Manual PrivateLink Service Connections. + +- Required: No +- Type: array + +### Parameter: `privateEndpoints.name` + +Optional. The name of the private endpoint. + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` + +Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. + +- Required: No +- Type: array + +### Parameter: `privateEndpoints.roleAssignments` + +Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: No +- Type: array + +### Parameter: `privateEndpoints.service` + +Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.subnetResourceId` + +Required. Resource ID of the subnet where the endpoint needs to be created. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.tags` + +Optional. Tags to be applied on all resources/resource groups in this deployment. + +- Required: No +- Type: object + +### Parameter: `provider` + +The provider that submitted the last deployment to the primary environment of the static site. +- Required: No +- Type: string +- Default: `'None'` + +### Parameter: `repositoryToken` + +The Personal Access Token for accessing the GitHub repository. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `repositoryUrl` + +The name of the GitHub repository. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | +| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | + +### Parameter: `roleAssignments.condition` + +Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" + +- Required: No +- Type: string + +### Parameter: `roleAssignments.conditionVersion` + +Optional. Version of the condition. + +- Required: No +- Type: string +- Allowed: `[2.0]` + +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` + +Optional. The Resource Id of the delegated managed identity resource. + +- Required: No +- Type: string + +### Parameter: `roleAssignments.description` + +Optional. The description of the role assignment. + +- Required: No +- Type: string + +### Parameter: `roleAssignments.principalId` + +Required. The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `roleAssignments.principalType` + +Optional. The principal type of the assigned principal ID. + +- Required: No +- Type: string +- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` + +### Parameter: `roleAssignments.roleDefinitionIdOrName` + +Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. + +- Required: Yes +- Type: string + +### Parameter: `sku` + +Type of static site to deploy. +- Required: No +- Type: string +- Default: `'Free'` +- Allowed: + ```Bicep + [ + 'Free' + 'Standard' + ] + ``` + +### Parameter: `stagingEnvironmentPolicy` + +State indicating whether staging environments are allowed or not allowed for a static web app. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: + ```Bicep + [ + 'Disabled' + 'Enabled' + ] + ``` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object + +### Parameter: `templateProperties` + +Template Options for the static site. +- Required: No +- Type: object +- Default: `{}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `defaultHostname` | string | The default autogenerated hostname for the static site. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the static site. | +| `resourceGroupName` | string | The resource group the static site was deployed into. | +| `resourceId` | string | The resource ID of the static site. | +| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/bicep-examples/dependencies/modules/webApp/static-site/config/README.md b/bicep-examples/dependencies/modules/webApp/static-site/config/README.md new file mode 100644 index 0000000..e17e11d --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/config/README.md @@ -0,0 +1,90 @@ +# Static Web App Site Config `[Microsoft.Web/staticSites/config]` + +This module deploys a Static Web App Site Config. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Web/staticSites/config` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/staticSites/config) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-kind) | string | Type of settings to apply. | +| [`properties`](#parameter-properties) | object | App settings. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`staticSiteName`](#parameter-staticsitename) | string | The name of the parent Static Web App. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `kind` + +Type of settings to apply. +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'appsettings' + 'functionappsettings' + ] + ``` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `properties` + +App settings. +- Required: Yes +- Type: object + +### Parameter: `staticSiteName` + +The name of the parent Static Web App. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the config. | +| `resourceGroupName` | string | The name of the resource group the config was created in. | +| `resourceId` | string | The resource ID of the config. | + +## Cross-referenced modules + +_None_ diff --git a/bicep-examples/dependencies/modules/webApp/static-site/config/main.bicep b/bicep-examples/dependencies/modules/webApp/static-site/config/main.bicep new file mode 100644 index 0000000..1db5657 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/config/main.bicep @@ -0,0 +1,54 @@ +metadata name = 'Static Web App Site Config' +metadata description = 'This module deploys a Static Web App Site Config.' +metadata owner = 'Azure/module-maintainers' + +@allowed([ + 'appsettings' + 'functionappsettings' +]) +@description('Required. Type of settings to apply.') +param kind string + +@description('Required. App settings.') +param properties object + +@description('Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment.') +param staticSiteName string + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +@description('Optional. Location for all resources.') +param location string = resourceGroup().location + +resource staticSite 'Microsoft.Web/staticSites@2022-03-01' existing = { + name: staticSiteName +} + +resource config 'Microsoft.Web/staticSites/config@2022-03-01' = { + #disable-next-line BCP225 // Disables incorrect error that `name` cannot be determined at compile time. + name: kind + parent: staticSite + properties: properties +} + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +@description('The name of the config.') +output name string = config.name + +@description('The resource ID of the config.') +output resourceId string = config.id + +@description('The name of the resource group the config was created in.') +output resourceGroupName string = resourceGroup().name diff --git a/bicep-examples/dependencies/modules/webApp/static-site/config/main.json b/bicep-examples/dependencies/modules/webApp/static-site/config/main.json new file mode 100644 index 0000000..e063d1a --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/config/main.json @@ -0,0 +1,97 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "8340850851413090940" + }, + "name": "Static Web App Site Config", + "description": "This module deploys a Static Web App Site Config.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "kind": { + "type": "string", + "allowedValues": [ + "appsettings", + "functionappsettings" + ], + "metadata": { + "description": "Required. Type of settings to apply." + } + }, + "properties": { + "type": "object", + "metadata": { + "description": "Required. App settings." + } + }, + "staticSiteName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + } + }, + "resources": [ + { + "type": "Microsoft.Web/staticSites/config", + "apiVersion": "2022-03-01", + "name": "[format('{0}/{1}', parameters('staticSiteName'), parameters('kind'))]", + "properties": "[parameters('properties')]" + }, + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the config." + }, + "value": "[parameters('kind')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the config." + }, + "value": "[resourceId('Microsoft.Web/staticSites/config', parameters('staticSiteName'), parameters('kind'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the config was created in." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/static-site/config/version.json b/bicep-examples/dependencies/modules/webApp/static-site/config/version.json new file mode 100644 index 0000000..9ed3662 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/config/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.6", + "pathFilters": [ + "./main.json" + ] +} diff --git a/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/README.md b/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/README.md new file mode 100644 index 0000000..f5b55f3 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/README.md @@ -0,0 +1,84 @@ +# Static Web App Site Custom Domains `[Microsoft.Web/staticSites/customDomains]` + +This module deploys a Static Web App Site Custom Domain. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Web/staticSites/customDomains` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-03-01/staticSites/customDomains) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The custom domain name. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`staticSiteName`](#parameter-staticsitename) | string | The name of the parent Static Web App. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`validationMethod`](#parameter-validationmethod) | string | Validation method for adding a custom domain. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The custom domain name. +- Required: Yes +- Type: string + +### Parameter: `staticSiteName` + +The name of the parent Static Web App. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `validationMethod` + +Validation method for adding a custom domain. +- Required: No +- Type: string +- Default: `'cname-delegation'` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the static site custom domain. | +| `resourceGroupName` | string | The resource group the static site custom domain was deployed into. | +| `resourceId` | string | The resource ID of the static site custom domain. | + +## Cross-referenced modules + +_None_ diff --git a/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/main.bicep b/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/main.bicep new file mode 100644 index 0000000..b392892 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/main.bicep @@ -0,0 +1,51 @@ +metadata name = 'Static Web App Site Custom Domains' +metadata description = 'This module deploys a Static Web App Site Custom Domain.' +metadata owner = 'Azure/module-maintainers' + +@description('Required. The custom domain name.') +param name string + +@description('Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment.') +param staticSiteName string + +@description('Optional. Validation method for adding a custom domain.') +param validationMethod string = 'cname-delegation' + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +@description('Optional. Location for all resources.') +param location string = resourceGroup().location + +resource staticSite 'Microsoft.Web/staticSites@2022-03-01' existing = { + name: staticSiteName +} + +resource customDomain 'Microsoft.Web/staticSites/customDomains@2022-03-01' = { + name: name + parent: staticSite + properties: { + validationMethod: validationMethod + } +} + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +@description('The name of the static site custom domain.') +output name string = customDomain.name + +@description('The resource ID of the static site custom domain.') +output resourceId string = customDomain.id + +@description('The resource group the static site custom domain was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/main.json b/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/main.json new file mode 100644 index 0000000..6613ffb --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/main.json @@ -0,0 +1,96 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "13208835708722733896" + }, + "name": "Static Web App Site Custom Domains", + "description": "This module deploys a Static Web App Site Custom Domain.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The custom domain name." + } + }, + "staticSiteName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment." + } + }, + "validationMethod": { + "type": "string", + "defaultValue": "cname-delegation", + "metadata": { + "description": "Optional. Validation method for adding a custom domain." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + } + }, + "resources": [ + { + "type": "Microsoft.Web/staticSites/customDomains", + "apiVersion": "2022-03-01", + "name": "[format('{0}/{1}', parameters('staticSiteName'), parameters('name'))]", + "properties": { + "validationMethod": "[parameters('validationMethod')]" + } + }, + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the static site custom domain." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the static site custom domain." + }, + "value": "[resourceId('Microsoft.Web/staticSites/customDomains', parameters('staticSiteName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the static site custom domain was deployed into." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/version.json b/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/version.json new file mode 100644 index 0000000..9ed3662 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.6", + "pathFilters": [ + "./main.json" + ] +} diff --git a/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/README.md b/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/README.md new file mode 100644 index 0000000..c77db73 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/README.md @@ -0,0 +1,92 @@ +# Static Web App Site Linked Backends `[Microsoft.Web/staticSites/linkedBackends]` + +This module deploys a Custom Function App into a Static Web App Site using the Linked Backends property. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Web/staticSites/linkedBackends` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-03-01/staticSites/linkedBackends) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`backendResourceId`](#parameter-backendresourceid) | string | The resource ID of the backend linked to the static site. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`staticSiteName`](#parameter-staticsitename) | string | The name of the parent Static Web App. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`name`](#parameter-name) | string | Name of the backend to link to the static site. | +| [`region`](#parameter-region) | string | The region of the backend linked to the static site. | + +### Parameter: `backendResourceId` + +The resource ID of the backend linked to the static site. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Name of the backend to link to the static site. +- Required: No +- Type: string +- Default: `[uniqueString(parameters('backendResourceId'))]` + +### Parameter: `region` + +The region of the backend linked to the static site. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `staticSiteName` + +The name of the parent Static Web App. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the static site linked backend. | +| `resourceGroupName` | string | The resource group the static site linked backend was deployed into. | +| `resourceId` | string | The resource ID of the static site linked backend. | + +## Cross-referenced modules + +_None_ diff --git a/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/main.bicep b/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/main.bicep new file mode 100644 index 0000000..ac5132d --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/main.bicep @@ -0,0 +1,55 @@ +metadata name = 'Static Web App Site Linked Backends' +metadata description = 'This module deploys a Custom Function App into a Static Web App Site using the Linked Backends property.' +metadata owner = 'Azure/module-maintainers' + +@description('Required. The resource ID of the backend linked to the static site.') +param backendResourceId string + +@description('Optional. The region of the backend linked to the static site.') +param region string = resourceGroup().location + +@description('Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment.') +param staticSiteName string + +@description('Optional. Name of the backend to link to the static site.') +param name string = uniqueString(backendResourceId) + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +@description('Optional. Location for all resources.') +param location string = resourceGroup().location + +resource staticSite 'Microsoft.Web/staticSites@2022-03-01' existing = { + name: staticSiteName +} + +resource linkedBackend 'Microsoft.Web/staticSites/linkedBackends@2022-03-01' = { + name: name + parent: staticSite + properties: { + backendResourceId: backendResourceId + region: region + } +} + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +@description('The name of the static site linked backend.') +output name string = linkedBackend.name + +@description('The resource ID of the static site linked backend.') +output resourceId string = linkedBackend.id + +@description('The resource group the static site linked backend was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/main.json b/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/main.json new file mode 100644 index 0000000..78a0569 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/main.json @@ -0,0 +1,104 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "13553590806488370796" + }, + "name": "Static Web App Site Linked Backends", + "description": "This module deploys a Custom Function App into a Static Web App Site using the Linked Backends property.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "backendResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the backend linked to the static site." + } + }, + "region": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The region of the backend linked to the static site." + } + }, + "staticSiteName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "defaultValue": "[uniqueString(parameters('backendResourceId'))]", + "metadata": { + "description": "Optional. Name of the backend to link to the static site." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + } + }, + "resources": [ + { + "type": "Microsoft.Web/staticSites/linkedBackends", + "apiVersion": "2022-03-01", + "name": "[format('{0}/{1}', parameters('staticSiteName'), parameters('name'))]", + "properties": { + "backendResourceId": "[parameters('backendResourceId')]", + "region": "[parameters('region')]" + } + }, + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the static site linked backend." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the static site linked backend." + }, + "value": "[resourceId('Microsoft.Web/staticSites/linkedBackends', parameters('staticSiteName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the static site linked backend was deployed into." + }, + "value": "[resourceGroup().name]" + } + } +} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/version.json b/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/version.json new file mode 100644 index 0000000..9ed3662 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.6", + "pathFilters": [ + "./main.json" + ] +} diff --git a/bicep-examples/dependencies/modules/webApp/static-site/main.bicep b/bicep-examples/dependencies/modules/webApp/static-site/main.bicep new file mode 100644 index 0000000..990e85f --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/main.bicep @@ -0,0 +1,355 @@ +metadata name = 'Static Web Apps' +metadata description = 'This module deploys a Static Web App.' +metadata owner = 'Azure/module-maintainers' + +@description('Required. Name of the static site.') +@minLength(1) +@maxLength(40) +param name string + +@allowed([ + 'Free' + 'Standard' +]) +@description('Optional. Type of static site to deploy.') +param sku string = 'Free' + +@description('Optional. False if config file is locked for this static web app; otherwise, true.') +param allowConfigFileUpdates bool = true + +@description('Optional. Location for all resources.') +param location string = resourceGroup().location + +@allowed([ + 'Enabled' + 'Disabled' +]) +@description('Optional. State indicating whether staging environments are allowed or not allowed for a static web app.') +param stagingEnvironmentPolicy string = 'Enabled' + +@allowed([ + 'Disabled' + 'Disabling' + 'Enabled' + 'Enabling' +]) +@description('Optional. State indicating the status of the enterprise grade CDN serving traffic to the static web app.') +param enterpriseGradeCdnStatus string = 'Disabled' + +@description('Optional. Build properties for the static site.') +param buildProperties object = {} + +@description('Optional. Template Options for the static site.') +param templateProperties object = {} + +@description('Optional. The provider that submitted the last deployment to the primary environment of the static site.') +param provider string = 'None' + +@secure() +@description('Optional. The Personal Access Token for accessing the GitHub repository.') +param repositoryToken string = '' + +@description('Optional. The name of the GitHub repository.') +param repositoryUrl string = '' + +@description('Optional. The branch name of the GitHub repository.') +param branch string = '' + +@description('Optional. The managed identity definition for this resource.') +param managedIdentities managedIdentitiesType + +@description('Optional. The lock settings of the service.') +param lock lockType + +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the \'sku\' to be \'Standard\'.') +param privateEndpoints privateEndpointType + +@description('Optional. Tags of the resource.') +param tags object? + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') +param roleAssignments roleAssignmentType + +@description('Optional. Object with "resourceId" and "location" of the a user defined function app.') +param linkedBackend object = {} + +@description('Optional. Static site app settings.') +param appSettings object = {} + +@description('Optional. Function app settings.') +param functionAppSettings object = {} + +@description('Optional. The custom domains associated with this static site. The deployment will fail as long as the validation records are not present.') +param customDomains array = [] + +var enableReferencedModulesTelemetry = false + +var formattedUserAssignedIdentities = reduce(map((managedIdentities.?userAssignedResourcesIds ?? []), (id) => { '${id}': {} }), {}, (cur, next) => union(cur, next)) // Converts the flat array to an object like { '${id1}': {}, '${id2}': {} } + +var identity = !empty(managedIdentities) ? { + type: (managedIdentities.?systemAssigned ?? false) ? (!empty(managedIdentities.?userAssignedResourcesIds ?? {}) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(managedIdentities.?userAssignedResourcesIds ?? {}) ? 'UserAssigned' : null) + userAssignedIdentities: !empty(formattedUserAssignedIdentities) ? formattedUserAssignedIdentities : null +} : null + +var builtInRoleNames = { + Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') + Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') + Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') + 'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168') + 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') + 'Web Plan Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b') + 'Website Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772') +} + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource staticSite 'Microsoft.Web/staticSites@2021-03-01' = { + name: name + location: location + tags: tags + identity: identity + sku: { + name: sku + tier: sku + } + properties: { + allowConfigFileUpdates: allowConfigFileUpdates + stagingEnvironmentPolicy: stagingEnvironmentPolicy + enterpriseGradeCdnStatus: enterpriseGradeCdnStatus + provider: !empty(provider) ? provider : 'None' + branch: !empty(branch) ? branch : null + buildProperties: !empty(buildProperties) ? buildProperties : null + repositoryToken: !empty(repositoryToken) ? repositoryToken : null + repositoryUrl: !empty(repositoryUrl) ? repositoryUrl : null + templateProperties: !empty(templateProperties) ? templateProperties : null + } +} + +module staticSite_linkedBackend 'linked-backend/main.bicep' = if (!empty(linkedBackend)) { + name: '${uniqueString(deployment().name, location)}-StaticSite-UserDefinedFunction' + params: { + staticSiteName: staticSite.name + backendResourceId: linkedBackend.resourceId + region: contains(linkedBackend, 'location') ? linkedBackend.location : location + enableDefaultTelemetry: enableReferencedModulesTelemetry + } +} + +module staticSite_appSettings 'config/main.bicep' = if (!empty(appSettings)) { + name: '${uniqueString(deployment().name, location)}-StaticSite-appSettings' + params: { + kind: 'appsettings' + staticSiteName: staticSite.name + properties: appSettings + enableDefaultTelemetry: enableReferencedModulesTelemetry + } +} + +module staticSite_functionAppSettings 'config/main.bicep' = if (!empty(functionAppSettings)) { + name: '${uniqueString(deployment().name, location)}-StaticSite-functionAppSettings' + params: { + kind: 'functionappsettings' + staticSiteName: staticSite.name + properties: functionAppSettings + enableDefaultTelemetry: enableReferencedModulesTelemetry + } +} + +module staticSite_customDomains 'custom-domain/main.bicep' = [for (customDomain, index) in customDomains: { + name: '${uniqueString(deployment().name, location)}-StaticSite-customDomains-${index}' + params: { + name: customDomain + staticSiteName: staticSite.name + validationMethod: indexOf(customDomain, '.') == lastIndexOf(customDomain, '.') ? 'dns-txt-token' : 'cname-delegation' + enableDefaultTelemetry: enableReferencedModulesTelemetry + } +}] + +resource staticSite_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' + properties: { + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' + } + scope: staticSite +} + +resource staticSite_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (roleAssignment, index) in (roleAssignments ?? []): { + name: guid(staticSite.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName) + properties: { + roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] : roleAssignment.roleDefinitionIdOrName + principalId: roleAssignment.principalId + description: roleAssignment.?description + principalType: roleAssignment.?principalType + condition: roleAssignment.?condition + conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set + delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId + } + scope: staticSite +}] + +module staticSite_privateEndpoints '../../network/private-endpoint/main.bicep' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { + name: '${uniqueString(deployment().name, location)}-staticSite-PrivateEndpoint-${index}' + params: { + groupIds: [ + privateEndpoint.?service ?? 'staticSites' + ] + name: privateEndpoint.?name ?? 'pep-${last(split(staticSite.id, '/'))}-${privateEndpoint.?service ?? 'staticSites'}-${index}' + serviceResourceId: staticSite.id + subnetResourceId: privateEndpoint.subnetResourceId + enableDefaultTelemetry: privateEndpoint.?enableDefaultTelemetry ?? enableReferencedModulesTelemetry + location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location + lock: privateEndpoint.?lock ?? lock + privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName + privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds + roleAssignments: privateEndpoint.?roleAssignments + tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections + customDnsConfigs: privateEndpoint.?customDnsConfigs + ipConfigurations: privateEndpoint.?ipConfigurations + applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds + customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName + } +}] + +@description('The name of the static site.') +output name string = staticSite.name + +@description('The resource ID of the static site.') +output resourceId string = staticSite.id + +@description('The resource group the static site was deployed into.') +output resourceGroupName string = resourceGroup().name + +@description('The principal ID of the system assigned identity.') +output systemAssignedMIPrincipalId string = (managedIdentities.?systemAssigned ?? false) && contains(staticSite.identity, 'principalId') ? staticSite.identity.principalId : '' + +@description('The location the resource was deployed into.') +output location string = staticSite.location + +@description('The default autogenerated hostname for the static site.') +output defaultHostname string = staticSite.properties.defaultHostname + +// =============== // +// Definitions // +// =============== // + +type managedIdentitiesType = { + @description('Optional. Enables system assigned managed identity on the resource.') + systemAssigned: bool? + + @description('Optional. The resource ID(s) to assign to the resource.') + userAssignedResourcesIds: string[]? +}? + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? + +type roleAssignmentType = { + @description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') + roleDefinitionIdOrName: string + + @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.') + principalId: string + + @description('Optional. The principal type of the assigned principal ID.') + principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device' | null)? + + @description('Optional. The description of the role assignment.') + description: string? + + @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') + condition: string? + + @description('Optional. Version of the condition.') + conditionVersion: '2.0'? + + @description('Optional. The Resource Id of the delegated managed identity resource.') + delegatedManagedIdentityResourceId: string? +}[]? + +type privateEndpointType = { + @description('Optional. The name of the private endpoint.') + name: string? + + @description('Optional. The location to deploy the private endpoint to.') + location: string? + + @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + service: string? + + @description('Required. Resource ID of the subnet where the endpoint needs to be created.') + subnetResourceId: string + + @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') + privateDnsZoneGroupName: string? + + @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') + privateDnsZoneResourceIds: string[]? + + @description('Optional. Custom DNS configurations.') + customDnsConfigs: { + @description('Required. Fqdn that resolves to private endpoint ip address.') + fqdn: string? + + @description('Required. A list of private ip addresses of the private endpoint.') + ipAddresses: string[] + }[]? + + @description('Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints.') + ipConfigurations: { + @description('Required. The name of the resource that is unique within a resource group.') + name: string + + @description('Required. Properties of private endpoint IP configurations.') + properties: { + @description('Required. The ID of a group obtained from the remote resource that this private endpoint should connect to.') + groupId: string + + @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') + memberName: string + + @description('Required. A private ip address obtained from the private endpoint\'s subnet.') + privateIPAddress: string + } + }[]? + + @description('Optional. Application security groups in which the private endpoint IP configuration is included.') + applicationSecurityGroupResourceIds: string[]? + + @description('Optional. The custom name of the network interface attached to the private endpoint.') + customNetworkInterfaceName: string? + + @description('Optional. Specify the type of lock.') + lock: lockType + + @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') + roleAssignments: roleAssignmentType + + @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') + tags: object? + + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + + @description('Optional. Enable/Disable usage telemetry for module.') + enableTelemetry: bool? +}[]? diff --git a/bicep-examples/dependencies/modules/webApp/static-site/main.json b/bicep-examples/dependencies/modules/webApp/static-site/main.json new file mode 100644 index 0000000..e42e784 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/main.json @@ -0,0 +1,1731 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "2662580552466474915" + }, + "name": "Static Web Apps", + "description": "This module deploys a Static Web App.", + "owner": "Azure/module-maintainers" + }, + "definitions": { + "managedIdentitiesType": { + "type": "object", + "properties": { + "systemAssigned": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enables system assigned managed identity on the resource." + } + }, + "userAssignedResourcesIds": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The resource ID(s) to assign to the resource." + } + } + }, + "nullable": true + }, + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + }, + "roleAssignmentType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." + } + } + } + }, + "nullable": true + }, + "privateEndpointType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the private endpoint." + } + }, + "location": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The location to deploy the private endpoint to." + } + }, + "service": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." + } + }, + "subnetResourceId": { + "type": "string", + "metadata": { + "description": "Required. Resource ID of the subnet where the endpoint needs to be created." + } + }, + "privateDnsZoneGroupName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." + } + }, + "privateDnsZoneResourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." + } + }, + "customDnsConfigs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fqdn": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Required. Fqdn that resolves to private endpoint ip address." + } + }, + "ipAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. A list of private ip addresses of the private endpoint." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. Custom DNS configurations." + } + }, + "ipConfigurations": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the resource that is unique within a resource group." + } + }, + "properties": { + "type": "object", + "properties": { + "groupId": { + "type": "string", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "memberName": { + "type": "string", + "metadata": { + "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "privateIPAddress": { + "type": "string", + "metadata": { + "description": "Required. A private ip address obtained from the private endpoint's subnet." + } + } + }, + "metadata": { + "description": "Required. Properties of private endpoint IP configurations." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." + } + }, + "applicationSecurityGroupResourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. Application security groups in which the private endpoint IP configuration is included." + } + }, + "customNetworkInterfaceName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The custom name of the network interface attached to the private endpoint." + } + }, + "lock": { + "$ref": "#/definitions/lockType", + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "$ref": "#/definitions/roleAssignmentType", + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." + } + }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, + "enableTelemetry": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + } + } + }, + "nullable": true + } + }, + "parameters": { + "name": { + "type": "string", + "minLength": 1, + "maxLength": 40, + "metadata": { + "description": "Required. Name of the static site." + } + }, + "sku": { + "type": "string", + "defaultValue": "Free", + "allowedValues": [ + "Free", + "Standard" + ], + "metadata": { + "description": "Optional. Type of static site to deploy." + } + }, + "allowConfigFileUpdates": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. False if config file is locked for this static web app; otherwise, true." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "stagingEnvironmentPolicy": { + "type": "string", + "defaultValue": "Enabled", + "allowedValues": [ + "Enabled", + "Disabled" + ], + "metadata": { + "description": "Optional. State indicating whether staging environments are allowed or not allowed for a static web app." + } + }, + "enterpriseGradeCdnStatus": { + "type": "string", + "defaultValue": "Disabled", + "allowedValues": [ + "Disabled", + "Disabling", + "Enabled", + "Enabling" + ], + "metadata": { + "description": "Optional. State indicating the status of the enterprise grade CDN serving traffic to the static web app." + } + }, + "buildProperties": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Build properties for the static site." + } + }, + "templateProperties": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Template Options for the static site." + } + }, + "provider": { + "type": "string", + "defaultValue": "None", + "metadata": { + "description": "Optional. The provider that submitted the last deployment to the primary environment of the static site." + } + }, + "repositoryToken": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "Optional. The Personal Access Token for accessing the GitHub repository." + } + }, + "repositoryUrl": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The name of the GitHub repository." + } + }, + "branch": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The branch name of the GitHub repository." + } + }, + "managedIdentities": { + "$ref": "#/definitions/managedIdentitiesType", + "metadata": { + "description": "Optional. The managed identity definition for this resource." + } + }, + "lock": { + "$ref": "#/definitions/lockType", + "metadata": { + "description": "Optional. The lock settings of the service." + } + }, + "privateEndpoints": { + "$ref": "#/definitions/privateEndpointType", + "metadata": { + "description": "Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'sku' to be 'Standard'." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "roleAssignments": { + "$ref": "#/definitions/roleAssignmentType", + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "linkedBackend": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Object with \"resourceId\" and \"location\" of the a user defined function app." + } + }, + "appSettings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Static site app settings." + } + }, + "functionAppSettings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Function app settings." + } + }, + "customDomains": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. The custom domains associated with this static site. The deployment will fail as long as the validation records are not present." + } + } + }, + "variables": { + "enableReferencedModulesTelemetry": false, + "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", + "builtInRoleNames": { + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Web Plan Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b')]", + "Website Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772')]" + } + }, + "resources": { + "defaultTelemetry": { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + "staticSite": { + "type": "Microsoft.Web/staticSites", + "apiVersion": "2021-03-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "identity": "[variables('identity')]", + "sku": { + "name": "[parameters('sku')]", + "tier": "[parameters('sku')]" + }, + "properties": { + "allowConfigFileUpdates": "[parameters('allowConfigFileUpdates')]", + "stagingEnvironmentPolicy": "[parameters('stagingEnvironmentPolicy')]", + "enterpriseGradeCdnStatus": "[parameters('enterpriseGradeCdnStatus')]", + "provider": "[if(not(empty(parameters('provider'))), parameters('provider'), 'None')]", + "branch": "[if(not(empty(parameters('branch'))), parameters('branch'), null())]", + "buildProperties": "[if(not(empty(parameters('buildProperties'))), parameters('buildProperties'), null())]", + "repositoryToken": "[if(not(empty(parameters('repositoryToken'))), parameters('repositoryToken'), null())]", + "repositoryUrl": "[if(not(empty(parameters('repositoryUrl'))), parameters('repositoryUrl'), null())]", + "templateProperties": "[if(not(empty(parameters('templateProperties'))), parameters('templateProperties'), null())]" + } + }, + "staticSite_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Web/staticSites/{0}', parameters('name'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", + "properties": { + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + }, + "dependsOn": [ + "staticSite" + ] + }, + "staticSite_roleAssignments": { + "copy": { + "name": "staticSite_roleAssignments", + "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Web/staticSites/{0}', parameters('name'))]", + "name": "[guid(resourceId('Microsoft.Web/staticSites', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "properties": { + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", + "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", + "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", + "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]", + "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", + "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" + }, + "dependsOn": [ + "staticSite" + ] + }, + "staticSite_linkedBackend": { + "condition": "[not(empty(parameters('linkedBackend')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-StaticSite-UserDefinedFunction', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "staticSiteName": { + "value": "[parameters('name')]" + }, + "backendResourceId": { + "value": "[parameters('linkedBackend').resourceId]" + }, + "region": "[if(contains(parameters('linkedBackend'), 'location'), createObject('value', parameters('linkedBackend').location), createObject('value', parameters('location')))]", + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "13553590806488370796" + }, + "name": "Static Web App Site Linked Backends", + "description": "This module deploys a Custom Function App into a Static Web App Site using the Linked Backends property.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "backendResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the backend linked to the static site." + } + }, + "region": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The region of the backend linked to the static site." + } + }, + "staticSiteName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "defaultValue": "[uniqueString(parameters('backendResourceId'))]", + "metadata": { + "description": "Optional. Name of the backend to link to the static site." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + } + }, + "resources": [ + { + "type": "Microsoft.Web/staticSites/linkedBackends", + "apiVersion": "2022-03-01", + "name": "[format('{0}/{1}', parameters('staticSiteName'), parameters('name'))]", + "properties": { + "backendResourceId": "[parameters('backendResourceId')]", + "region": "[parameters('region')]" + } + }, + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the static site linked backend." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the static site linked backend." + }, + "value": "[resourceId('Microsoft.Web/staticSites/linkedBackends', parameters('staticSiteName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the static site linked backend was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "staticSite" + ] + }, + "staticSite_appSettings": { + "condition": "[not(empty(parameters('appSettings')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-StaticSite-appSettings', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "kind": { + "value": "appsettings" + }, + "staticSiteName": { + "value": "[parameters('name')]" + }, + "properties": { + "value": "[parameters('appSettings')]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "8340850851413090940" + }, + "name": "Static Web App Site Config", + "description": "This module deploys a Static Web App Site Config.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "kind": { + "type": "string", + "allowedValues": [ + "appsettings", + "functionappsettings" + ], + "metadata": { + "description": "Required. Type of settings to apply." + } + }, + "properties": { + "type": "object", + "metadata": { + "description": "Required. App settings." + } + }, + "staticSiteName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + } + }, + "resources": [ + { + "type": "Microsoft.Web/staticSites/config", + "apiVersion": "2022-03-01", + "name": "[format('{0}/{1}', parameters('staticSiteName'), parameters('kind'))]", + "properties": "[parameters('properties')]" + }, + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the config." + }, + "value": "[parameters('kind')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the config." + }, + "value": "[resourceId('Microsoft.Web/staticSites/config', parameters('staticSiteName'), parameters('kind'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the config was created in." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "staticSite" + ] + }, + "staticSite_functionAppSettings": { + "condition": "[not(empty(parameters('functionAppSettings')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-StaticSite-functionAppSettings', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "kind": { + "value": "functionappsettings" + }, + "staticSiteName": { + "value": "[parameters('name')]" + }, + "properties": { + "value": "[parameters('functionAppSettings')]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "8340850851413090940" + }, + "name": "Static Web App Site Config", + "description": "This module deploys a Static Web App Site Config.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "kind": { + "type": "string", + "allowedValues": [ + "appsettings", + "functionappsettings" + ], + "metadata": { + "description": "Required. Type of settings to apply." + } + }, + "properties": { + "type": "object", + "metadata": { + "description": "Required. App settings." + } + }, + "staticSiteName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + } + }, + "resources": [ + { + "type": "Microsoft.Web/staticSites/config", + "apiVersion": "2022-03-01", + "name": "[format('{0}/{1}', parameters('staticSiteName'), parameters('kind'))]", + "properties": "[parameters('properties')]" + }, + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the config." + }, + "value": "[parameters('kind')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the config." + }, + "value": "[resourceId('Microsoft.Web/staticSites/config', parameters('staticSiteName'), parameters('kind'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the config was created in." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "staticSite" + ] + }, + "staticSite_customDomains": { + "copy": { + "name": "staticSite_customDomains", + "count": "[length(parameters('customDomains'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-StaticSite-customDomains-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('customDomains')[copyIndex()]]" + }, + "staticSiteName": { + "value": "[parameters('name')]" + }, + "validationMethod": "[if(equals(indexOf(parameters('customDomains')[copyIndex()], '.'), lastIndexOf(parameters('customDomains')[copyIndex()], '.')), createObject('value', 'dns-txt-token'), createObject('value', 'cname-delegation'))]", + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "13208835708722733896" + }, + "name": "Static Web App Site Custom Domains", + "description": "This module deploys a Static Web App Site Custom Domain.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The custom domain name." + } + }, + "staticSiteName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment." + } + }, + "validationMethod": { + "type": "string", + "defaultValue": "cname-delegation", + "metadata": { + "description": "Optional. Validation method for adding a custom domain." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + } + }, + "resources": [ + { + "type": "Microsoft.Web/staticSites/customDomains", + "apiVersion": "2022-03-01", + "name": "[format('{0}/{1}', parameters('staticSiteName'), parameters('name'))]", + "properties": { + "validationMethod": "[parameters('validationMethod')]" + } + }, + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the static site custom domain." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the static site custom domain." + }, + "value": "[resourceId('Microsoft.Web/staticSites/customDomains', parameters('staticSiteName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the static site custom domain was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "staticSite" + ] + }, + "staticSite_privateEndpoints": { + "copy": { + "name": "staticSite_privateEndpoints", + "count": "[length(coalesce(parameters('privateEndpoints'), createArray()))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-staticSite-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "groupIds": { + "value": [ + "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites')]" + ] + }, + "name": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/staticSites', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites'), copyIndex()))]" + }, + "serviceResourceId": { + "value": "[resourceId('Microsoft.Web/staticSites', parameters('name'))]" + }, + "subnetResourceId": { + "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" + }, + "enableDefaultTelemetry": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableDefaultTelemetry'), variables('enableReferencedModulesTelemetry'))]" + }, + "location": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" + }, + "lock": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'lock'), parameters('lock'))]" + }, + "privateDnsZoneGroupName": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroupName')]" + }, + "privateDnsZoneResourceIds": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneResourceIds')]" + }, + "roleAssignments": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'roleAssignments')]" + }, + "tags": { + "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" + }, + "manualPrivateLinkServiceConnections": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" + }, + "customDnsConfigs": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" + }, + "ipConfigurations": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'ipConfigurations')]" + }, + "applicationSecurityGroupResourceIds": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'applicationSecurityGroupResourceIds')]" + }, + "customNetworkInterfaceName": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "12078057657290521609" + }, + "name": "Private Endpoints", + "description": "This module deploys a Private Endpoint.", + "owner": "Azure/module-maintainers" + }, + "definitions": { + "roleAssignmentType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." + } + } + } + }, + "nullable": true + }, + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + }, + "ipConfigurationsType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the resource that is unique within a resource group." + } + }, + "properties": { + "type": "object", + "properties": { + "groupId": { + "type": "string", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "memberName": { + "type": "string", + "metadata": { + "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." + } + }, + "privateIPAddress": { + "type": "string", + "metadata": { + "description": "Required. A private ip address obtained from the private endpoint's subnet." + } + } + }, + "metadata": { + "description": "Required. Properties of private endpoint IP configurations." + } + } + } + }, + "nullable": true + }, + "customDnsConfigType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fqdn": { + "type": "string", + "metadata": { + "description": "Required. Fqdn that resolves to private endpoint ip address." + } + }, + "ipAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. A list of private ip addresses of the private endpoint." + } + } + } + }, + "nullable": true + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the private endpoint resource to create." + } + }, + "subnetResourceId": { + "type": "string", + "metadata": { + "description": "Required. Resource ID of the subnet where the endpoint needs to be created." + } + }, + "serviceResourceId": { + "type": "string", + "metadata": { + "description": "Required. Resource ID of the resource that needs to be connected to the network." + } + }, + "applicationSecurityGroupResourceIds": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Application security groups in which the private endpoint IP configuration is included." + } + }, + "customNetworkInterfaceName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The custom name of the network interface attached to the private endpoint." + } + }, + "ipConfigurations": { + "$ref": "#/definitions/ipConfigurationsType", + "nullable": true, + "metadata": { + "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." + } + }, + "groupIds": { + "type": "array", + "metadata": { + "description": "Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to." + } + }, + "privateDnsZoneGroupName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." + } + }, + "privateDnsZoneResourceIds": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "lock": { + "$ref": "#/definitions/lockType", + "metadata": { + "description": "Optional. The lock settings of the service." + } + }, + "roleAssignments": { + "$ref": "#/definitions/roleAssignmentType", + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." + } + }, + "customDnsConfigs": { + "$ref": "#/definitions/customDnsConfigType", + "nullable": true, + "metadata": { + "description": "Optional. Custom DNS configurations." + } + }, + "manualPrivateLinkServiceConnections": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. Manual PrivateLink Service Connections." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + } + }, + "variables": { + "enableReferencedModulesTelemetry": false, + "builtInRoleNames": { + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", + "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", + "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", + "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", + "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]" + } + }, + "resources": { + "defaultTelemetry": { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + "privateEndpoint": { + "type": "Microsoft.Network/privateEndpoints", + "apiVersion": "2023-04-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "copy": [ + { + "name": "applicationSecurityGroups", + "count": "[length(coalesce(parameters('applicationSecurityGroupResourceIds'), createArray()))]", + "input": { + "id": "[coalesce(parameters('applicationSecurityGroupResourceIds'), createArray())[copyIndex('applicationSecurityGroups')]]" + } + } + ], + "customDnsConfigs": "[parameters('customDnsConfigs')]", + "customNetworkInterfaceName": "[coalesce(parameters('customNetworkInterfaceName'), '')]", + "ipConfigurations": "[coalesce(parameters('ipConfigurations'), createArray())]", + "manualPrivateLinkServiceConnections": "[coalesce(parameters('manualPrivateLinkServiceConnections'), createArray())]", + "privateLinkServiceConnections": [ + { + "name": "[parameters('name')]", + "properties": { + "privateLinkServiceId": "[parameters('serviceResourceId')]", + "groupIds": "[parameters('groupIds')]" + } + } + ], + "subnet": { + "id": "[parameters('subnetResourceId')]" + } + } + }, + "privateEndpoint_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", + "properties": { + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + }, + "dependsOn": [ + "privateEndpoint" + ] + }, + "privateEndpoint_roleAssignments": { + "copy": { + "name": "privateEndpoint_roleAssignments", + "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "name": "[guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "properties": { + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", + "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", + "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", + "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]", + "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", + "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" + }, + "dependsOn": [ + "privateEndpoint" + ] + }, + "privateEndpoint_privateDnsZoneGroup": { + "condition": "[not(empty(parameters('privateDnsZoneResourceIds')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-PrivateEndpoint-PrivateDnsZoneGroup', uniqueString(deployment().name))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[coalesce(parameters('privateDnsZoneGroupName'), 'default')]" + }, + "privateDNSResourceIds": { + "value": "[coalesce(parameters('privateDnsZoneResourceIds'), createArray())]" + }, + "privateEndpointName": { + "value": "[parameters('name')]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.22.6.54827", + "templateHash": "16391702514342252839" + }, + "name": "Private Endpoint Private DNS Zone Groups", + "description": "This module deploys a Private Endpoint Private DNS Zone Group.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "privateEndpointName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent private endpoint. Required if the template is used in a standalone deployment." + } + }, + "privateDNSResourceIds": { + "type": "array", + "minLength": 1, + "maxLength": 5, + "metadata": { + "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." + } + }, + "name": { + "type": "string", + "defaultValue": "default", + "metadata": { + "description": "Optional. The name of the private DNS zone group." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + } + }, + "variables": { + "copy": [ + { + "name": "privateDnsZoneConfigs", + "count": "[length(parameters('privateDNSResourceIds'))]", + "input": { + "name": "[last(split(parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')], '/'))]", + "properties": { + "privateDnsZoneId": "[parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')]]" + } + } + } + ] + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", + "apiVersion": "2023-04-01", + "name": "[format('{0}/{1}', parameters('privateEndpointName'), parameters('name'))]", + "properties": { + "privateDnsZoneConfigs": "[variables('privateDnsZoneConfigs')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the private endpoint DNS zone group." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the private endpoint DNS zone group." + }, + "value": "[resourceId('Microsoft.Network/privateEndpoints/privateDnsZoneGroups', parameters('privateEndpointName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the private endpoint DNS zone group was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "privateEndpoint" + ] + } + }, + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the private endpoint was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the private endpoint." + }, + "value": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the private endpoint." + }, + "value": "[parameters('name')]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "staticSite" + ] + } + }, + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the static site." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the static site." + }, + "value": "[resourceId('Microsoft.Web/staticSites', parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the static site was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "systemAssignedMIPrincipalId": { + "type": "string", + "metadata": { + "description": "The principal ID of the system assigned identity." + }, + "value": "[if(and(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), contains(reference('staticSite', '2021-03-01', 'full').identity, 'principalId')), reference('staticSite', '2021-03-01', 'full').identity.principalId, '')]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference('staticSite', '2021-03-01', 'full').location]" + }, + "defaultHostname": { + "type": "string", + "metadata": { + "description": "The default autogenerated hostname for the static site." + }, + "value": "[reference('staticSite').defaultHostname]" + } + } +} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/defaults/main.test.bicep b/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/defaults/main.test.bicep new file mode 100644 index 0000000..97845e5 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/defaults/main.test.bicep @@ -0,0 +1,48 @@ +targetScope = 'subscription' + +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-web.staticsites-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'wssmin' + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '[[namePrefix]]' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../../main.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-test-${serviceShort}' + params: { + enableDefaultTelemetry: enableDefaultTelemetry + name: '${namePrefix}${serviceShort}001' + } +} diff --git a/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/max/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/max/dependencies.bicep new file mode 100644 index 0000000..7939cfd --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/max/dependencies.bicep @@ -0,0 +1,94 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +@description('Required. The name of the Function App to create.') +param siteName string + +@description('Required. The name of the Server Farm to create.') +param serverFarmName string + +var addressPrefix = '10.0.0.0/16' + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 16, 0) + } + } + ] + } +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.azurestaticapps.net' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +resource serverFarm 'Microsoft.Web/serverfarms@2022-03-01' = { + name: serverFarmName + location: location + sku: { + name: 'S1' + tier: 'Standard' + size: 'S1' + family: 'S' + capacity: 1 + } + properties: {} +} + +resource functionApp 'Microsoft.Web/sites@2022-03-01' = { + name: siteName + location: location + kind: 'functionapp' + properties: { + serverFarmId: serverFarm.id + } +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId + +@description('The resource ID of the created Managed Identity.') +output managedIdentityResourceId string = managedIdentity.id + +@description('The resource ID of the created Private DNS zone.') +output privateDNSZoneResourceId string = privateDNSZone.id + +@description('The resource ID of the created Function App.') +output siteResourceId string = functionApp.id diff --git a/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/max/main.test.bicep b/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/max/main.test.bicep new file mode 100644 index 0000000..0a800c7 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/max/main.test.bicep @@ -0,0 +1,109 @@ +targetScope = 'subscription' + +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-web.staticsites-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'wssmax' + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '[[namePrefix]]' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-nestedDependencies' + params: { + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' + managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' + siteName: 'dep-${namePrefix}-fa-${serviceShort}' + serverFarmName: 'dep-${namePrefix}-sf-${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../../main.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-test-${serviceShort}' + params: { + enableDefaultTelemetry: enableDefaultTelemetry + name: '${namePrefix}${serviceShort}001' + allowConfigFileUpdates: true + enterpriseGradeCdnStatus: 'Disabled' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } + privateEndpoints: [ + { + subnetResourceId: nestedDependencies.outputs.subnetResourceId + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } + ] + roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + ] + sku: 'Standard' + stagingEnvironmentPolicy: 'Enabled' + managedIdentities: { + systemAssigned: true + userAssignedResourcesIds: [ + nestedDependencies.outputs.managedIdentityResourceId + ] + } + appSettings: { + foo: 'bar' + setting: 1 + } + functionAppSettings: { + foo: 'bar' + setting: 1 + } + linkedBackend: { + resourceId: nestedDependencies.outputs.siteResourceId + } + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } +} diff --git a/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/waf-aligned/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/waf-aligned/dependencies.bicep new file mode 100644 index 0000000..7939cfd --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/waf-aligned/dependencies.bicep @@ -0,0 +1,94 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +@description('Required. The name of the Function App to create.') +param siteName string + +@description('Required. The name of the Server Farm to create.') +param serverFarmName string + +var addressPrefix = '10.0.0.0/16' + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 16, 0) + } + } + ] + } +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.azurestaticapps.net' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +resource serverFarm 'Microsoft.Web/serverfarms@2022-03-01' = { + name: serverFarmName + location: location + sku: { + name: 'S1' + tier: 'Standard' + size: 'S1' + family: 'S' + capacity: 1 + } + properties: {} +} + +resource functionApp 'Microsoft.Web/sites@2022-03-01' = { + name: siteName + location: location + kind: 'functionapp' + properties: { + serverFarmId: serverFarm.id + } +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId + +@description('The resource ID of the created Managed Identity.') +output managedIdentityResourceId string = managedIdentity.id + +@description('The resource ID of the created Private DNS zone.') +output privateDNSZoneResourceId string = privateDNSZone.id + +@description('The resource ID of the created Function App.') +output siteResourceId string = functionApp.id diff --git a/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/waf-aligned/main.test.bicep b/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/waf-aligned/main.test.bicep new file mode 100644 index 0000000..0b1be92 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/waf-aligned/main.test.bicep @@ -0,0 +1,109 @@ +targetScope = 'subscription' + +metadata name = 'WAF-aligned' +metadata description = 'This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-web.staticsites-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'wsswaf' + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '[[namePrefix]]' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-nestedDependencies' + params: { + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' + managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' + siteName: 'dep-${namePrefix}-fa-${serviceShort}' + serverFarmName: 'dep-${namePrefix}-sf-${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +module testDeployment '../../../main.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-test-${serviceShort}' + params: { + enableDefaultTelemetry: enableDefaultTelemetry + name: '${namePrefix}${serviceShort}001' + allowConfigFileUpdates: true + enterpriseGradeCdnStatus: 'Disabled' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } + privateEndpoints: [ + { + subnetResourceId: nestedDependencies.outputs.subnetResourceId + privateDnsZoneResourceIds: [ + nestedDependencies.outputs.privateDNSZoneResourceId + ] + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } + ] + roleAssignments: [ + { + roleDefinitionIdOrName: 'Reader' + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + ] + sku: 'Standard' + stagingEnvironmentPolicy: 'Enabled' + managedIdentities: { + systemAssigned: true + userAssignedResourcesIds: [ + nestedDependencies.outputs.managedIdentityResourceId + ] + } + appSettings: { + foo: 'bar' + setting: 1 + } + functionAppSettings: { + foo: 'bar' + setting: 1 + } + linkedBackend: { + resourceId: nestedDependencies.outputs.siteResourceId + } + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } + } +} diff --git a/bicep-examples/dependencies/modules/webApp/static-site/version.json b/bicep-examples/dependencies/modules/webApp/static-site/version.json new file mode 100644 index 0000000..9ed3662 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/static-site/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.6", + "pathFilters": [ + "./main.json" + ] +} diff --git a/bicep-examples/dependencies/modules/webApp/webApp.bicep b/bicep-examples/dependencies/modules/webApp/webApp.bicep new file mode 100644 index 0000000..756d373 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/webApp.bicep @@ -0,0 +1,559 @@ +metadata name = 'Web/Function Apps' +metadata description = 'This module deploys a Web or Function App.' +metadata owner = 'Azure/module-maintainers' + +@description('Required. Name of the site.') +param name string + +@description('Optional. Location for all Resources.') +param location string = resourceGroup().location + +@description('Required. Type of site to deploy.') +@allowed([ + 'functionapp' // function app windows os + 'functionapp,linux' // function app linux os + 'functionapp,workflowapp' // logic app workflow + 'functionapp,workflowapp,linux' // logic app docker container + 'app' // normal web app +]) +param kind string + +@description('Required. The resource ID of the app service plan to use for the site.') +param serverFarmResourceId string + +@description('Optional. Configures a site to accept only HTTPS requests. Issues redirect for HTTP requests.') +param httpsOnly bool = true + +@description('Optional. If client affinity is enabled.') +param clientAffinityEnabled bool = true + +@description('Optional. The resource ID of the app service environment to use for this resource.') +param appServiceEnvironmentResourceId string = '' + +@description('Optional. The managed identity definition for this resource.') +param managedIdentities managedIdentitiesType + +@description('Optional. The resource ID of the assigned identity to be used to access a key vault with.') +param keyVaultAccessIdentityResourceId string = '' + +@description('Optional. Checks if Customer provided storage account is required.') +param storageAccountRequired bool = false + +@description('Optional. Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}.') +param virtualNetworkSubnetId string = '' + +@description('Optional. To enable accessing content over virtual network.') +param vnetContentShareEnabled bool = false + +@description('Optional. To enable pulling image over Virtual Network.') +param vnetImagePullEnabled bool = false + +@description('Optional. Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied.') +param vnetRouteAllEnabled bool = false + +@description('Optional. Stop SCM (KUDU) site when the app is stopped.') +param scmSiteAlsoStopped bool = false + +@description('Optional. The site config object.') +param siteConfig object = {} + +@description('Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions.') +param storageAccountResourceId string = '' + +@description('Optional. Resource ID of the app insight to leverage for this resource.') +param appInsightResourceId string = '' + +@description('Optional. For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons.') +param setAzureWebJobsDashboard bool = contains(kind, 'functionapp') ? true : false + +@description('Optional. The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING.') +param appSettingsKeyValuePairs object = {} + +@description('Optional. The auth settings V2 configuration.') +param authSettingV2Configuration object = {} + +@description('Optional. The lock settings of the service.') +param lock lockType + +@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') +param privateEndpoints privateEndpointType + +@description('Optional. Configuration for deployment slots for an app.') +param slots array = [] + +@description('Optional. Tags of the resource.') +param tags object? + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') +param roleAssignments roleAssignmentType + +@description('Optional. The diagnostic settings of the service.') +param diagnosticSettings diagnosticSettingType + +@description('Optional. To enable client certificate authentication (TLS mutual authentication).') +param clientCertEnabled bool = false + +@description('Optional. Client certificate authentication comma-separated exclusion paths.') +param clientCertExclusionPaths string = '' + +@description('Optional. This composes with ClientCertEnabled setting.
- ClientCertEnabled: false means ClientCert is ignored.- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted.') +@allowed([ + 'Optional' + 'OptionalInteractiveUser' + 'Required' +]) +param clientCertMode string = 'Optional' + +@description('Optional. If specified during app creation, the app is cloned from a source app.') +param cloningInfo object = {} + +@description('Optional. Size of the function container.') +param containerSize int = -1 + +@description('Optional. Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification.') +param customDomainVerificationId string = '' + +@description('Optional. Maximum allowed daily memory-time quota (applicable on dynamic apps only).') +param dailyMemoryTimeQuota int = -1 + +@description('Optional. Setting this value to false disables the app (takes the app offline).') +param enabled bool = true + +@description('Optional. Hostname SSL states are used to manage the SSL bindings for app\'s hostnames.') +param hostNameSslStates array = [] + +@description('Optional. Hyper-V sandbox.') +param hyperV bool = false + +@description('Optional. Site redundancy mode.') +@allowed([ + 'ActiveActive' + 'Failover' + 'GeoRedundant' + 'Manual' + 'None' +]) +param redundancyMode string = 'None' + +@description('Optional. The site publishing credential policy names which are associated with the sites.') +param basicPublishingCredentialsPolicies array = [] + +@description('Optional. Names of hybrid connection relays to connect app with.') +param hybridConnectionRelays array = [] + +@description('Optional. Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set.') +@allowed([ + '' + 'Enabled' + 'Disabled' +]) +param publicNetworkAccess string = '' + +var formattedUserAssignedIdentities = reduce(map((managedIdentities.?userAssignedResourcesIds ?? []), (id) => { '${id}': {} }), {}, (cur, next) => union(cur, next)) // Converts the flat array to an object like { '${id1}': {}, '${id2}': {} } + +var identity = !empty(managedIdentities) ? { + type: (managedIdentities.?systemAssigned ?? false) ? (!empty(managedIdentities.?userAssignedResourcesIds ?? {}) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(managedIdentities.?userAssignedResourcesIds ?? {}) ? 'UserAssigned' : null) + userAssignedIdentities: !empty(formattedUserAssignedIdentities) ? formattedUserAssignedIdentities : null +} : null + +var enableReferencedModulesTelemetry = false + +var builtInRoleNames = { + 'App Compliance Automation Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f37683f-2463-46b6-9ce7-9b788b988ba2') + Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') + Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') + Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') + 'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168') + 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') + 'Web Plan Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b') + 'Website Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772') +} + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource app 'Microsoft.Web/sites@2022-09-01' = { + name: name + location: location + kind: kind + tags: tags + identity: identity + properties: { + serverFarmId: serverFarmResourceId + clientAffinityEnabled: clientAffinityEnabled + httpsOnly: httpsOnly + hostingEnvironmentProfile: !empty(appServiceEnvironmentResourceId) ? { + id: appServiceEnvironmentResourceId + } : null + storageAccountRequired: storageAccountRequired + keyVaultReferenceIdentity: !empty(keyVaultAccessIdentityResourceId) ? keyVaultAccessIdentityResourceId : null + virtualNetworkSubnetId: !empty(virtualNetworkSubnetId) ? virtualNetworkSubnetId : any(null) + siteConfig: siteConfig + clientCertEnabled: clientCertEnabled + clientCertExclusionPaths: !empty(clientCertExclusionPaths) ? clientCertExclusionPaths : null + clientCertMode: clientCertMode + cloningInfo: !empty(cloningInfo) ? cloningInfo : null + containerSize: containerSize != -1 ? containerSize : null + customDomainVerificationId: !empty(customDomainVerificationId) ? customDomainVerificationId : null + dailyMemoryTimeQuota: dailyMemoryTimeQuota != -1 ? dailyMemoryTimeQuota : null + enabled: enabled + hostNameSslStates: hostNameSslStates + hyperV: hyperV + redundancyMode: redundancyMode + publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) ? 'Disabled' : 'Enabled') + vnetContentShareEnabled: vnetContentShareEnabled + vnetImagePullEnabled: vnetImagePullEnabled + vnetRouteAllEnabled: vnetRouteAllEnabled + scmSiteAlsoStopped: scmSiteAlsoStopped + } +} + +module app_appsettings './site/config--appsettings/main.bicep' = if (!empty(appSettingsKeyValuePairs)) { + name: '${uniqueString(deployment().name, location)}-Site-Config-AppSettings' + params: { + appName: app.name + kind: kind + storageAccountResourceId: storageAccountResourceId + appInsightResourceId: appInsightResourceId + setAzureWebJobsDashboard: setAzureWebJobsDashboard + appSettingsKeyValuePairs: appSettingsKeyValuePairs + enableDefaultTelemetry: enableReferencedModulesTelemetry + } +} + +module app_authsettingsv2 './site/config--authsettingsv2/main.bicep' = if (!empty(authSettingV2Configuration)) { + name: '${uniqueString(deployment().name, location)}-Site-Config-AuthSettingsV2' + params: { + appName: app.name + kind: kind + authSettingV2Configuration: authSettingV2Configuration + enableDefaultTelemetry: enableReferencedModulesTelemetry + } +} + +@batchSize(1) +module app_slots './site/slot/main.bicep' = [for (slot, index) in slots: { + name: '${uniqueString(deployment().name, location)}-Slot-${slot.name}' + params: { + name: slot.name + appName: app.name + location: location + kind: kind + serverFarmResourceId: serverFarmResourceId + httpsOnly: contains(slot, 'httpsOnly') ? slot.httpsOnly : httpsOnly + appServiceEnvironmentResourceId: !empty(appServiceEnvironmentResourceId) ? appServiceEnvironmentResourceId : '' + clientAffinityEnabled: contains(slot, 'clientAffinityEnabled') ? slot.clientAffinityEnabled : clientAffinityEnabled + managedIdentities: contains(slot, 'managedIdentities') ? slot.managedIdentities : managedIdentities + keyVaultAccessIdentityResourceId: contains(slot, 'keyVaultAccessIdentityResourceId') ? slot.keyVaultAccessIdentityResourceId : keyVaultAccessIdentityResourceId + storageAccountRequired: contains(slot, 'storageAccountRequired') ? slot.storageAccountRequired : storageAccountRequired + virtualNetworkSubnetId: contains(slot, 'virtualNetworkSubnetId') ? slot.virtualNetworkSubnetId : virtualNetworkSubnetId + siteConfig: contains(slot, 'siteConfig') ? slot.siteConfig : siteConfig + storageAccountResourceId: contains(slot, 'storageAccountResourceId') ? slot.storageAccountResourceId : storageAccountResourceId + appInsightResourceId: contains(slot, 'appInsightResourceId') ? slot.appInsightResourceId : appInsightResourceId + setAzureWebJobsDashboard: contains(slot, 'setAzureWebJobsDashboard') ? slot.setAzureWebJobsDashboard : setAzureWebJobsDashboard + authSettingV2Configuration: contains(slot, 'authSettingV2Configuration') ? slot.authSettingV2Configuration : authSettingV2Configuration + enableDefaultTelemetry: enableReferencedModulesTelemetry + diagnosticSettings: slot.?diagnosticSettings + roleAssignments: contains(slot, 'roleAssignments') ? slot.roleAssignments : roleAssignments + appSettingsKeyValuePairs: contains(slot, 'appSettingsKeyValuePairs') ? slot.appSettingsKeyValuePairs : appSettingsKeyValuePairs + lock: slot.?lock ?? lock + privateEndpoints: contains(slot, 'privateEndpoints') ? slot.privateEndpoints : privateEndpoints + tags: slot.?tags ?? tags + clientCertEnabled: contains(slot, 'clientCertEnabled') ? slot.clientCertEnabled : false + clientCertExclusionPaths: contains(slot, 'clientCertExclusionPaths') ? slot.clientCertExclusionPaths : '' + clientCertMode: contains(slot, 'clientCertMode') ? slot.clientCertMode : 'Optional' + cloningInfo: contains(slot, 'cloningInfo') ? slot.cloningInfo : {} + containerSize: contains(slot, 'containerSize') ? slot.containerSize : -1 + customDomainVerificationId: contains(slot, 'customDomainVerificationId') ? slot.customDomainVerificationId : '' + dailyMemoryTimeQuota: contains(slot, 'dailyMemoryTimeQuota') ? slot.dailyMemoryTimeQuota : -1 + enabled: contains(slot, 'enabled') ? slot.enabled : true + hostNameSslStates: contains(slot, 'hostNameSslStates') ? slot.hostNameSslStates : [] + hyperV: contains(slot, 'hyperV') ? slot.hyperV : false + publicNetworkAccess: contains(slot, 'publicNetworkAccess') ? slot.publicNetworkAccess : '' + redundancyMode: contains(slot, 'redundancyMode') ? slot.redundancyMode : 'None' + vnetContentShareEnabled: contains(slot, 'vnetContentShareEnabled') ? slot.vnetContentShareEnabled : false + vnetImagePullEnabled: contains(slot, 'vnetImagePullEnabled') ? slot.vnetImagePullEnabled : false + vnetRouteAllEnabled: contains(slot, 'vnetRouteAllEnabled') ? slot.vnetRouteAllEnabled : false + hybridConnectionRelays: contains(slot, 'hybridConnectionRelays') ? slot.hybridConnectionRelays : [] + } +}] + +module app_basicPublishingCredentialsPolicies './site/basic-publishing-credentials-policy/main.bicep' = [for (basicPublishingCredentialsPolicy, index) in basicPublishingCredentialsPolicies: { + name: '${uniqueString(deployment().name, location)}-Site-Publis-Cred-${index}' + params: { + webAppName: app.name + name: basicPublishingCredentialsPolicy.name + enableDefaultTelemetry: enableReferencedModulesTelemetry + } +}] + +module app_hybridConnectionRelays './site/hybrid-connection-namespace/relay/main.bicep' = [for (hybridConnectionRelay, index) in hybridConnectionRelays: { + name: '${uniqueString(deployment().name, location)}-HybridConnectionRelay-${index}' + params: { + hybridConnectionResourceId: hybridConnectionRelay.resourceId + appName: app.name + sendKeyName: contains(hybridConnectionRelay, 'sendKeyName') ? hybridConnectionRelay.sendKeyName : null + enableDefaultTelemetry: enableReferencedModulesTelemetry + } +}] + +resource app_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' + properties: { + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' + } + scope: app +} + +resource app_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = [for (diagnosticSetting, index) in (diagnosticSettings ?? []): { + name: diagnosticSetting.?name ?? '${name}-diagnosticSettings' + properties: { + storageAccountId: diagnosticSetting.?storageAccountResourceId + workspaceId: diagnosticSetting.?workspaceResourceId + eventHubAuthorizationRuleId: diagnosticSetting.?eventHubAuthorizationRuleResourceId + eventHubName: diagnosticSetting.?eventHubName + metrics: diagnosticSetting.?metricCategories ?? [ + { + category: 'AllMetrics' + timeGrain: null + enabled: true + } + ] + logs: diagnosticSetting.?logCategoriesAndGroups ?? [ + { + categoryGroup: 'AllLogs' + enabled: true + } + ] + marketplacePartnerId: diagnosticSetting.?marketplacePartnerResourceId + logAnalyticsDestinationType: diagnosticSetting.?logAnalyticsDestinationType + } + scope: app +}] + +resource app_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (roleAssignment, index) in (roleAssignments ?? []): { + name: guid(app.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName) + properties: { + roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] : roleAssignment.roleDefinitionIdOrName + principalId: roleAssignment.principalId + description: roleAssignment.?description + principalType: roleAssignment.?principalType + condition: roleAssignment.?condition + conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set + delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId + } + scope: app +}] + +module app_privateEndpoints '../privateEndpoint/privateEndpoint.bicep' = [for (privateEndpoint, index) in (privateEndpoints ?? []): { + name: '${uniqueString(deployment().name, location)}-app-PrivateEndpoint-${index}' + params: { + groupIds: [ + privateEndpoint.?service ?? 'sites' + ] + name: privateEndpoint.?name ?? 'pep-${last(split(app.id, '/'))}-${privateEndpoint.?service ?? 'sites'}-${index}' + serviceResourceId: app.id + subnetResourceId: privateEndpoint.subnetResourceId + enableDefaultTelemetry: privateEndpoint.?enableDefaultTelemetry ?? enableReferencedModulesTelemetry + location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location + lock: privateEndpoint.?lock ?? lock + privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName + privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds + roleAssignments: privateEndpoint.?roleAssignments + tags: privateEndpoint.?tags ?? tags + manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections + customDnsConfigs: privateEndpoint.?customDnsConfigs + ipConfigurations: privateEndpoint.?ipConfigurations + applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds + customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName + } +}] + +@description('The name of the site.') +output name string = app.name + +@description('The resource ID of the site.') +output resourceId string = app.id + +@description('The list of the slots.') +output slots array = [for (slot, index) in slots: app_slots[index].name] + +@description('The list of the slot resource ids.') +output slotResourceIds array = [for (slot, index) in slots: app_slots[index].outputs.resourceId] + +@description('The resource group the site was deployed into.') +output resourceGroupName string = resourceGroup().name + +@description('The principal ID of the system assigned identity.') +output systemAssignedMIPrincipalId string = (managedIdentities.?systemAssigned ?? false) && contains(app.identity, 'principalId') ? app.identity.principalId : '' + +@description('The principal ID of the system assigned identity of slots.') +output slotSystemAssignedPrincipalIds array = [for (slot, index) in slots: app_slots[index].outputs.systemAssignedMIPrincipalId] + +@description('The location the resource was deployed into.') +output location string = app.location + +@description('Default hostname of the app.') +output defaultHostname string = app.properties.defaultHostName + +// =============== // +// Definitions // +// =============== // + +type managedIdentitiesType = { + @description('Optional. Enables system assigned managed identity on the resource.') + systemAssigned: bool? + + @description('Optional. The resource ID(s) to assign to the resource.') + userAssignedResourcesIds: string[]? +}? + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? + +type roleAssignmentType = { + @description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') + roleDefinitionIdOrName: string + + @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.') + principalId: string + + @description('Optional. The principal type of the assigned principal ID.') + principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device' | null)? + + @description('Optional. The description of the role assignment.') + description: string? + + @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') + condition: string? + + @description('Optional. Version of the condition.') + conditionVersion: '2.0'? + + @description('Optional. The Resource Id of the delegated managed identity resource.') + delegatedManagedIdentityResourceId: string? +}[]? + +type privateEndpointType = { + @description('Optional. The name of the private endpoint.') + name: string? + + @description('Optional. The location to deploy the private endpoint to.') + location: string? + + @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".') + service: string? + + @description('Required. Resource ID of the subnet where the endpoint needs to be created.') + subnetResourceId: string + + @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.') + privateDnsZoneGroupName: string? + + @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') + privateDnsZoneResourceIds: string[]? + + @description('Optional. Custom DNS configurations.') + customDnsConfigs: { + @description('Required. Fqdn that resolves to private endpoint ip address.') + fqdn: string? + + @description('Required. A list of private ip addresses of the private endpoint.') + ipAddresses: string[] + }[]? + + @description('Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints.') + ipConfigurations: { + @description('Required. The name of the resource that is unique within a resource group.') + name: string + + @description('Required. Properties of private endpoint IP configurations.') + properties: { + @description('Required. The ID of a group obtained from the remote resource that this private endpoint should connect to.') + groupId: string + + @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') + memberName: string + + @description('Required. A private ip address obtained from the private endpoint\'s subnet.') + privateIPAddress: string + } + }[]? + + @description('Optional. Application security groups in which the private endpoint IP configuration is included.') + applicationSecurityGroupResourceIds: string[]? + + @description('Optional. The custom name of the network interface attached to the private endpoint.') + customNetworkInterfaceName: string? + + @description('Optional. Specify the type of lock.') + lock: lockType + + @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') + roleAssignments: roleAssignmentType + + @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') + tags: object? + + @description('Optional. Manual PrivateLink Service Connections.') + manualPrivateLinkServiceConnections: array? + + @description('Optional. Enable/Disable usage telemetry for module.') + enableTelemetry: bool? +}[]? + +type diagnosticSettingType = { + @description('Optional. The name of diagnostic setting.') + name: string? + + @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to \'\' to disable log collection.') + logCategoriesAndGroups: { + @description('Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here.') + category: string? + + @description('Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to \'AllLogs\' to collect all logs.') + categoryGroup: string? + }[]? + + @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to \'\' to disable log collection.') + metricCategories: { + @description('Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to \'AllMetrics\' to collect all metrics.') + category: string + }[]? + + @description('Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.') + logAnalyticsDestinationType: ('Dedicated' | 'AzureDiagnostics' | null)? + + @description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') + workspaceResourceId: string? + + @description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') + storageAccountResourceId: string? + + @description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') + eventHubAuthorizationRuleResourceId: string? + + @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') + eventHubName: string? + + @description('Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.') + marketplacePartnerResourceId: string? +}[]? From 5c3d86c0add6c141964b2b08fb6a635eb9302999 Mon Sep 17 00:00:00 2001 From: Dan Rios <36534747+riosengineer@users.noreply.github.com> Date: Mon, 20 Nov 2023 14:28:27 +0000 Subject: [PATCH 02/13] Update README.md --- bicep-examples/dependencies/README.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/bicep-examples/dependencies/README.md b/bicep-examples/dependencies/README.md index 8f7019b..293077b 100644 --- a/bicep-examples/dependencies/README.md +++ b/bicep-examples/dependencies/README.md @@ -1,8 +1,11 @@ -# Resource dependencies in Azure Bicep +# Resource dependencies in Azure Bicep 🦾 There's two types of dependencies `implicit` and `explicit` in Azure Bicep. Within the `main.bicep` file example you'll notice many implicit and some explicit dependencies that you can review as a real example of how these two play a role in your Azure Bicep deployments. -## Implicit +> [!TIP] +> If you're interested in this example solution and what it does then there is more information in this template repo [here](https://github.com/riosengineer/bicep-quickstart-frontdoor-private-endpoint-appservice) with supporting documentation. + +## Implicit 🔗 With `implicit` dependencies we are referencing another Azure resource within the same deployment, which means we'll not need to declare an explicit dependency. There are two common ways this is accomplished. For example: @@ -42,7 +45,7 @@ resource frontDoorOriginGroup 'Microsoft.Cdn/profiles/originGroups@2021-06-01' = Lastly, notice the `parent:` property defined in this Azure Front Door resource block, where it's defining the symbolic name from the Azure CDN profile object. This is also an implicit dependency created between the two objects. -## Explicit +## Explicit 🖇️ ```javascript resource frontDoorProfile 'Microsoft.Cdn/profiles@2021-06-01' = { @@ -62,7 +65,7 @@ For explicit dependencies, we can use the `dependsOn` property to describe expli In the case above, I don't want my Front Door deployment to start before the App service and App Plan have been deployed first, as I need them to exist for my origin backend. -## Deployment +## Deployment 🚀 > [!WARNING] > This example deploys Azure Front Door Premium SKU which is circa $300 for the month. Do not leave running if you don't want to incur charges. Make sure to delete after deployment and you'll likely see next to no charges for doing this test deploy. From 24af7bf6c897e2b203940bdde35493a3960f2eff Mon Sep 17 00:00:00 2001 From: Dan Rios <36534747+riosengineer@users.noreply.github.com> Date: Mon, 20 Nov 2023 14:31:05 +0000 Subject: [PATCH 03/13] Update README.md --- bicep-examples/dependencies/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bicep-examples/dependencies/README.md b/bicep-examples/dependencies/README.md index 293077b..0517f0a 100644 --- a/bicep-examples/dependencies/README.md +++ b/bicep-examples/dependencies/README.md @@ -3,7 +3,7 @@ There's two types of dependencies `implicit` and `explicit` in Azure Bicep. Within the `main.bicep` file example you'll notice many implicit and some explicit dependencies that you can review as a real example of how these two play a role in your Azure Bicep deployments. > [!TIP] -> If you're interested in this example solution and what it does then there is more information in this template repo [here](https://github.com/riosengineer/bicep-quickstart-frontdoor-private-endpoint-appservice) with supporting documentation. +> If you're interested in this examples solution and what it does then there is more information in this template repo [here](https://github.com/riosengineer/bicep-quickstart-frontdoor-private-endpoint-appservice) with supporting documentation and architectural drawing. ## Implicit 🔗 From 6c611fccf0ffc028523a44778bf34e42c6af8a7a Mon Sep 17 00:00:00 2001 From: Dan Rios <36534747+riosengineer@users.noreply.github.com> Date: Mon, 20 Nov 2023 14:35:56 +0000 Subject: [PATCH 04/13] Update README.md --- bicep-examples/dependencies/README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/bicep-examples/dependencies/README.md b/bicep-examples/dependencies/README.md index 0517f0a..fdfe2e6 100644 --- a/bicep-examples/dependencies/README.md +++ b/bicep-examples/dependencies/README.md @@ -43,7 +43,7 @@ resource frontDoorOriginGroup 'Microsoft.Cdn/profiles/originGroups@2021-06-01' = } ``` -Lastly, notice the `parent:` property defined in this Azure Front Door resource block, where it's defining the symbolic name from the Azure CDN profile object. This is also an implicit dependency created between the two objects. +Lastly, notice the `parent:` property defined in this Azure Front Door resource block above, where it's defining the symbolic name from the Azure CDN profile object. This is also an implicit dependency created between the two objects. ## Explicit 🖇️ @@ -68,7 +68,9 @@ In the case above, I don't want my Front Door deployment to start before the App ## Deployment 🚀 > [!WARNING] -> This example deploys Azure Front Door Premium SKU which is circa $300 for the month. Do not leave running if you don't want to incur charges. Make sure to delete after deployment and you'll likely see next to no charges for doing this test deploy. +> This example deploys Azure Front Door Premium SKU which is circa $300 for the month. Do not leave running if you don't want to incur charges. Make sure to delete as soon as possible after deployment and you'll likely see very minimal costs. + +Define the parameters in the top of the file before deploying. In VisualStudio Code open a terminal and run: From 48331e0bd0b67284a1e5d6fd5020c02e6582a5e7 Mon Sep 17 00:00:00 2001 From: Dan Rios <36534747+riosengineer@users.noreply.github.com> Date: Mon, 20 Nov 2023 14:48:35 +0000 Subject: [PATCH 05/13] Deleting tests Removing CARML tests --- .../modules/webApp/connection/README.md | 435 ----- .../modules/webApp/connection/main.bicep | 149 -- .../modules/webApp/connection/main.json | 304 --- .../tests/e2e/max/dependencies.bicep | 13 - .../connection/tests/e2e/max/main.test.bicep | 77 - .../tests/e2e/waf-aligned/dependencies.bicep | 13 - .../tests/e2e/waf-aligned/main.test.bicep | 77 - .../modules/webApp/connection/version.json | 7 - .../webApp/hosting-environment/README.md | 840 -------- .../configuration--customdnssuffix/README.md | 82 - .../configuration--customdnssuffix/main.bicep | 53 - .../configuration--customdnssuffix/main.json | 96 - .../version.json | 7 - .../configuration--networking/README.md | 88 - .../configuration--networking/main.bicep | 57 - .../configuration--networking/main.json | 107 - .../configuration--networking/version.json | 7 - .../webApp/hosting-environment/main.bicep | 324 --- .../webApp/hosting-environment/main.json | 850 -------- .../tests/e2e/asev2/dependencies.bicep | 80 - .../tests/e2e/asev2/main.test.bicep | 111 -- .../tests/e2e/asev3/dependencies.bicep | 135 -- .../tests/e2e/asev3/main.test.bicep | 119 -- .../webApp/hosting-environment/version.json | 7 - .../modules/webApp/serverfarm/README.md | 639 ------ .../modules/webApp/serverfarm/main.bicep | 238 --- .../modules/webApp/serverfarm/main.json | 452 ----- .../tests/e2e/max/dependencies.bicep | 13 - .../serverfarm/tests/e2e/max/main.test.bicep | 107 - .../tests/e2e/waf-aligned/dependencies.bicep | 13 - .../tests/e2e/waf-aligned/main.test.bicep | 107 - .../modules/webApp/serverfarm/version.json | 7 - .../e2e/functionAppCommon/dependencies.bicep | 148 -- .../e2e/functionAppCommon/main.test.bicep | 201 -- .../e2e/functionAppMin/dependencies.bicep | 21 - .../tests/e2e/functionAppMin/main.test.bicep | 58 - .../tests/e2e/webAppCommon/dependencies.bicep | 119 -- .../tests/e2e/webAppCommon/main.test.bicep | 200 -- .../tests/e2e/webAppMin/dependencies.bicep | 21 - .../site/tests/e2e/webAppMin/main.test.bicep | 55 - .../modules/webApp/static-site/README.md | 949 --------- .../webApp/static-site/config/README.md | 90 - .../webApp/static-site/config/main.bicep | 54 - .../webApp/static-site/config/main.json | 97 - .../webApp/static-site/config/version.json | 7 - .../static-site/custom-domain/README.md | 84 - .../static-site/custom-domain/main.bicep | 51 - .../static-site/custom-domain/main.json | 96 - .../static-site/custom-domain/version.json | 7 - .../static-site/linked-backend/README.md | 92 - .../static-site/linked-backend/main.bicep | 55 - .../static-site/linked-backend/main.json | 104 - .../static-site/linked-backend/version.json | 7 - .../modules/webApp/static-site/main.bicep | 355 ---- .../modules/webApp/static-site/main.json | 1731 ----------------- .../tests/e2e/defaults/main.test.bicep | 48 - .../tests/e2e/max/dependencies.bicep | 94 - .../static-site/tests/e2e/max/main.test.bicep | 109 -- .../tests/e2e/waf-aligned/dependencies.bicep | 94 - .../tests/e2e/waf-aligned/main.test.bicep | 109 -- .../modules/webApp/static-site/version.json | 7 - 61 files changed, 10677 deletions(-) delete mode 100644 bicep-examples/dependencies/modules/webApp/connection/README.md delete mode 100644 bicep-examples/dependencies/modules/webApp/connection/main.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/connection/main.json delete mode 100644 bicep-examples/dependencies/modules/webApp/connection/tests/e2e/max/dependencies.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/connection/tests/e2e/max/main.test.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/connection/tests/e2e/waf-aligned/dependencies.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/connection/tests/e2e/waf-aligned/main.test.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/connection/version.json delete mode 100644 bicep-examples/dependencies/modules/webApp/hosting-environment/README.md delete mode 100644 bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/README.md delete mode 100644 bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/main.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/main.json delete mode 100644 bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/version.json delete mode 100644 bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/README.md delete mode 100644 bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/main.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/main.json delete mode 100644 bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/version.json delete mode 100644 bicep-examples/dependencies/modules/webApp/hosting-environment/main.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/hosting-environment/main.json delete mode 100644 bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev2/dependencies.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev2/main.test.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev3/dependencies.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev3/main.test.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/hosting-environment/version.json delete mode 100644 bicep-examples/dependencies/modules/webApp/serverfarm/README.md delete mode 100644 bicep-examples/dependencies/modules/webApp/serverfarm/main.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/serverfarm/main.json delete mode 100644 bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/max/dependencies.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/max/main.test.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/waf-aligned/dependencies.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/waf-aligned/main.test.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/serverfarm/version.json delete mode 100644 bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppCommon/dependencies.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppCommon/main.test.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppMin/dependencies.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppMin/main.test.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppCommon/dependencies.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppCommon/main.test.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppMin/dependencies.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppMin/main.test.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/README.md delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/config/README.md delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/config/main.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/config/main.json delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/config/version.json delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/custom-domain/README.md delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/custom-domain/main.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/custom-domain/main.json delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/custom-domain/version.json delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/linked-backend/README.md delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/linked-backend/main.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/linked-backend/main.json delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/linked-backend/version.json delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/main.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/main.json delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/defaults/main.test.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/max/dependencies.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/max/main.test.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/waf-aligned/dependencies.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/waf-aligned/main.test.bicep delete mode 100644 bicep-examples/dependencies/modules/webApp/static-site/version.json diff --git a/bicep-examples/dependencies/modules/webApp/connection/README.md b/bicep-examples/dependencies/modules/webApp/connection/README.md deleted file mode 100644 index 682936b..0000000 --- a/bicep-examples/dependencies/modules/webApp/connection/README.md +++ /dev/null @@ -1,435 +0,0 @@ -# API Connections `[Microsoft.Web/connections]` - -This module deploys an Azure API Connection. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Usage examples](#Usage-examples) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.Web/connections` | [2016-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2016-06-01/connections) | - -## Usage examples - -The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. - ->**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - ->**Note**: To reference the module, please use the following syntax `br:bicep/modules/web.connection:1.0.0`. - -- [Using large parameter set](#example-1-using-large-parameter-set) -- [WAF-aligned](#example-2-waf-aligned) - -### Example 1: _Using large parameter set_ - -This instance deploys the module with most of its features enabled. - - -
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "displayName": {
- "value": "azuremonitorlogs"
- },
- "name": {
- "value": "azuremonitor"
- },
- // Non-required parameters
- "api": {
- "value": {
- "id": "
-
-### Example 2: _WAF-aligned_
-
-This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.
-
-
-via Bicep module
-
-```bicep
-module connection 'br:bicep/modules/web.connection:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-wcwaf'
- params: {
- // Required parameters
- displayName: 'azuremonitorlogs'
- name: 'azuremonitor'
- // Non-required parameters
- api: {
- id: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "displayName": {
- "value": "azuremonitorlogs"
- },
- "name": {
- "value": "azuremonitor"
- },
- // Non-required parameters
- "api": {
- "value": {
- "id": "
-
-
-## Parameters
-
-**Required parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`displayName`](#parameter-displayname) | string | Display name connection. Example: 'blobconnection' when using blobs. It can change depending on the resource. |
-| [`name`](#parameter-name) | string | Connection name for connection. Example: 'azureblob' when using blobs. It can change depending on the resource. |
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`api`](#parameter-api) | object | Specific values for some API connections. |
-| [`customParameterValues`](#parameter-customparametervalues) | object | Customized parameter values for specific connections. |
-| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
-| [`location`](#parameter-location) | string | Location of the deployment. |
-| [`lock`](#parameter-lock) | object | The lock settings of the service. |
-| [`nonSecretParameterValues`](#parameter-nonsecretparametervalues) | object | Dictionary of nonsecret parameter values. |
-| [`parameterValues`](#parameter-parametervalues) | secureObject | Connection strings or access keys for connection. Example: 'accountName' and 'accessKey' when using blobs. It can change depending on the resource. |
-| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| [`statuses`](#parameter-statuses) | array | Status of the connection. |
-| [`tags`](#parameter-tags) | object | Tags of the resource. |
-| [`testLinks`](#parameter-testlinks) | array | Links to test the API connection. |
-
-### Parameter: `api`
-
-Specific values for some API connections.
-- Required: No
-- Type: object
-- Default: `{}`
-
-### Parameter: `customParameterValues`
-
-Customized parameter values for specific connections.
-- Required: No
-- Type: object
-- Default: `{}`
-
-### Parameter: `displayName`
-
-Display name connection. Example: 'blobconnection' when using blobs. It can change depending on the resource.
-- Required: Yes
-- Type: string
-
-### Parameter: `enableDefaultTelemetry`
-
-Enable telemetry via a Globally Unique Identifier (GUID).
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `location`
-
-Location of the deployment.
-- Required: No
-- Type: string
-- Default: `[resourceGroup().location]`
-
-### Parameter: `lock`
-
-The lock settings of the service.
-- Required: No
-- Type: object
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. |
-| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. |
-
-### Parameter: `lock.kind`
-
-Optional. Specify the type of lock.
-
-- Required: No
-- Type: string
-- Allowed: `[CanNotDelete, None, ReadOnly]`
-
-### Parameter: `lock.name`
-
-Optional. Specify the name of lock.
-
-- Required: No
-- Type: string
-
-### Parameter: `name`
-
-Connection name for connection. Example: 'azureblob' when using blobs. It can change depending on the resource.
-- Required: Yes
-- Type: string
-
-### Parameter: `nonSecretParameterValues`
-
-Dictionary of nonsecret parameter values.
-- Required: No
-- Type: object
-- Default: `{}`
-
-### Parameter: `parameterValues`
-
-Connection strings or access keys for connection. Example: 'accountName' and 'accessKey' when using blobs. It can change depending on the resource.
-- Required: No
-- Type: secureObject
-- Default: `{}`
-
-### Parameter: `roleAssignments`
-
-Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
-- Required: No
-- Type: array
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
-| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. |
-| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. |
-| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. |
-| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. |
-| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. |
-| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. |
-
-### Parameter: `roleAssignments.condition`
-
-Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.conditionVersion`
-
-Optional. Version of the condition.
-
-- Required: No
-- Type: string
-- Allowed: `[2.0]`
-
-### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
-
-Optional. The Resource Id of the delegated managed identity resource.
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.description`
-
-Optional. The description of the role assignment.
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.principalId`
-
-Required. The principal ID of the principal (user/group/identity) to assign the role to.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `roleAssignments.principalType`
-
-Optional. The principal type of the assigned principal ID.
-
-- Required: No
-- Type: string
-- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]`
-
-### Parameter: `roleAssignments.roleDefinitionIdOrName`
-
-Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `statuses`
-
-Status of the connection.
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `tags`
-
-Tags of the resource.
-- Required: No
-- Type: object
-
-### Parameter: `testLinks`
-
-Links to test the API connection.
-- Required: No
-- Type: array
-- Default: `[]`
-
-
-## Outputs
-
-| Output | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the connection. |
-| `resourceGroupName` | string | The resource group the connection was deployed into. |
-| `resourceId` | string | The resource ID of the connection. |
-
-## Cross-referenced modules
-
-_None_
diff --git a/bicep-examples/dependencies/modules/webApp/connection/main.bicep b/bicep-examples/dependencies/modules/webApp/connection/main.bicep
deleted file mode 100644
index bfa55bc..0000000
--- a/bicep-examples/dependencies/modules/webApp/connection/main.bicep
+++ /dev/null
@@ -1,149 +0,0 @@
-metadata name = 'API Connections'
-metadata description = 'This module deploys an Azure API Connection.'
-metadata owner = 'Azure/module-maintainers'
-
-@description('Optional. Specific values for some API connections.')
-param api object = {}
-
-@description('Required. Connection name for connection. Example: \'azureblob\' when using blobs. It can change depending on the resource.')
-param name string
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Optional. Customized parameter values for specific connections.')
-param customParameterValues object = {}
-
-@description('Required. Display name connection. Example: \'blobconnection\' when using blobs. It can change depending on the resource.')
-param displayName string
-
-@description('Optional. Location of the deployment.')
-param location string = resourceGroup().location
-
-@description('Optional. Dictionary of nonsecret parameter values.')
-#disable-next-line secure-secrets-in-params // Not a secret
-param nonSecretParameterValues object = {}
-
-@description('Optional. Connection strings or access keys for connection. Example: \'accountName\' and \'accessKey\' when using blobs. It can change depending on the resource.')
-@secure()
-param parameterValues object = {}
-
-@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.')
-param roleAssignments roleAssignmentType
-
-@description('Optional. Status of the connection.')
-param statuses array = []
-
-@description('Optional. The lock settings of the service.')
-param lock lockType
-
-@description('Optional. Tags of the resource.')
-param tags object?
-
-@description('Optional. Links to test the API connection.')
-param testLinks array = []
-
-var builtInRoleNames = {
- Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
- Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
- Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
- 'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')
- 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')
-}
-
-resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
- name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
- properties: {
- mode: 'Incremental'
- template: {
- '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
- contentVersion: '1.0.0.0'
- resources: []
- }
- }
-}
-
-resource connection 'Microsoft.Web/connections@2016-06-01' = {
- name: name
- location: location
- tags: tags
- properties: {
- displayName: displayName
- customParameterValues: customParameterValues
- api: api
- parameterValues: !empty(parameterValues) ? parameterValues : null
- nonSecretParameterValues: !empty(nonSecretParameterValues) ? nonSecretParameterValues : null
- testLinks: !empty(testLinks) ? testLinks : null
- statuses: !empty(statuses) ? statuses : null
- }
-}
-
-resource connection_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') {
- name: lock.?name ?? 'lock-${name}'
- properties: {
- level: lock.?kind ?? ''
- notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.'
- }
- scope: connection
-}
-
-resource connection_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (roleAssignment, index) in (roleAssignments ?? []): {
- name: guid(connection.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName)
- properties: {
- roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] : roleAssignment.roleDefinitionIdOrName
- principalId: roleAssignment.principalId
- description: roleAssignment.?description
- principalType: roleAssignment.?principalType
- condition: roleAssignment.?condition
- conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set
- delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId
- }
- scope: connection
-}]
-
-@description('The resource ID of the connection.')
-output resourceId string = connection.id
-
-@description('The resource group the connection was deployed into.')
-output resourceGroupName string = resourceGroup().name
-
-@description('The name of the connection.')
-output name string = connection.name
-
-@description('The location the resource was deployed into.')
-output location string = connection.location
-
-// =============== //
-// Definitions //
-// =============== //
-
-type lockType = {
- @description('Optional. Specify the name of lock.')
- name: string?
-
- @description('Optional. Specify the type of lock.')
- kind: ('CanNotDelete' | 'ReadOnly' | 'None')?
-}?
-
-type roleAssignmentType = {
- @description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.')
- roleDefinitionIdOrName: string
-
- @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.')
- principalId: string
-
- @description('Optional. The principal type of the assigned principal ID.')
- principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device' | null)?
-
- @description('Optional. The description of the role assignment.')
- description: string?
-
- @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"')
- condition: string?
-
- @description('Optional. Version of the condition.')
- conditionVersion: '2.0'?
-
- @description('Optional. The Resource Id of the delegated managed identity resource.')
- delegatedManagedIdentityResourceId: string?
-}[]?
diff --git a/bicep-examples/dependencies/modules/webApp/connection/main.json b/bicep-examples/dependencies/modules/webApp/connection/main.json
deleted file mode 100644
index dab170f..0000000
--- a/bicep-examples/dependencies/modules/webApp/connection/main.json
+++ /dev/null
@@ -1,304 +0,0 @@
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.0",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.22.6.54827",
- "templateHash": "11837763267512511834"
- },
- "name": "API Connections",
- "description": "This module deploys an Azure API Connection.",
- "owner": "Azure/module-maintainers"
- },
- "definitions": {
- "lockType": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Specify the name of lock."
- }
- },
- "kind": {
- "type": "string",
- "allowedValues": [
- "CanNotDelete",
- "None",
- "ReadOnly"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. Specify the type of lock."
- }
- }
- },
- "nullable": true
- },
- "roleAssignmentType": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "roleDefinitionIdOrName": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead."
- }
- },
- "principalId": {
- "type": "string",
- "metadata": {
- "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to."
- }
- },
- "principalType": {
- "type": "string",
- "allowedValues": [
- "Device",
- "ForeignGroup",
- "Group",
- "ServicePrincipal",
- "User"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. The principal type of the assigned principal ID."
- }
- },
- "description": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The description of the role assignment."
- }
- },
- "condition": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
- }
- },
- "conditionVersion": {
- "type": "string",
- "allowedValues": [
- "2.0"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. Version of the condition."
- }
- },
- "delegatedManagedIdentityResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The Resource Id of the delegated managed identity resource."
- }
- }
- }
- },
- "nullable": true
- }
- },
- "parameters": {
- "api": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Specific values for some API connections."
- }
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. Connection name for connection. Example: 'azureblob' when using blobs. It can change depending on the resource."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "customParameterValues": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Customized parameter values for specific connections."
- }
- },
- "displayName": {
- "type": "string",
- "metadata": {
- "description": "Required. Display name connection. Example: 'blobconnection' when using blobs. It can change depending on the resource."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. Location of the deployment."
- }
- },
- "nonSecretParameterValues": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Dictionary of nonsecret parameter values."
- }
- },
- "parameterValues": {
- "type": "secureObject",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Connection strings or access keys for connection. Example: 'accountName' and 'accessKey' when using blobs. It can change depending on the resource."
- }
- },
- "roleAssignments": {
- "$ref": "#/definitions/roleAssignmentType",
- "metadata": {
- "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
- }
- },
- "statuses": {
- "type": "array",
- "defaultValue": [],
- "metadata": {
- "description": "Optional. Status of the connection."
- }
- },
- "lock": {
- "$ref": "#/definitions/lockType",
- "metadata": {
- "description": "Optional. The lock settings of the service."
- }
- },
- "tags": {
- "type": "object",
- "nullable": true,
- "metadata": {
- "description": "Optional. Tags of the resource."
- }
- },
- "testLinks": {
- "type": "array",
- "defaultValue": [],
- "metadata": {
- "description": "Optional. Links to test the API connection."
- }
- }
- },
- "variables": {
- "builtInRoleNames": {
- "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
- "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
- "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
- "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]",
- "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]"
- }
- },
- "resources": {
- "defaultTelemetry": {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- "connection": {
- "type": "Microsoft.Web/connections",
- "apiVersion": "2016-06-01",
- "name": "[parameters('name')]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "properties": {
- "displayName": "[parameters('displayName')]",
- "customParameterValues": "[parameters('customParameterValues')]",
- "api": "[parameters('api')]",
- "parameterValues": "[if(not(empty(parameters('parameterValues'))), parameters('parameterValues'), null())]",
- "nonSecretParameterValues": "[if(not(empty(parameters('nonSecretParameterValues'))), parameters('nonSecretParameterValues'), null())]",
- "testLinks": "[if(not(empty(parameters('testLinks'))), parameters('testLinks'), null())]",
- "statuses": "[if(not(empty(parameters('statuses'))), parameters('statuses'), null())]"
- }
- },
- "connection_lock": {
- "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
- "type": "Microsoft.Authorization/locks",
- "apiVersion": "2020-05-01",
- "scope": "[format('Microsoft.Web/connections/{0}', parameters('name'))]",
- "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]",
- "properties": {
- "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]",
- "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]"
- },
- "dependsOn": [
- "connection"
- ]
- },
- "connection_roleAssignments": {
- "copy": {
- "name": "connection_roleAssignments",
- "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]"
- },
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2022-04-01",
- "scope": "[format('Microsoft.Web/connections/{0}', parameters('name'))]",
- "name": "[guid(resourceId('Microsoft.Web/connections', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
- "properties": {
- "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
- "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]",
- "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]",
- "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]",
- "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]",
- "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]",
- "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]"
- },
- "dependsOn": [
- "connection"
- ]
- }
- },
- "outputs": {
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the connection."
- },
- "value": "[resourceId('Microsoft.Web/connections', parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The resource group the connection was deployed into."
- },
- "value": "[resourceGroup().name]"
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the connection."
- },
- "value": "[parameters('name')]"
- },
- "location": {
- "type": "string",
- "metadata": {
- "description": "The location the resource was deployed into."
- },
- "value": "[reference('connection', '2016-06-01', 'full').location]"
- }
- }
-}
\ No newline at end of file
diff --git a/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/max/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/max/dependencies.bicep
deleted file mode 100644
index a7f42ae..0000000
--- a/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/max/dependencies.bicep
+++ /dev/null
@@ -1,13 +0,0 @@
-@description('Optional. The location to deploy to.')
-param location string = resourceGroup().location
-
-@description('Required. The name of the Managed Identity to create.')
-param managedIdentityName string
-
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
- name: managedIdentityName
- location: location
-}
-
-@description('The principal ID of the created Managed Identity.')
-output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/max/main.test.bicep b/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/max/main.test.bicep
deleted file mode 100644
index 185384c..0000000
--- a/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/max/main.test.bicep
+++ /dev/null
@@ -1,77 +0,0 @@
-targetScope = 'subscription'
-
-metadata name = 'Using large parameter set'
-metadata description = 'This instance deploys the module with most of its features enabled.'
-
-// ========== //
-// Parameters //
-// ========== //
-
-@description('Optional. The name of the resource group to deploy for testing purposes.')
-@maxLength(90)
-param resourceGroupName string = 'dep-${namePrefix}-web.connections-${serviceShort}-rg'
-
-@description('Optional. The location to deploy resources to.')
-param location string = deployment().location
-
-@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'wcmax'
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Optional. A token to inject into the name of each resource.')
-param namePrefix string = '[[namePrefix]]'
-
-// ============ //
-// Dependencies //
-// ============ //
-
-// General resources
-// =================
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
- name: resourceGroupName
- location: location
-}
-
-module nestedDependencies 'dependencies.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-nestedDependencies'
- params: {
- managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
- }
-}
-
-// ============== //
-// Test Execution //
-// ============== //
-
-module testDeployment '../../../main.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
- params: {
- enableDefaultTelemetry: enableDefaultTelemetry
- displayName: 'azuremonitorlogs'
- name: 'azuremonitor'
- api: {
- id: '${subscription().id}/providers/Microsoft.Web/locations/westeurope/managedApis/azuremonitorlogs'
-
- }
- lock: {
- kind: 'CanNotDelete'
- name: 'myCustomLockName'
- }
- roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- principalId: nestedDependencies.outputs.managedIdentityPrincipalId
- principalType: 'ServicePrincipal'
- }
- ]
- tags: {
- 'hidden-title': 'This is visible in the resource name'
- Environment: 'Non-Prod'
- Role: 'DeploymentValidation'
- }
- }
-}
diff --git a/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/waf-aligned/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/waf-aligned/dependencies.bicep
deleted file mode 100644
index a7f42ae..0000000
--- a/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/waf-aligned/dependencies.bicep
+++ /dev/null
@@ -1,13 +0,0 @@
-@description('Optional. The location to deploy to.')
-param location string = resourceGroup().location
-
-@description('Required. The name of the Managed Identity to create.')
-param managedIdentityName string
-
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
- name: managedIdentityName
- location: location
-}
-
-@description('The principal ID of the created Managed Identity.')
-output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/waf-aligned/main.test.bicep b/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/waf-aligned/main.test.bicep
deleted file mode 100644
index acc6afb..0000000
--- a/bicep-examples/dependencies/modules/webApp/connection/tests/e2e/waf-aligned/main.test.bicep
+++ /dev/null
@@ -1,77 +0,0 @@
-targetScope = 'subscription'
-
-metadata name = 'WAF-aligned'
-metadata description = 'This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.'
-
-// ========== //
-// Parameters //
-// ========== //
-
-@description('Optional. The name of the resource group to deploy for testing purposes.')
-@maxLength(90)
-param resourceGroupName string = 'dep-${namePrefix}-web.connections-${serviceShort}-rg'
-
-@description('Optional. The location to deploy resources to.')
-param location string = deployment().location
-
-@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'wcwaf'
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Optional. A token to inject into the name of each resource.')
-param namePrefix string = '[[namePrefix]]'
-
-// ============ //
-// Dependencies //
-// ============ //
-
-// General resources
-// =================
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
- name: resourceGroupName
- location: location
-}
-
-module nestedDependencies 'dependencies.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-nestedDependencies'
- params: {
- managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
- }
-}
-
-// ============== //
-// Test Execution //
-// ============== //
-
-module testDeployment '../../../main.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
- params: {
- enableDefaultTelemetry: enableDefaultTelemetry
- displayName: 'azuremonitorlogs'
- name: 'azuremonitor'
- api: {
- id: '${subscription().id}/providers/Microsoft.Web/locations/westeurope/managedApis/azuremonitorlogs'
-
- }
- lock: {
- kind: 'CanNotDelete'
- name: 'myCustomLockName'
- }
- roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- principalId: nestedDependencies.outputs.managedIdentityPrincipalId
- principalType: 'ServicePrincipal'
- }
- ]
- tags: {
- 'hidden-title': 'This is visible in the resource name'
- Environment: 'Non-Prod'
- Role: 'DeploymentValidation'
- }
- }
-}
diff --git a/bicep-examples/dependencies/modules/webApp/connection/version.json b/bicep-examples/dependencies/modules/webApp/connection/version.json
deleted file mode 100644
index 96236a6..0000000
--- a/bicep-examples/dependencies/modules/webApp/connection/version.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
- "version": "0.4",
- "pathFilters": [
- "./main.json"
- ]
-}
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/README.md b/bicep-examples/dependencies/modules/webApp/hosting-environment/README.md
deleted file mode 100644
index 306a671..0000000
--- a/bicep-examples/dependencies/modules/webApp/hosting-environment/README.md
+++ /dev/null
@@ -1,840 +0,0 @@
-# App Service Environments `[Microsoft.Web/hostingEnvironments]`
-
-This module deploys an App Service Environment.
-
-## Navigation
-
-- [Resource Types](#Resource-Types)
-- [Usage examples](#Usage-examples)
-- [Parameters](#Parameters)
-- [Outputs](#Outputs)
-- [Cross-referenced modules](#Cross-referenced-modules)
-
-## Resource Types
-
-| Resource Type | API Version |
-| :-- | :-- |
-| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
-| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
-| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
-| `Microsoft.Web/hostingEnvironments` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-03-01/hostingEnvironments) |
-| `Microsoft.Web/hostingEnvironments/configurations` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/hostingEnvironments/configurations) |
-
-## Usage examples
-
-The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
-
->**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
->**Note**: To reference the module, please use the following syntax `br:bicep/modules/web.hosting-environment:1.0.0`.
-
-- [Asev2](#example-1-asev2)
-- [Asev3](#example-2-asev3)
-
-### Example 1: _Asev2_
-
-via Bicep module
-
-```bicep
-module hostingEnvironment 'br:bicep/modules/web.hosting-environment:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-whasev2'
- params: {
- // Required parameters
- name: 'whasev2001'
- subnetResourceId: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "name": {
- "value": "whasev2001"
- },
- "subnetResourceId": {
- "value": "
-
-### Example 2: _Asev3_
-
-via Bicep module
-
-```bicep
-module hostingEnvironment 'br:bicep/modules/web.hosting-environment:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-whasev3'
- params: {
- // Required parameters
- name: 'whasev3001'
- subnetResourceId: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "name": {
- "value": "whasev3001"
- },
- "subnetResourceId": {
- "value": "
-
-
-## Parameters
-
-**Required parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`name`](#parameter-name) | string | Name of the App Service Environment. |
-| [`subnetResourceId`](#parameter-subnetresourceid) | string | ResourceId for the subnet. |
-
-**Conditional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`customDnsSuffixCertificateUrl`](#parameter-customdnssuffixcertificateurl) | string | The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2. |
-| [`customDnsSuffixKeyVaultReferenceIdentity`](#parameter-customdnssuffixkeyvaultreferenceidentity) | string | The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2. |
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`allowNewPrivateEndpointConnections`](#parameter-allownewprivateendpointconnections) | bool | Property to enable and disable new private endpoint connection creation on ASE. Ignored when kind is set to ASEv2. |
-| [`clusterSettings`](#parameter-clustersettings) | array | Custom settings for changing the behavior of the App Service Environment. |
-| [`customDnsSuffix`](#parameter-customdnssuffix) | string | Enable the default custom domain suffix to use for all sites deployed on the ASE. If provided, then customDnsSuffixCertificateUrl and customDnsSuffixKeyVaultReferenceIdentity are required. Cannot be used when kind is set to ASEv2. |
-| [`dedicatedHostCount`](#parameter-dedicatedhostcount) | int | The Dedicated Host Count. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0. Cannot be used when kind is set to ASEv2. |
-| [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. |
-| [`dnsSuffix`](#parameter-dnssuffix) | string | DNS suffix of the App Service Environment. |
-| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
-| [`frontEndScaleFactor`](#parameter-frontendscalefactor) | int | Scale factor for frontends. |
-| [`ftpEnabled`](#parameter-ftpenabled) | bool | Property to enable and disable FTP on ASEV3. Ignored when kind is set to ASEv2. |
-| [`inboundIpAddressOverride`](#parameter-inboundipaddressoverride) | string | Customer provided Inbound IP Address. Only able to be set on Ase create. Ignored when kind is set to ASEv2. |
-| [`internalLoadBalancingMode`](#parameter-internalloadbalancingmode) | string | Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing. "None" Exposes the ASE-hosted apps on an internet-accessible IP address. |
-| [`ipsslAddressCount`](#parameter-ipssladdresscount) | int | Number of IP SSL addresses reserved for the App Service Environment. Cannot be used when kind is set to ASEv3. |
-| [`kind`](#parameter-kind) | string | Kind of resource. |
-| [`location`](#parameter-location) | string | Location for all resources. |
-| [`lock`](#parameter-lock) | object | The lock settings of the service. |
-| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. |
-| [`multiSize`](#parameter-multisize) | string | Frontend VM size. Cannot be used when kind is set to ASEv3. |
-| [`remoteDebugEnabled`](#parameter-remotedebugenabled) | bool | Property to enable and disable Remote Debug on ASEv3. Ignored when kind is set to ASEv2. |
-| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| [`tags`](#parameter-tags) | object | Resource tags. |
-| [`upgradePreference`](#parameter-upgradepreference) | string | Specify preference for when and how the planned maintenance is applied. |
-| [`userWhitelistedIpRanges`](#parameter-userwhitelistedipranges) | array | User added IP ranges to whitelist on ASE DB. Cannot be used with 'kind' `ASEv3`. |
-| [`zoneRedundant`](#parameter-zoneredundant) | bool | Switch to make the App Service Environment zone redundant. If enabled, the minimum App Service plan instance count will be three, otherwise 1. If enabled, the `dedicatedHostCount` must be set to `-1`. |
-
-### Parameter: `allowNewPrivateEndpointConnections`
-
-Property to enable and disable new private endpoint connection creation on ASE. Ignored when kind is set to ASEv2.
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `clusterSettings`
-
-Custom settings for changing the behavior of the App Service Environment.
-- Required: No
-- Type: array
-- Default:
- ```Bicep
- [
- {
- name: 'DisableTls1.0'
- value: '1'
- }
- ]
- ```
-
-### Parameter: `customDnsSuffix`
-
-Enable the default custom domain suffix to use for all sites deployed on the ASE. If provided, then customDnsSuffixCertificateUrl and customDnsSuffixKeyVaultReferenceIdentity are required. Cannot be used when kind is set to ASEv2.
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `customDnsSuffixCertificateUrl`
-
-The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2.
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `customDnsSuffixKeyVaultReferenceIdentity`
-
-The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2.
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `dedicatedHostCount`
-
-The Dedicated Host Count. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0. Cannot be used when kind is set to ASEv2.
-- Required: No
-- Type: int
-- Default: `0`
-
-### Parameter: `diagnosticSettings`
-
-The diagnostic settings of the service.
-- Required: No
-- Type: array
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
-| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. |
-| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. |
-| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. |
-| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
-| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
-
-### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId`
-
-Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
-
-- Required: No
-- Type: string
-
-### Parameter: `diagnosticSettings.eventHubName`
-
-Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
-
-- Required: No
-- Type: string
-
-### Parameter: `diagnosticSettings.logAnalyticsDestinationType`
-
-Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.
-
-- Required: No
-- Type: string
-- Allowed: `[AzureDiagnostics, Dedicated]`
-
-### Parameter: `diagnosticSettings.logCategoriesAndGroups`
-
-Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
-
-- Required: No
-- Type: array
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. |
-| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. |
-
-### Parameter: `diagnosticSettings.logCategoriesAndGroups.category`
-
-Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here.
-
-- Required: No
-- Type: string
-
-### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup`
-
-Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs.
-
-- Required: No
-- Type: string
-
-
-### Parameter: `diagnosticSettings.marketplacePartnerResourceId`
-
-Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.
-
-- Required: No
-- Type: string
-
-### Parameter: `diagnosticSettings.name`
-
-Optional. The name of diagnostic setting.
-
-- Required: No
-- Type: string
-
-### Parameter: `diagnosticSettings.storageAccountResourceId`
-
-Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
-
-- Required: No
-- Type: string
-
-### Parameter: `diagnosticSettings.workspaceResourceId`
-
-Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
-
-- Required: No
-- Type: string
-
-### Parameter: `dnsSuffix`
-
-DNS suffix of the App Service Environment.
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `enableDefaultTelemetry`
-
-Enable telemetry via a Globally Unique Identifier (GUID).
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `frontEndScaleFactor`
-
-Scale factor for frontends.
-- Required: No
-- Type: int
-- Default: `15`
-
-### Parameter: `ftpEnabled`
-
-Property to enable and disable FTP on ASEV3. Ignored when kind is set to ASEv2.
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `inboundIpAddressOverride`
-
-Customer provided Inbound IP Address. Only able to be set on Ase create. Ignored when kind is set to ASEv2.
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `internalLoadBalancingMode`
-
-Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing. "None" Exposes the ASE-hosted apps on an internet-accessible IP address.
-- Required: No
-- Type: string
-- Default: `'None'`
-- Allowed:
- ```Bicep
- [
- 'None'
- 'Publishing'
- 'Web'
- 'Web Publishing'
- ]
- ```
-
-### Parameter: `ipsslAddressCount`
-
-Number of IP SSL addresses reserved for the App Service Environment. Cannot be used when kind is set to ASEv3.
-- Required: No
-- Type: int
-- Default: `0`
-
-### Parameter: `kind`
-
-Kind of resource.
-- Required: No
-- Type: string
-- Default: `'ASEv3'`
-- Allowed:
- ```Bicep
- [
- 'ASEv2'
- 'ASEv3'
- ]
- ```
-
-### Parameter: `location`
-
-Location for all resources.
-- Required: No
-- Type: string
-- Default: `[resourceGroup().location]`
-
-### Parameter: `lock`
-
-The lock settings of the service.
-- Required: No
-- Type: object
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. |
-| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. |
-
-### Parameter: `lock.kind`
-
-Optional. Specify the type of lock.
-
-- Required: No
-- Type: string
-- Allowed: `[CanNotDelete, None, ReadOnly]`
-
-### Parameter: `lock.name`
-
-Optional. Specify the name of lock.
-
-- Required: No
-- Type: string
-
-### Parameter: `managedIdentities`
-
-The managed identity definition for this resource.
-- Required: No
-- Type: object
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. |
-| [`userAssignedResourcesIds`](#parameter-managedidentitiesuserassignedresourcesids) | No | array | Optional. The resource ID(s) to assign to the resource. |
-
-### Parameter: `managedIdentities.systemAssigned`
-
-Optional. Enables system assigned managed identity on the resource.
-
-- Required: No
-- Type: bool
-
-### Parameter: `managedIdentities.userAssignedResourcesIds`
-
-Optional. The resource ID(s) to assign to the resource.
-
-- Required: No
-- Type: array
-
-### Parameter: `multiSize`
-
-Frontend VM size. Cannot be used when kind is set to ASEv3.
-- Required: No
-- Type: string
-- Default: `''`
-- Allowed:
- ```Bicep
- [
- ''
- 'ExtraLarge'
- 'Large'
- 'Medium'
- 'Standard_D1_V2'
- 'Standard_D2'
- 'Standard_D2_V2'
- 'Standard_D3'
- 'Standard_D3_V2'
- 'Standard_D4'
- 'Standard_D4_V2'
- ]
- ```
-
-### Parameter: `name`
-
-Name of the App Service Environment.
-- Required: Yes
-- Type: string
-
-### Parameter: `remoteDebugEnabled`
-
-Property to enable and disable Remote Debug on ASEv3. Ignored when kind is set to ASEv2.
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `roleAssignments`
-
-Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
-- Required: No
-- Type: array
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
-| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. |
-| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. |
-| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. |
-| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. |
-| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. |
-| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. |
-
-### Parameter: `roleAssignments.condition`
-
-Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.conditionVersion`
-
-Optional. Version of the condition.
-
-- Required: No
-- Type: string
-- Allowed: `[2.0]`
-
-### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
-
-Optional. The Resource Id of the delegated managed identity resource.
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.description`
-
-Optional. The description of the role assignment.
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.principalId`
-
-Required. The principal ID of the principal (user/group/identity) to assign the role to.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `roleAssignments.principalType`
-
-Optional. The principal type of the assigned principal ID.
-
-- Required: No
-- Type: string
-- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]`
-
-### Parameter: `roleAssignments.roleDefinitionIdOrName`
-
-Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `subnetResourceId`
-
-ResourceId for the subnet.
-- Required: Yes
-- Type: string
-
-### Parameter: `tags`
-
-Resource tags.
-- Required: No
-- Type: object
-
-### Parameter: `upgradePreference`
-
-Specify preference for when and how the planned maintenance is applied.
-- Required: No
-- Type: string
-- Default: `'None'`
-- Allowed:
- ```Bicep
- [
- 'Early'
- 'Late'
- 'Manual'
- 'None'
- ]
- ```
-
-### Parameter: `userWhitelistedIpRanges`
-
-User added IP ranges to whitelist on ASE DB. Cannot be used with 'kind' `ASEv3`.
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `zoneRedundant`
-
-Switch to make the App Service Environment zone redundant. If enabled, the minimum App Service plan instance count will be three, otherwise 1. If enabled, the `dedicatedHostCount` must be set to `-1`.
-- Required: No
-- Type: bool
-- Default: `False`
-
-
-## Outputs
-
-| Output | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the App Service Environment. |
-| `resourceGroupName` | string | The resource group the App Service Environment was deployed into. |
-| `resourceId` | string | The resource ID of the App Service Environment. |
-
-## Cross-referenced modules
-
-_None_
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/README.md b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/README.md
deleted file mode 100644
index cc00a5b..0000000
--- a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/README.md
+++ /dev/null
@@ -1,82 +0,0 @@
-# Hosting Environment Custom DNS Suffix Configuration `[Microsoft.Web/hostingEnvironments/configurations]`
-
-This module deploys a Hosting Environment Custom DNS Suffix Configuration.
-
-## Navigation
-
-- [Resource Types](#Resource-Types)
-- [Parameters](#Parameters)
-- [Outputs](#Outputs)
-- [Cross-referenced modules](#Cross-referenced-modules)
-
-## Resource Types
-
-| Resource Type | API Version |
-| :-- | :-- |
-| `Microsoft.Web/hostingEnvironments/configurations` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/hostingEnvironments/configurations) |
-
-## Parameters
-
-**Required parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`certificateUrl`](#parameter-certificateurl) | string | The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. |
-| [`dnsSuffix`](#parameter-dnssuffix) | string | Enable the default custom domain suffix to use for all sites deployed on the ASE. |
-| [`keyVaultReferenceIdentity`](#parameter-keyvaultreferenceidentity) | string | The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. |
-
-**Conditional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`hostingEnvironmentName`](#parameter-hostingenvironmentname) | string | The name of the parent Hosting Environment. Required if the template is used in a standalone deployment. |
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
-
-### Parameter: `certificateUrl`
-
-The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix.
-- Required: Yes
-- Type: string
-
-### Parameter: `dnsSuffix`
-
-Enable the default custom domain suffix to use for all sites deployed on the ASE.
-- Required: Yes
-- Type: string
-
-### Parameter: `enableDefaultTelemetry`
-
-Enable telemetry via a Globally Unique Identifier (GUID).
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `hostingEnvironmentName`
-
-The name of the parent Hosting Environment. Required if the template is used in a standalone deployment.
-- Required: Yes
-- Type: string
-
-### Parameter: `keyVaultReferenceIdentity`
-
-The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available.
-- Required: Yes
-- Type: string
-
-
-## Outputs
-
-| Output | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the configuration. |
-| `resourceGroupName` | string | The resource group of the deployed configuration. |
-| `resourceId` | string | The resource ID of the deployed configuration. |
-
-## Cross-referenced modules
-
-_None_
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/main.bicep b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/main.bicep
deleted file mode 100644
index a7918a3..0000000
--- a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/main.bicep
+++ /dev/null
@@ -1,53 +0,0 @@
-metadata name = 'Hosting Environment Custom DNS Suffix Configuration'
-metadata description = 'This module deploys a Hosting Environment Custom DNS Suffix Configuration.'
-metadata owner = 'Azure/module-maintainers'
-
-@description('Conditional. The name of the parent Hosting Environment. Required if the template is used in a standalone deployment.')
-param hostingEnvironmentName string
-
-@description('Required. Enable the default custom domain suffix to use for all sites deployed on the ASE.')
-param dnsSuffix string
-
-@description('Required. The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix.')
-param certificateUrl string
-
-@description('Required. The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available.')
-param keyVaultReferenceIdentity string
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
- name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
- properties: {
- mode: 'Incremental'
- template: {
- '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
- contentVersion: '1.0.0.0'
- resources: []
- }
- }
-}
-
-resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' existing = {
- name: hostingEnvironmentName
-}
-
-resource configuration 'Microsoft.Web/hostingEnvironments/configurations@2022-03-01' = {
- name: 'customdnssuffix'
- parent: appServiceEnvironment
- properties: {
- certificateUrl: certificateUrl
- keyVaultReferenceIdentity: keyVaultReferenceIdentity
- dnsSuffix: dnsSuffix
- }
-}
-
-@description('The name of the configuration.')
-output name string = configuration.name
-
-@description('The resource ID of the deployed configuration.')
-output resourceId string = configuration.id
-
-@description('The resource group of the deployed configuration.')
-output resourceGroupName string = resourceGroup().name
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/main.json b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/main.json
deleted file mode 100644
index c4d5148..0000000
--- a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/main.json
+++ /dev/null
@@ -1,96 +0,0 @@
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.22.6.54827",
- "templateHash": "10660520916707434118"
- },
- "name": "Hosting Environment Custom DNS Suffix Configuration",
- "description": "This module deploys a Hosting Environment Custom DNS Suffix Configuration.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "hostingEnvironmentName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent Hosting Environment. Required if the template is used in a standalone deployment."
- }
- },
- "dnsSuffix": {
- "type": "string",
- "metadata": {
- "description": "Required. Enable the default custom domain suffix to use for all sites deployed on the ASE."
- }
- },
- "certificateUrl": {
- "type": "string",
- "metadata": {
- "description": "Required. The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix."
- }
- },
- "keyVaultReferenceIdentity": {
- "type": "string",
- "metadata": {
- "description": "Required. The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- }
- },
- "resources": [
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- {
- "type": "Microsoft.Web/hostingEnvironments/configurations",
- "apiVersion": "2022-03-01",
- "name": "[format('{0}/{1}', parameters('hostingEnvironmentName'), 'customdnssuffix')]",
- "properties": {
- "certificateUrl": "[parameters('certificateUrl')]",
- "keyVaultReferenceIdentity": "[parameters('keyVaultReferenceIdentity')]",
- "dnsSuffix": "[parameters('dnsSuffix')]"
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the configuration."
- },
- "value": "customdnssuffix"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the deployed configuration."
- },
- "value": "[resourceId('Microsoft.Web/hostingEnvironments/configurations', parameters('hostingEnvironmentName'), 'customdnssuffix')]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The resource group of the deployed configuration."
- },
- "value": "[resourceGroup().name]"
- }
- }
-}
\ No newline at end of file
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/version.json b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/version.json
deleted file mode 100644
index 96236a6..0000000
--- a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--customdnssuffix/version.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
- "version": "0.4",
- "pathFilters": [
- "./main.json"
- ]
-}
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/README.md b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/README.md
deleted file mode 100644
index 9fb9176..0000000
--- a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/README.md
+++ /dev/null
@@ -1,88 +0,0 @@
-# Hosting Environment Network Configuration `[Microsoft.Web/hostingEnvironments/configurations]`
-
-This module deploys a Hosting Environment Network Configuration.
-
-## Navigation
-
-- [Resource Types](#Resource-Types)
-- [Parameters](#Parameters)
-- [Outputs](#Outputs)
-- [Cross-referenced modules](#Cross-referenced-modules)
-
-## Resource Types
-
-| Resource Type | API Version |
-| :-- | :-- |
-| `Microsoft.Web/hostingEnvironments/configurations` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/hostingEnvironments/configurations) |
-
-## Parameters
-
-**Conditional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`hostingEnvironmentName`](#parameter-hostingenvironmentname) | string | The name of the parent Hosting Environment. Required if the template is used in a standalone deployment. |
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`allowNewPrivateEndpointConnections`](#parameter-allownewprivateendpointconnections) | bool | Property to enable and disable new private endpoint connection creation on ASE. |
-| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
-| [`ftpEnabled`](#parameter-ftpenabled) | bool | Property to enable and disable FTP on ASEV3. |
-| [`inboundIpAddressOverride`](#parameter-inboundipaddressoverride) | string | Customer provided Inbound IP Address. Only able to be set on Ase create. |
-| [`remoteDebugEnabled`](#parameter-remotedebugenabled) | bool | Property to enable and disable Remote Debug on ASEv3. |
-
-### Parameter: `allowNewPrivateEndpointConnections`
-
-Property to enable and disable new private endpoint connection creation on ASE.
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `enableDefaultTelemetry`
-
-Enable telemetry via a Globally Unique Identifier (GUID).
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `ftpEnabled`
-
-Property to enable and disable FTP on ASEV3.
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `hostingEnvironmentName`
-
-The name of the parent Hosting Environment. Required if the template is used in a standalone deployment.
-- Required: Yes
-- Type: string
-
-### Parameter: `inboundIpAddressOverride`
-
-Customer provided Inbound IP Address. Only able to be set on Ase create.
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `remoteDebugEnabled`
-
-Property to enable and disable Remote Debug on ASEv3.
-- Required: No
-- Type: bool
-- Default: `False`
-
-
-## Outputs
-
-| Output | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the configuration. |
-| `resourceGroupName` | string | The resource group of the deployed configuration. |
-| `resourceId` | string | The resource ID of the deployed configuration. |
-
-## Cross-referenced modules
-
-_None_
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/main.bicep b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/main.bicep
deleted file mode 100644
index f1fa448..0000000
--- a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/main.bicep
+++ /dev/null
@@ -1,57 +0,0 @@
-metadata name = 'Hosting Environment Network Configuration'
-metadata description = 'This module deploys a Hosting Environment Network Configuration.'
-metadata owner = 'Azure/module-maintainers'
-
-@description('Conditional. The name of the parent Hosting Environment. Required if the template is used in a standalone deployment.')
-param hostingEnvironmentName string
-
-@description('Optional. Property to enable and disable new private endpoint connection creation on ASE.')
-param allowNewPrivateEndpointConnections bool = false
-
-@description('Optional. Property to enable and disable FTP on ASEV3.')
-param ftpEnabled bool = false
-
-@description('Optional. Customer provided Inbound IP Address. Only able to be set on Ase create.')
-param inboundIpAddressOverride string = ''
-
-@description('Optional. Property to enable and disable Remote Debug on ASEv3.')
-param remoteDebugEnabled bool = false
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
- name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
- properties: {
- mode: 'Incremental'
- template: {
- '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
- contentVersion: '1.0.0.0'
- resources: []
- }
- }
-}
-
-resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' existing = {
- name: hostingEnvironmentName
-}
-
-resource configuration 'Microsoft.Web/hostingEnvironments/configurations@2022-03-01' = {
- name: 'networking'
- parent: appServiceEnvironment
- properties: {
- allowNewPrivateEndpointConnections: allowNewPrivateEndpointConnections
- ftpEnabled: ftpEnabled
- inboundIpAddressOverride: inboundIpAddressOverride
- remoteDebugEnabled: remoteDebugEnabled
- }
-}
-
-@description('The name of the configuration.')
-output name string = configuration.name
-
-@description('The resource ID of the deployed configuration.')
-output resourceId string = configuration.id
-
-@description('The resource group of the deployed configuration.')
-output resourceGroupName string = resourceGroup().name
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/main.json b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/main.json
deleted file mode 100644
index 0630c14..0000000
--- a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/main.json
+++ /dev/null
@@ -1,107 +0,0 @@
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.22.6.54827",
- "templateHash": "5725974299523715311"
- },
- "name": "Hosting Environment Network Configuration",
- "description": "This module deploys a Hosting Environment Network Configuration.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "hostingEnvironmentName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent Hosting Environment. Required if the template is used in a standalone deployment."
- }
- },
- "allowNewPrivateEndpointConnections": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Property to enable and disable new private endpoint connection creation on ASE."
- }
- },
- "ftpEnabled": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Property to enable and disable FTP on ASEV3."
- }
- },
- "inboundIpAddressOverride": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Customer provided Inbound IP Address. Only able to be set on Ase create."
- }
- },
- "remoteDebugEnabled": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Property to enable and disable Remote Debug on ASEv3."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- }
- },
- "resources": [
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- {
- "type": "Microsoft.Web/hostingEnvironments/configurations",
- "apiVersion": "2022-03-01",
- "name": "[format('{0}/{1}', parameters('hostingEnvironmentName'), 'networking')]",
- "properties": {
- "allowNewPrivateEndpointConnections": "[parameters('allowNewPrivateEndpointConnections')]",
- "ftpEnabled": "[parameters('ftpEnabled')]",
- "inboundIpAddressOverride": "[parameters('inboundIpAddressOverride')]",
- "remoteDebugEnabled": "[parameters('remoteDebugEnabled')]"
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the configuration."
- },
- "value": "networking"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the deployed configuration."
- },
- "value": "[resourceId('Microsoft.Web/hostingEnvironments/configurations', parameters('hostingEnvironmentName'), 'networking')]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The resource group of the deployed configuration."
- },
- "value": "[resourceGroup().name]"
- }
- }
-}
\ No newline at end of file
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/version.json b/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/version.json
deleted file mode 100644
index 96236a6..0000000
--- a/bicep-examples/dependencies/modules/webApp/hosting-environment/configuration--networking/version.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
- "version": "0.4",
- "pathFilters": [
- "./main.json"
- ]
-}
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/main.bicep b/bicep-examples/dependencies/modules/webApp/hosting-environment/main.bicep
deleted file mode 100644
index a6a4c56..0000000
--- a/bicep-examples/dependencies/modules/webApp/hosting-environment/main.bicep
+++ /dev/null
@@ -1,324 +0,0 @@
-metadata name = 'App Service Environments'
-metadata description = 'This module deploys an App Service Environment.'
-metadata owner = 'Azure/module-maintainers'
-
-@description('Required. Name of the App Service Environment.')
-@minLength(1)
-param name string
-
-@description('Optional. Location for all resources.')
-param location string = resourceGroup().location
-
-@description('Optional. The lock settings of the service.')
-param lock lockType
-
-@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.')
-param roleAssignments roleAssignmentType
-
-@description('Optional. Resource tags.')
-param tags object?
-
-@allowed([
- 'ASEv2'
- 'ASEv3'
-])
-@description('Optional. Kind of resource.')
-param kind string = 'ASEv3'
-
-@description('Optional. Custom settings for changing the behavior of the App Service Environment.')
-param clusterSettings array = [
- {
- name: 'DisableTls1.0'
- value: '1'
- }
-]
-
-@description('Optional. Enable the default custom domain suffix to use for all sites deployed on the ASE. If provided, then customDnsSuffixCertificateUrl and customDnsSuffixKeyVaultReferenceIdentity are required. Cannot be used when kind is set to ASEv2.')
-param customDnsSuffix string = ''
-
-@description('Conditional. The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2.')
-param customDnsSuffixCertificateUrl string = ''
-
-@description('Conditional. The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2.')
-param customDnsSuffixKeyVaultReferenceIdentity string = ''
-
-@description('Optional. The Dedicated Host Count. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0. Cannot be used when kind is set to ASEv2.')
-param dedicatedHostCount int = 0
-
-@description('Optional. DNS suffix of the App Service Environment.')
-param dnsSuffix string = ''
-
-@description('Optional. Scale factor for frontends.')
-param frontEndScaleFactor int = 15
-
-@description('Optional. Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing. "None" Exposes the ASE-hosted apps on an internet-accessible IP address.')
-@allowed([
- 'None'
- 'Web'
- 'Publishing'
- 'Web, Publishing'
-])
-param internalLoadBalancingMode string = 'None'
-
-@description('Optional. Number of IP SSL addresses reserved for the App Service Environment. Cannot be used when kind is set to ASEv3.')
-param ipsslAddressCount int = 0
-
-@description('Optional. Frontend VM size. Cannot be used when kind is set to ASEv3.')
-@allowed([
- ''
- 'Medium'
- 'Large'
- 'ExtraLarge'
- 'Standard_D2'
- 'Standard_D3'
- 'Standard_D4'
- 'Standard_D1_V2'
- 'Standard_D2_V2'
- 'Standard_D3_V2'
- 'Standard_D4_V2'
-])
-param multiSize string = ''
-
-@description('Optional. Property to enable and disable new private endpoint connection creation on ASE. Ignored when kind is set to ASEv2.')
-param allowNewPrivateEndpointConnections bool = false
-
-@description('Optional. Property to enable and disable FTP on ASEV3. Ignored when kind is set to ASEv2.')
-param ftpEnabled bool = false
-
-@description('Optional. Customer provided Inbound IP Address. Only able to be set on Ase create. Ignored when kind is set to ASEv2.')
-param inboundIpAddressOverride string = ''
-
-@description('Optional. Property to enable and disable Remote Debug on ASEv3. Ignored when kind is set to ASEv2.')
-param remoteDebugEnabled bool = false
-
-@description('Optional. Specify preference for when and how the planned maintenance is applied.')
-@allowed([
- 'Early'
- 'Late'
- 'Manual'
- 'None'
-])
-param upgradePreference string = 'None'
-
-@description('Required. ResourceId for the subnet.')
-param subnetResourceId string
-
-@description('Optional. User added IP ranges to whitelist on ASE DB. Cannot be used with \'kind\' `ASEv3`.')
-param userWhitelistedIpRanges array = []
-
-@description('Optional. Switch to make the App Service Environment zone redundant. If enabled, the minimum App Service plan instance count will be three, otherwise 1. If enabled, the `dedicatedHostCount` must be set to `-1`.')
-param zoneRedundant bool = false
-
-@description('Optional. The managed identity definition for this resource.')
-param managedIdentities managedIdentitiesType
-
-@description('Optional. The diagnostic settings of the service.')
-param diagnosticSettings diagnosticSettingType
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-var formattedUserAssignedIdentities = reduce(map((managedIdentities.?userAssignedResourcesIds ?? []), (id) => { '${id}': {} }), {}, (cur, next) => union(cur, next)) // Converts the flat array to an object like { '${id1}': {}, '${id2}': {} }
-
-var identity = !empty(managedIdentities) ? {
- type: (managedIdentities.?systemAssigned ?? false) ? (!empty(managedIdentities.?userAssignedResourcesIds ?? {}) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(managedIdentities.?userAssignedResourcesIds ?? {}) ? 'UserAssigned' : null)
- userAssignedIdentities: !empty(formattedUserAssignedIdentities) ? formattedUserAssignedIdentities : null
-} : any(null)
-
-var enableReferencedModulesTelemetry = false
-
-var builtInRoleNames = {
- Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
- Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
- Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
- 'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')
- 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')
-}
-
-resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
- name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
- properties: {
- mode: 'Incremental'
- template: {
- '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
- contentVersion: '1.0.0.0'
- resources: []
- }
- }
-}
-
-resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2022-03-01' = {
- name: name
- kind: kind
- location: location
- tags: tags
- identity: identity
- properties: {
- clusterSettings: clusterSettings
- dedicatedHostCount: dedicatedHostCount != 0 ? dedicatedHostCount : null
- dnsSuffix: !empty(dnsSuffix) ? dnsSuffix : null
- frontEndScaleFactor: frontEndScaleFactor
- internalLoadBalancingMode: internalLoadBalancingMode
- ipsslAddressCount: ipsslAddressCount != 0 ? ipsslAddressCount : null
- multiSize: !empty(multiSize) ? any(multiSize) : null
- upgradePreference: upgradePreference
- userWhitelistedIpRanges: !empty(userWhitelistedIpRanges) ? userWhitelistedIpRanges : null
- virtualNetwork: {
- id: subnetResourceId
- subnet: last(split(subnetResourceId, '/'))
- }
- zoneRedundant: zoneRedundant
- }
-}
-
-module appServiceEnvironment_configurations_networking 'configuration--networking/main.bicep' = if (kind == 'ASEv3') {
- name: '${uniqueString(deployment().name, location)}-AppServiceEnv-Configurations-Networking'
- params: {
- hostingEnvironmentName: appServiceEnvironment.name
- allowNewPrivateEndpointConnections: allowNewPrivateEndpointConnections
- ftpEnabled: ftpEnabled
- inboundIpAddressOverride: inboundIpAddressOverride
- remoteDebugEnabled: remoteDebugEnabled
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
-}
-
-module appServiceEnvironment_configurations_customDnsSuffix 'configuration--customdnssuffix/main.bicep' = if (kind == 'ASEv3' && !empty(customDnsSuffix)) {
- name: '${uniqueString(deployment().name, location)}-AppServiceEnv-Configurations-CustomDnsSuffix'
- params: {
- hostingEnvironmentName: appServiceEnvironment.name
- certificateUrl: customDnsSuffixCertificateUrl
- keyVaultReferenceIdentity: customDnsSuffixKeyVaultReferenceIdentity
- dnsSuffix: customDnsSuffix
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
-}
-
-resource appServiceEnvironment_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') {
- name: lock.?name ?? 'lock-${name}'
- properties: {
- level: lock.?kind ?? ''
- notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.'
- }
- scope: appServiceEnvironment
-}
-
-resource appServiceEnvironment_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = [for (diagnosticSetting, index) in (diagnosticSettings ?? []): {
- name: diagnosticSetting.?name ?? '${name}-diagnosticSettings'
- properties: {
- storageAccountId: diagnosticSetting.?storageAccountResourceId
- workspaceId: diagnosticSetting.?workspaceResourceId
- eventHubAuthorizationRuleId: diagnosticSetting.?eventHubAuthorizationRuleResourceId
- eventHubName: diagnosticSetting.?eventHubName
- logs: diagnosticSetting.?logCategoriesAndGroups ?? [
- {
- categoryGroup: 'AllLogs'
- enabled: true
- }
- ]
- marketplacePartnerId: diagnosticSetting.?marketplacePartnerResourceId
- logAnalyticsDestinationType: diagnosticSetting.?logAnalyticsDestinationType
- }
- scope: appServiceEnvironment
-}]
-
-resource appServiceEnvironment_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (roleAssignment, index) in (roleAssignments ?? []): {
- name: guid(appServiceEnvironment.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName)
- properties: {
- roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] : roleAssignment.roleDefinitionIdOrName
- principalId: roleAssignment.principalId
- description: roleAssignment.?description
- principalType: roleAssignment.?principalType
- condition: roleAssignment.?condition
- conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set
- delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId
- }
- scope: appServiceEnvironment
-}]
-
-@description('The resource ID of the App Service Environment.')
-output resourceId string = appServiceEnvironment.id
-
-@description('The resource group the App Service Environment was deployed into.')
-output resourceGroupName string = resourceGroup().name
-
-@description('The name of the App Service Environment.')
-output name string = appServiceEnvironment.name
-
-@description('The location the resource was deployed into.')
-output location string = appServiceEnvironment.location
-
-// =============== //
-// Definitions //
-// =============== //
-
-type managedIdentitiesType = {
- @description('Optional. Enables system assigned managed identity on the resource.')
- systemAssigned: bool?
-
- @description('Optional. The resource ID(s) to assign to the resource.')
- userAssignedResourcesIds: string[]?
-}?
-
-type lockType = {
- @description('Optional. Specify the name of lock.')
- name: string?
-
- @description('Optional. Specify the type of lock.')
- kind: ('CanNotDelete' | 'ReadOnly' | 'None')?
-}?
-
-type roleAssignmentType = {
- @description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.')
- roleDefinitionIdOrName: string
-
- @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.')
- principalId: string
-
- @description('Optional. The principal type of the assigned principal ID.')
- principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device' | null)?
-
- @description('Optional. The description of the role assignment.')
- description: string?
-
- @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"')
- condition: string?
-
- @description('Optional. Version of the condition.')
- conditionVersion: '2.0'?
-
- @description('Optional. The Resource Id of the delegated managed identity resource.')
- delegatedManagedIdentityResourceId: string?
-}[]?
-
-type diagnosticSettingType = {
- @description('Optional. The name of diagnostic setting.')
- name: string?
-
- @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to \'\' to disable log collection.')
- logCategoriesAndGroups: {
- @description('Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here.')
- category: string?
-
- @description('Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to \'AllLogs\' to collect all logs.')
- categoryGroup: string?
- }[]?
-
- @description('Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.')
- logAnalyticsDestinationType: ('Dedicated' | 'AzureDiagnostics' | null)?
-
- @description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
- workspaceResourceId: string?
-
- @description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
- storageAccountResourceId: string?
-
- @description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.')
- eventHubAuthorizationRuleResourceId: string?
-
- @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
- eventHubName: string?
-
- @description('Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.')
- marketplacePartnerResourceId: string?
-}[]?
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/main.json b/bicep-examples/dependencies/modules/webApp/hosting-environment/main.json
deleted file mode 100644
index b1d6749..0000000
--- a/bicep-examples/dependencies/modules/webApp/hosting-environment/main.json
+++ /dev/null
@@ -1,850 +0,0 @@
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.0",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.22.6.54827",
- "templateHash": "12800539837694740755"
- },
- "name": "App Service Environments",
- "description": "This module deploys an App Service Environment.",
- "owner": "Azure/module-maintainers"
- },
- "definitions": {
- "managedIdentitiesType": {
- "type": "object",
- "properties": {
- "systemAssigned": {
- "type": "bool",
- "nullable": true,
- "metadata": {
- "description": "Optional. Enables system assigned managed identity on the resource."
- }
- },
- "userAssignedResourcesIds": {
- "type": "array",
- "items": {
- "type": "string"
- },
- "nullable": true,
- "metadata": {
- "description": "Optional. The resource ID(s) to assign to the resource."
- }
- }
- },
- "nullable": true
- },
- "lockType": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Specify the name of lock."
- }
- },
- "kind": {
- "type": "string",
- "allowedValues": [
- "CanNotDelete",
- "None",
- "ReadOnly"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. Specify the type of lock."
- }
- }
- },
- "nullable": true
- },
- "roleAssignmentType": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "roleDefinitionIdOrName": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead."
- }
- },
- "principalId": {
- "type": "string",
- "metadata": {
- "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to."
- }
- },
- "principalType": {
- "type": "string",
- "allowedValues": [
- "Device",
- "ForeignGroup",
- "Group",
- "ServicePrincipal",
- "User"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. The principal type of the assigned principal ID."
- }
- },
- "description": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The description of the role assignment."
- }
- },
- "condition": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
- }
- },
- "conditionVersion": {
- "type": "string",
- "allowedValues": [
- "2.0"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. Version of the condition."
- }
- },
- "delegatedManagedIdentityResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The Resource Id of the delegated managed identity resource."
- }
- }
- }
- },
- "nullable": true
- },
- "diagnosticSettingType": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The name of diagnostic setting."
- }
- },
- "logCategoriesAndGroups": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "category": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here."
- }
- },
- "categoryGroup": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs."
- }
- }
- }
- },
- "nullable": true,
- "metadata": {
- "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection."
- }
- },
- "logAnalyticsDestinationType": {
- "type": "string",
- "allowedValues": [
- "AzureDiagnostics",
- "Dedicated"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type."
- }
- },
- "workspaceResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "storageAccountResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "eventHubAuthorizationRuleResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to."
- }
- },
- "eventHubName": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "marketplacePartnerResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs."
- }
- }
- }
- },
- "nullable": true
- }
- },
- "parameters": {
- "name": {
- "type": "string",
- "minLength": 1,
- "metadata": {
- "description": "Required. Name of the App Service Environment."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. Location for all resources."
- }
- },
- "lock": {
- "$ref": "#/definitions/lockType",
- "metadata": {
- "description": "Optional. The lock settings of the service."
- }
- },
- "roleAssignments": {
- "$ref": "#/definitions/roleAssignmentType",
- "metadata": {
- "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
- }
- },
- "tags": {
- "type": "object",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource tags."
- }
- },
- "kind": {
- "type": "string",
- "defaultValue": "ASEv3",
- "allowedValues": [
- "ASEv2",
- "ASEv3"
- ],
- "metadata": {
- "description": "Optional. Kind of resource."
- }
- },
- "clusterSettings": {
- "type": "array",
- "defaultValue": [
- {
- "name": "DisableTls1.0",
- "value": "1"
- }
- ],
- "metadata": {
- "description": "Optional. Custom settings for changing the behavior of the App Service Environment."
- }
- },
- "customDnsSuffix": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Enable the default custom domain suffix to use for all sites deployed on the ASE. If provided, then customDnsSuffixCertificateUrl and customDnsSuffixKeyVaultReferenceIdentity are required. Cannot be used when kind is set to ASEv2."
- }
- },
- "customDnsSuffixCertificateUrl": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Conditional. The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2."
- }
- },
- "customDnsSuffixKeyVaultReferenceIdentity": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Conditional. The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2."
- }
- },
- "dedicatedHostCount": {
- "type": "int",
- "defaultValue": 0,
- "metadata": {
- "description": "Optional. The Dedicated Host Count. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0. Cannot be used when kind is set to ASEv2."
- }
- },
- "dnsSuffix": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. DNS suffix of the App Service Environment."
- }
- },
- "frontEndScaleFactor": {
- "type": "int",
- "defaultValue": 15,
- "metadata": {
- "description": "Optional. Scale factor for frontends."
- }
- },
- "internalLoadBalancingMode": {
- "type": "string",
- "defaultValue": "None",
- "allowedValues": [
- "None",
- "Web",
- "Publishing",
- "Web, Publishing"
- ],
- "metadata": {
- "description": "Optional. Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing. \"None\" Exposes the ASE-hosted apps on an internet-accessible IP address."
- }
- },
- "ipsslAddressCount": {
- "type": "int",
- "defaultValue": 0,
- "metadata": {
- "description": "Optional. Number of IP SSL addresses reserved for the App Service Environment. Cannot be used when kind is set to ASEv3."
- }
- },
- "multiSize": {
- "type": "string",
- "defaultValue": "",
- "allowedValues": [
- "",
- "Medium",
- "Large",
- "ExtraLarge",
- "Standard_D2",
- "Standard_D3",
- "Standard_D4",
- "Standard_D1_V2",
- "Standard_D2_V2",
- "Standard_D3_V2",
- "Standard_D4_V2"
- ],
- "metadata": {
- "description": "Optional. Frontend VM size. Cannot be used when kind is set to ASEv3."
- }
- },
- "allowNewPrivateEndpointConnections": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Property to enable and disable new private endpoint connection creation on ASE. Ignored when kind is set to ASEv2."
- }
- },
- "ftpEnabled": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Property to enable and disable FTP on ASEV3. Ignored when kind is set to ASEv2."
- }
- },
- "inboundIpAddressOverride": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Customer provided Inbound IP Address. Only able to be set on Ase create. Ignored when kind is set to ASEv2."
- }
- },
- "remoteDebugEnabled": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Property to enable and disable Remote Debug on ASEv3. Ignored when kind is set to ASEv2."
- }
- },
- "upgradePreference": {
- "type": "string",
- "defaultValue": "None",
- "allowedValues": [
- "Early",
- "Late",
- "Manual",
- "None"
- ],
- "metadata": {
- "description": "Optional. Specify preference for when and how the planned maintenance is applied."
- }
- },
- "subnetResourceId": {
- "type": "string",
- "metadata": {
- "description": "Required. ResourceId for the subnet."
- }
- },
- "userWhitelistedIpRanges": {
- "type": "array",
- "defaultValue": [],
- "metadata": {
- "description": "Optional. User added IP ranges to whitelist on ASE DB. Cannot be used with 'kind' `ASEv3`."
- }
- },
- "zoneRedundant": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Switch to make the App Service Environment zone redundant. If enabled, the minimum App Service plan instance count will be three, otherwise 1. If enabled, the `dedicatedHostCount` must be set to `-1`."
- }
- },
- "managedIdentities": {
- "$ref": "#/definitions/managedIdentitiesType",
- "metadata": {
- "description": "Optional. The managed identity definition for this resource."
- }
- },
- "diagnosticSettings": {
- "$ref": "#/definitions/diagnosticSettingType",
- "metadata": {
- "description": "Optional. The diagnostic settings of the service."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- }
- },
- "variables": {
- "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]",
- "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]",
- "enableReferencedModulesTelemetry": false,
- "builtInRoleNames": {
- "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
- "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
- "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
- "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]",
- "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]"
- }
- },
- "resources": {
- "defaultTelemetry": {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- "appServiceEnvironment": {
- "type": "Microsoft.Web/hostingEnvironments",
- "apiVersion": "2022-03-01",
- "name": "[parameters('name')]",
- "kind": "[parameters('kind')]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "identity": "[variables('identity')]",
- "properties": {
- "clusterSettings": "[parameters('clusterSettings')]",
- "dedicatedHostCount": "[if(not(equals(parameters('dedicatedHostCount'), 0)), parameters('dedicatedHostCount'), null())]",
- "dnsSuffix": "[if(not(empty(parameters('dnsSuffix'))), parameters('dnsSuffix'), null())]",
- "frontEndScaleFactor": "[parameters('frontEndScaleFactor')]",
- "internalLoadBalancingMode": "[parameters('internalLoadBalancingMode')]",
- "ipsslAddressCount": "[if(not(equals(parameters('ipsslAddressCount'), 0)), parameters('ipsslAddressCount'), null())]",
- "multiSize": "[if(not(empty(parameters('multiSize'))), parameters('multiSize'), null())]",
- "upgradePreference": "[parameters('upgradePreference')]",
- "userWhitelistedIpRanges": "[if(not(empty(parameters('userWhitelistedIpRanges'))), parameters('userWhitelistedIpRanges'), null())]",
- "virtualNetwork": {
- "id": "[parameters('subnetResourceId')]",
- "subnet": "[last(split(parameters('subnetResourceId'), '/'))]"
- },
- "zoneRedundant": "[parameters('zoneRedundant')]"
- }
- },
- "appServiceEnvironment_lock": {
- "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
- "type": "Microsoft.Authorization/locks",
- "apiVersion": "2020-05-01",
- "scope": "[format('Microsoft.Web/hostingEnvironments/{0}', parameters('name'))]",
- "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]",
- "properties": {
- "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]",
- "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]"
- },
- "dependsOn": [
- "appServiceEnvironment"
- ]
- },
- "appServiceEnvironment_diagnosticSettings": {
- "copy": {
- "name": "appServiceEnvironment_diagnosticSettings",
- "count": "[length(coalesce(parameters('diagnosticSettings'), createArray()))]"
- },
- "type": "Microsoft.Insights/diagnosticSettings",
- "apiVersion": "2021-05-01-preview",
- "scope": "[format('Microsoft.Web/hostingEnvironments/{0}', parameters('name'))]",
- "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]",
- "properties": {
- "storageAccountId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'storageAccountResourceId')]",
- "workspaceId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'workspaceResourceId')]",
- "eventHubAuthorizationRuleId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubAuthorizationRuleResourceId')]",
- "eventHubName": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubName')]",
- "logs": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), createArray(createObject('categoryGroup', 'AllLogs', 'enabled', true())))]",
- "marketplacePartnerId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'marketplacePartnerResourceId')]",
- "logAnalyticsDestinationType": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logAnalyticsDestinationType')]"
- },
- "dependsOn": [
- "appServiceEnvironment"
- ]
- },
- "appServiceEnvironment_roleAssignments": {
- "copy": {
- "name": "appServiceEnvironment_roleAssignments",
- "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]"
- },
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2022-04-01",
- "scope": "[format('Microsoft.Web/hostingEnvironments/{0}', parameters('name'))]",
- "name": "[guid(resourceId('Microsoft.Web/hostingEnvironments', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
- "properties": {
- "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
- "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]",
- "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]",
- "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]",
- "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]",
- "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]",
- "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]"
- },
- "dependsOn": [
- "appServiceEnvironment"
- ]
- },
- "appServiceEnvironment_configurations_networking": {
- "condition": "[equals(parameters('kind'), 'ASEv3')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-AppServiceEnv-Configurations-Networking', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "hostingEnvironmentName": {
- "value": "[parameters('name')]"
- },
- "allowNewPrivateEndpointConnections": {
- "value": "[parameters('allowNewPrivateEndpointConnections')]"
- },
- "ftpEnabled": {
- "value": "[parameters('ftpEnabled')]"
- },
- "inboundIpAddressOverride": {
- "value": "[parameters('inboundIpAddressOverride')]"
- },
- "remoteDebugEnabled": {
- "value": "[parameters('remoteDebugEnabled')]"
- },
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.22.6.54827",
- "templateHash": "5725974299523715311"
- },
- "name": "Hosting Environment Network Configuration",
- "description": "This module deploys a Hosting Environment Network Configuration.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "hostingEnvironmentName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent Hosting Environment. Required if the template is used in a standalone deployment."
- }
- },
- "allowNewPrivateEndpointConnections": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Property to enable and disable new private endpoint connection creation on ASE."
- }
- },
- "ftpEnabled": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Property to enable and disable FTP on ASEV3."
- }
- },
- "inboundIpAddressOverride": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Customer provided Inbound IP Address. Only able to be set on Ase create."
- }
- },
- "remoteDebugEnabled": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. Property to enable and disable Remote Debug on ASEv3."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- }
- },
- "resources": [
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- {
- "type": "Microsoft.Web/hostingEnvironments/configurations",
- "apiVersion": "2022-03-01",
- "name": "[format('{0}/{1}', parameters('hostingEnvironmentName'), 'networking')]",
- "properties": {
- "allowNewPrivateEndpointConnections": "[parameters('allowNewPrivateEndpointConnections')]",
- "ftpEnabled": "[parameters('ftpEnabled')]",
- "inboundIpAddressOverride": "[parameters('inboundIpAddressOverride')]",
- "remoteDebugEnabled": "[parameters('remoteDebugEnabled')]"
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the configuration."
- },
- "value": "networking"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the deployed configuration."
- },
- "value": "[resourceId('Microsoft.Web/hostingEnvironments/configurations', parameters('hostingEnvironmentName'), 'networking')]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The resource group of the deployed configuration."
- },
- "value": "[resourceGroup().name]"
- }
- }
- }
- },
- "dependsOn": [
- "appServiceEnvironment"
- ]
- },
- "appServiceEnvironment_configurations_customDnsSuffix": {
- "condition": "[and(equals(parameters('kind'), 'ASEv3'), not(empty(parameters('customDnsSuffix'))))]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-AppServiceEnv-Configurations-CustomDnsSuffix', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "hostingEnvironmentName": {
- "value": "[parameters('name')]"
- },
- "certificateUrl": {
- "value": "[parameters('customDnsSuffixCertificateUrl')]"
- },
- "keyVaultReferenceIdentity": {
- "value": "[parameters('customDnsSuffixKeyVaultReferenceIdentity')]"
- },
- "dnsSuffix": {
- "value": "[parameters('customDnsSuffix')]"
- },
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.22.6.54827",
- "templateHash": "10660520916707434118"
- },
- "name": "Hosting Environment Custom DNS Suffix Configuration",
- "description": "This module deploys a Hosting Environment Custom DNS Suffix Configuration.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "hostingEnvironmentName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent Hosting Environment. Required if the template is used in a standalone deployment."
- }
- },
- "dnsSuffix": {
- "type": "string",
- "metadata": {
- "description": "Required. Enable the default custom domain suffix to use for all sites deployed on the ASE."
- }
- },
- "certificateUrl": {
- "type": "string",
- "metadata": {
- "description": "Required. The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix."
- }
- },
- "keyVaultReferenceIdentity": {
- "type": "string",
- "metadata": {
- "description": "Required. The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- }
- },
- "resources": [
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- {
- "type": "Microsoft.Web/hostingEnvironments/configurations",
- "apiVersion": "2022-03-01",
- "name": "[format('{0}/{1}', parameters('hostingEnvironmentName'), 'customdnssuffix')]",
- "properties": {
- "certificateUrl": "[parameters('certificateUrl')]",
- "keyVaultReferenceIdentity": "[parameters('keyVaultReferenceIdentity')]",
- "dnsSuffix": "[parameters('dnsSuffix')]"
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the configuration."
- },
- "value": "customdnssuffix"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the deployed configuration."
- },
- "value": "[resourceId('Microsoft.Web/hostingEnvironments/configurations', parameters('hostingEnvironmentName'), 'customdnssuffix')]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The resource group of the deployed configuration."
- },
- "value": "[resourceGroup().name]"
- }
- }
- }
- },
- "dependsOn": [
- "appServiceEnvironment"
- ]
- }
- },
- "outputs": {
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the App Service Environment."
- },
- "value": "[resourceId('Microsoft.Web/hostingEnvironments', parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The resource group the App Service Environment was deployed into."
- },
- "value": "[resourceGroup().name]"
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the App Service Environment."
- },
- "value": "[parameters('name')]"
- },
- "location": {
- "type": "string",
- "metadata": {
- "description": "The location the resource was deployed into."
- },
- "value": "[reference('appServiceEnvironment', '2022-03-01', 'full').location]"
- }
- }
-}
\ No newline at end of file
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev2/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev2/dependencies.bicep
deleted file mode 100644
index d549b5f..0000000
--- a/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev2/dependencies.bicep
+++ /dev/null
@@ -1,80 +0,0 @@
-@description('Optional. The location to deploy to.')
-param location string = resourceGroup().location
-
-@description('Required. The name of the Network Security Group to create.')
-param networkSecurityGroupName string
-
-@description('Required. The name of the Virtual Network to create.')
-param virtualNetworkName string
-
-@description('Required. The name of the Managed Identity to create.')
-param managedIdentityName string
-
-var addressPrefix = '10.0.0.0/16'
-
-resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2023-04-01' = {
- name: networkSecurityGroupName
- location: location
- properties: {
- securityRules: [
- {
- name: 'AllowPortsForASE2'
- properties: {
- access: 'Allow'
- destinationAddressPrefix: addressPrefix
- destinationPortRange: '454-455'
- direction: 'Inbound'
- priority: 1020
- protocol: '*'
- sourceAddressPrefix: 'AppServiceManagement'
- sourcePortRange: '*'
- }
- }
- ]
- }
-}
-
-resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = {
- name: virtualNetworkName
- location: location
- properties: {
- addressSpace: {
- addressPrefixes: [
- addressPrefix
- ]
- }
- subnets: [
- {
- name: 'defaultSubnet'
- properties: {
- addressPrefix: cidrSubnet(addressPrefix, 16, 0)
- networkSecurityGroup: {
- id: networkSecurityGroup.id
- }
- delegations: [
- {
- name: 'ase'
- properties: {
- serviceName: 'Microsoft.Web/hostingEnvironments'
- }
- }
- ]
- }
- }
- ]
- }
-}
-
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
- name: managedIdentityName
- location: location
-}
-
-@description('The resource ID of the created Virtual Network Subnet.')
-output subnetResourceId string = virtualNetwork.properties.subnets[0].id
-
-@description('The principal ID of the created Managed Identity.')
-output managedIdentityPrincipalId string = managedIdentity.properties.principalId
-
-@description('The resource ID of the created Managed Identity.')
-output managedIdentityResourceId string = managedIdentity.id
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev2/main.test.bicep b/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev2/main.test.bicep
deleted file mode 100644
index d86885a..0000000
--- a/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev2/main.test.bicep
+++ /dev/null
@@ -1,111 +0,0 @@
-targetScope = 'subscription'
-
-// ========== //
-// Parameters //
-// ========== //
-
-@description('Optional. The name of the resource group to deploy for testing purposes.')
-@maxLength(90)
-param resourceGroupName string = 'dep-${namePrefix}-web.hostingenvironments-${serviceShort}-rg'
-
-@description('Optional. The location to deploy resources to.')
-param location string = deployment().location
-
-@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'whasev2'
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Optional. A token to inject into the name of each resource.')
-param namePrefix string = '[[namePrefix]]'
-
-// ============ //
-// Dependencies //
-// ============ //
-
-// General resources
-// =================
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
- name: resourceGroupName
- location: location
-}
-
-module nestedDependencies 'dependencies.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-nestedDependencies'
- params: {
- networkSecurityGroupName: 'dep-${namePrefix}-nsg-${serviceShort}'
- virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}'
- managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
- }
-}
-
-// Diagnostics
-// ===========
-module diagnosticDependencies '../../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
- params: {
- storageAccountName: 'dep${namePrefix}diasa${serviceShort}01'
- logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}'
- eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}'
- eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}'
- location: location
- }
-}
-
-// ============== //
-// Test Execution //
-// ============== //
-
-module testDeployment '../../../main.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
- params: {
- enableDefaultTelemetry: enableDefaultTelemetry
- name: '${namePrefix}${serviceShort}001'
- location: resourceGroup.location
- lock: {
- kind: 'CanNotDelete'
- name: 'myCustomLockName'
- }
- roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- principalId: nestedDependencies.outputs.managedIdentityPrincipalId
- principalType: 'ServicePrincipal'
- }
- ]
- tags: {
- 'hidden-title': 'This is visible in the resource name'
- resourceType: 'App Service Environment'
- hostingEnvironmentName: '${namePrefix}${serviceShort}001'
- }
- subnetResourceId: nestedDependencies.outputs.subnetResourceId
- clusterSettings: [
- {
- name: 'DisableTls1.0'
- value: '1'
- }
- ]
- diagnosticSettings: [
- {
- name: 'customSetting'
- eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
- eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
- storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId
- workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
- }
- ]
- managedIdentities: {
- systemAssigned: true
- userAssignedResourcesIds: [
- nestedDependencies.outputs.managedIdentityResourceId
- ]
- }
- ipsslAddressCount: 2
- kind: 'ASEv2'
- multiSize: 'Standard_D1_V2'
- }
-}
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev3/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev3/dependencies.bicep
deleted file mode 100644
index eedd2e4..0000000
--- a/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev3/dependencies.bicep
+++ /dev/null
@@ -1,135 +0,0 @@
-@description('Optional. The location to deploy to.')
-param location string = resourceGroup().location
-
-@description('Required. The name of the Network Security Group to create.')
-param networkSecurityGroupName string
-
-@description('Required. The name of the Virtual Network to create.')
-param virtualNetworkName string
-
-@description('Required. The name of the Managed Identity to create.')
-param managedIdentityName string
-
-@description('Required. The name of the Key Vault to create.')
-param keyVaultName string
-
-@description('Required. The name of the Deployment Script to create for the Certificate generation.')
-param certDeploymentScriptName string
-
-var addressPrefix = '10.0.0.0/16'
-
-resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2023-04-01' = {
- name: networkSecurityGroupName
- location: location
- properties: {
- securityRules: [
- {
- name: 'AllowPortsForASE'
- properties: {
- access: 'Allow'
- destinationAddressPrefix: '10.0.7.0/24'
- destinationPortRange: '454-455'
- direction: 'Inbound'
- priority: 1010
- protocol: '*'
- sourceAddressPrefix: 'AppServiceManagement'
- sourcePortRange: '*'
- }
- }
- ]
- }
-}
-
-resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = {
- name: virtualNetworkName
- location: location
- properties: {
- addressSpace: {
- addressPrefixes: [
- addressPrefix
- ]
- }
- subnets: [
- {
- name: 'defaultSubnet'
- properties: {
- addressPrefix: cidrSubnet(addressPrefix, 16, 0)
- networkSecurityGroup: {
- id: networkSecurityGroup.id
- }
- delegations: [
- {
- name: 'ase'
- properties: {
- serviceName: 'Microsoft.Web/hostingEnvironments'
- }
- }
- ]
- }
- }
- ]
- }
-}
-
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
- name: managedIdentityName
- location: location
-}
-
-resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' = {
- name: keyVaultName
- location: location
- properties: {
- sku: {
- family: 'A'
- name: 'standard'
- }
- tenantId: tenant().tenantId
- enablePurgeProtection: null
- enabledForTemplateDeployment: true
- enabledForDiskEncryption: true
- enabledForDeployment: true
- enableRbacAuthorization: true
- accessPolicies: []
- }
-}
-
-resource keyPermissions 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
- name: guid('msi-${managedIdentity.name}-KeyVault-Admin-RoleAssignment')
- scope: keyVault
- properties: {
- principalId: managedIdentity.properties.principalId
- roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00482a5a-887f-4fb3-b363-3b7fe8e74483') // Key Vault Administrator
- principalType: 'ServicePrincipal'
- }
-}
-
-resource certDeploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
- name: certDeploymentScriptName
- location: location
- kind: 'AzurePowerShell'
- identity: {
- type: 'UserAssigned'
- userAssignedIdentities: {
- '${managedIdentity.id}': {}
- }
- }
- properties: {
- azPowerShellVersion: '8.0'
- retentionInterval: 'P1D'
- arguments: '-KeyVaultName "${keyVault.name}" -CertName "asev3certificate" -CertSubjectName "CN=*.internal.contoso.com"'
- scriptContent: loadTextContent('../../../../../.shared/.scripts/Set-CertificateInKeyVault.ps1')
- }
-}
-
-@description('The resource ID of the created Virtual Network Subnet.')
-output subnetResourceId string = virtualNetwork.properties.subnets[0].id
-
-@description('The principal ID of the created Managed Identity.')
-output managedIdentityPrincipalId string = managedIdentity.properties.principalId
-
-@description('The resource ID of the created Managed Identity.')
-output managedIdentityResourceId string = managedIdentity.id
-
-@description('The URL of the created certificate.')
-output certificateSecretUrl string = certDeploymentScript.properties.outputs.secretUrl
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev3/main.test.bicep b/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev3/main.test.bicep
deleted file mode 100644
index 52203b7..0000000
--- a/bicep-examples/dependencies/modules/webApp/hosting-environment/tests/e2e/asev3/main.test.bicep
+++ /dev/null
@@ -1,119 +0,0 @@
-targetScope = 'subscription'
-
-// ========== //
-// Parameters //
-// ========== //
-
-@description('Optional. The name of the resource group to deploy for testing purposes.')
-@maxLength(90)
-param resourceGroupName string = 'dep-${namePrefix}-web.hostingenvironments-${serviceShort}-rg'
-
-@description('Optional. The location to deploy resources to.')
-param location string = deployment().location
-
-@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'whasev3'
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Optional. A token to inject into the name of each resource.')
-param namePrefix string = '[[namePrefix]]'
-
-// ============ //
-// Dependencies //
-// ============ //
-
-// General resources
-// =================
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
- name: resourceGroupName
- location: location
-}
-
-module nestedDependencies 'dependencies.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-nestedDependencies'
- params: {
- networkSecurityGroupName: 'dep-${namePrefix}-nsg-${serviceShort}'
- virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}'
- managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
- keyVaultName: 'dep-${namePrefix}-kv-${serviceShort}'
- certDeploymentScriptName: 'dep-${namePrefix}-ds-${serviceShort}'
- }
-}
-
-// Diagnostics
-// ===========
-module diagnosticDependencies '../../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
- params: {
- storageAccountName: 'dep${namePrefix}diasa${serviceShort}01'
- logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}'
- eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}'
- eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}'
- location: location
- }
-}
-
-// ============== //
-// Test Execution //
-// ============== //
-
-module testDeployment '../../../main.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
- params: {
- enableDefaultTelemetry: enableDefaultTelemetry
- name: '${namePrefix}${serviceShort}001'
- location: resourceGroup.location
- lock: {
- kind: 'CanNotDelete'
- name: 'myCustomLockName'
- }
- roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- principalId: nestedDependencies.outputs.managedIdentityPrincipalId
- principalType: 'ServicePrincipal'
- }
- ]
- tags: {
- 'hidden-title': 'This is visible in the resource name'
- resourceType: 'App Service Environment'
- hostingEnvironmentName: '${namePrefix}${serviceShort}001'
- }
- subnetResourceId: nestedDependencies.outputs.subnetResourceId
- internalLoadBalancingMode: 'Web, Publishing'
- clusterSettings: [
- {
- name: 'DisableTls1.0'
- value: '1'
- }
- ]
- allowNewPrivateEndpointConnections: true
- ftpEnabled: true
- inboundIpAddressOverride: '10.0.0.10'
- remoteDebugEnabled: true
- upgradePreference: 'Late'
- diagnosticSettings: [
- {
- name: 'customSetting'
- eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
- eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
- storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId
- workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
- }
- ]
- managedIdentities: {
- systemAssigned: true
- userAssignedResourcesIds: [
- nestedDependencies.outputs.managedIdentityResourceId
- ]
- }
- customDnsSuffix: 'internal.contoso.com'
- customDnsSuffixCertificateUrl: nestedDependencies.outputs.certificateSecretUrl
- customDnsSuffixKeyVaultReferenceIdentity: nestedDependencies.outputs.managedIdentityResourceId
- }
-}
diff --git a/bicep-examples/dependencies/modules/webApp/hosting-environment/version.json b/bicep-examples/dependencies/modules/webApp/hosting-environment/version.json
deleted file mode 100644
index 96236a6..0000000
--- a/bicep-examples/dependencies/modules/webApp/hosting-environment/version.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
- "version": "0.4",
- "pathFilters": [
- "./main.json"
- ]
-}
diff --git a/bicep-examples/dependencies/modules/webApp/serverfarm/README.md b/bicep-examples/dependencies/modules/webApp/serverfarm/README.md
deleted file mode 100644
index 0f95792..0000000
--- a/bicep-examples/dependencies/modules/webApp/serverfarm/README.md
+++ /dev/null
@@ -1,639 +0,0 @@
-# App Service Plans `[Microsoft.Web/serverfarms]`
-
-This module deploys an App Service Plan.
-
-## Navigation
-
-- [Resource Types](#Resource-Types)
-- [Usage examples](#Usage-examples)
-- [Parameters](#Parameters)
-- [Outputs](#Outputs)
-- [Cross-referenced modules](#Cross-referenced-modules)
-
-## Resource Types
-
-| Resource Type | API Version |
-| :-- | :-- |
-| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
-| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
-| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
-| `Microsoft.Web/serverfarms` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/serverfarms) |
-
-## Usage examples
-
-The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
-
->**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
->**Note**: To reference the module, please use the following syntax `br:bicep/modules/web.serverfarm:1.0.0`.
-
-- [Using large parameter set](#example-1-using-large-parameter-set)
-- [WAF-aligned](#example-2-waf-aligned)
-
-### Example 1: _Using large parameter set_
-
-This instance deploys the module with most of its features enabled.
-
-
-via Bicep module
-
-```bicep
-module serverfarm 'br:bicep/modules/web.serverfarm:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-wsfmax'
- params: {
- // Required parameters
- name: 'wsfmax001'
- sku: {
- capacity: '1'
- family: 'S'
- name: 'S1'
- size: 'S1'
- tier: 'Standard'
- }
- // Non-required parameters
- diagnosticSettings: [
- {
- eventHubAuthorizationRuleResourceId: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "name": {
- "value": "wsfmax001"
- },
- "sku": {
- "value": {
- "capacity": "1",
- "family": "S",
- "name": "S1",
- "size": "S1",
- "tier": "Standard"
- }
- },
- // Non-required parameters
- "diagnosticSettings": {
- "value": [
- {
- "eventHubAuthorizationRuleResourceId": "
-
-### Example 2: _WAF-aligned_
-
-This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.
-
-
-via Bicep module
-
-```bicep
-module serverfarm 'br:bicep/modules/web.serverfarm:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-wsfwaf'
- params: {
- // Required parameters
- name: 'wsfwaf001'
- sku: {
- capacity: '1'
- family: 'S'
- name: 'S1'
- size: 'S1'
- tier: 'Standard'
- }
- // Non-required parameters
- diagnosticSettings: [
- {
- eventHubAuthorizationRuleResourceId: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "name": {
- "value": "wsfwaf001"
- },
- "sku": {
- "value": {
- "capacity": "1",
- "family": "S",
- "name": "S1",
- "size": "S1",
- "tier": "Standard"
- }
- },
- // Non-required parameters
- "diagnosticSettings": {
- "value": [
- {
- "eventHubAuthorizationRuleResourceId": "
-
-
-## Parameters
-
-**Required parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`name`](#parameter-name) | string | The name of the app service plan to deploy. |
-| [`sku`](#parameter-sku) | object | Defines the name, tier, size, family and capacity of the App Service Plan. |
-
-**Conditional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`reserved`](#parameter-reserved) | bool | Defaults to false when creating Windows/app App Service Plan. Required if creating a Linux App Service Plan and must be set to true. |
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`appServiceEnvironmentId`](#parameter-appserviceenvironmentid) | string | The Resource ID of the App Service Environment to use for the App Service Plan. |
-| [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. |
-| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
-| [`kind`](#parameter-kind) | string | Kind of server OS. |
-| [`location`](#parameter-location) | string | Location for all resources. |
-| [`lock`](#parameter-lock) | object | The lock settings of the service. |
-| [`maximumElasticWorkerCount`](#parameter-maximumelasticworkercount) | int | Maximum number of total workers allowed for this ElasticScaleEnabled App Service Plan. |
-| [`perSiteScaling`](#parameter-persitescaling) | bool | If true, apps assigned to this App Service plan can be scaled independently. If false, apps assigned to this App Service plan will scale to all instances of the plan. |
-| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| [`tags`](#parameter-tags) | object | Tags of the resource. |
-| [`targetWorkerCount`](#parameter-targetworkercount) | int | Scaling worker count. |
-| [`targetWorkerSize`](#parameter-targetworkersize) | int | The instance size of the hosting plan (small, medium, or large). |
-| [`workerTierName`](#parameter-workertiername) | string | Target worker tier assigned to the App Service plan. |
-| [`zoneRedundant`](#parameter-zoneredundant) | bool | When true, this App Service Plan will perform availability zone balancing. |
-
-### Parameter: `appServiceEnvironmentId`
-
-The Resource ID of the App Service Environment to use for the App Service Plan.
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `diagnosticSettings`
-
-The diagnostic settings of the service.
-- Required: No
-- Type: array
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
-| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. |
-| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. |
-| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. |
-| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
-| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
-
-### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId`
-
-Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
-
-- Required: No
-- Type: string
-
-### Parameter: `diagnosticSettings.eventHubName`
-
-Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
-
-- Required: No
-- Type: string
-
-### Parameter: `diagnosticSettings.logAnalyticsDestinationType`
-
-Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.
-
-- Required: No
-- Type: string
-- Allowed: `[AzureDiagnostics, Dedicated]`
-
-### Parameter: `diagnosticSettings.marketplacePartnerResourceId`
-
-Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.
-
-- Required: No
-- Type: string
-
-### Parameter: `diagnosticSettings.metricCategories`
-
-Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
-
-- Required: No
-- Type: array
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. |
-
-### Parameter: `diagnosticSettings.metricCategories.category`
-
-Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics.
-
-- Required: Yes
-- Type: string
-
-
-### Parameter: `diagnosticSettings.name`
-
-Optional. The name of diagnostic setting.
-
-- Required: No
-- Type: string
-
-### Parameter: `diagnosticSettings.storageAccountResourceId`
-
-Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
-
-- Required: No
-- Type: string
-
-### Parameter: `diagnosticSettings.workspaceResourceId`
-
-Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
-
-- Required: No
-- Type: string
-
-### Parameter: `enableDefaultTelemetry`
-
-Enable telemetry via a Globally Unique Identifier (GUID).
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `kind`
-
-Kind of server OS.
-- Required: No
-- Type: string
-- Default: `'Windows'`
-- Allowed:
- ```Bicep
- [
- 'App'
- 'Elastic'
- 'FunctionApp'
- 'Linux'
- 'Windows'
- ]
- ```
-
-### Parameter: `location`
-
-Location for all resources.
-- Required: No
-- Type: string
-- Default: `[resourceGroup().location]`
-
-### Parameter: `lock`
-
-The lock settings of the service.
-- Required: No
-- Type: object
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. |
-| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. |
-
-### Parameter: `lock.kind`
-
-Optional. Specify the type of lock.
-
-- Required: No
-- Type: string
-- Allowed: `[CanNotDelete, None, ReadOnly]`
-
-### Parameter: `lock.name`
-
-Optional. Specify the name of lock.
-
-- Required: No
-- Type: string
-
-### Parameter: `maximumElasticWorkerCount`
-
-Maximum number of total workers allowed for this ElasticScaleEnabled App Service Plan.
-- Required: No
-- Type: int
-- Default: `1`
-
-### Parameter: `name`
-
-The name of the app service plan to deploy.
-- Required: Yes
-- Type: string
-
-### Parameter: `perSiteScaling`
-
-If true, apps assigned to this App Service plan can be scaled independently. If false, apps assigned to this App Service plan will scale to all instances of the plan.
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `reserved`
-
-Defaults to false when creating Windows/app App Service Plan. Required if creating a Linux App Service Plan and must be set to true.
-- Required: No
-- Type: bool
-- Default: `False`
-
-### Parameter: `roleAssignments`
-
-Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
-- Required: No
-- Type: array
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
-| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. |
-| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. |
-| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. |
-| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. |
-| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. |
-| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. |
-
-### Parameter: `roleAssignments.condition`
-
-Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.conditionVersion`
-
-Optional. Version of the condition.
-
-- Required: No
-- Type: string
-- Allowed: `[2.0]`
-
-### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
-
-Optional. The Resource Id of the delegated managed identity resource.
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.description`
-
-Optional. The description of the role assignment.
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.principalId`
-
-Required. The principal ID of the principal (user/group/identity) to assign the role to.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `roleAssignments.principalType`
-
-Optional. The principal type of the assigned principal ID.
-
-- Required: No
-- Type: string
-- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]`
-
-### Parameter: `roleAssignments.roleDefinitionIdOrName`
-
-Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `sku`
-
-Defines the name, tier, size, family and capacity of the App Service Plan.
-- Required: Yes
-- Type: object
-
-### Parameter: `tags`
-
-Tags of the resource.
-- Required: No
-- Type: object
-
-### Parameter: `targetWorkerCount`
-
-Scaling worker count.
-- Required: No
-- Type: int
-- Default: `0`
-
-### Parameter: `targetWorkerSize`
-
-The instance size of the hosting plan (small, medium, or large).
-- Required: No
-- Type: int
-- Default: `0`
-- Allowed:
- ```Bicep
- [
- 0
- 1
- 2
- ]
- ```
-
-### Parameter: `workerTierName`
-
-Target worker tier assigned to the App Service plan.
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `zoneRedundant`
-
-When true, this App Service Plan will perform availability zone balancing.
-- Required: No
-- Type: bool
-- Default: `False`
-
-
-## Outputs
-
-| Output | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the app service plan. |
-| `resourceGroupName` | string | The resource group the app service plan was deployed into. |
-| `resourceId` | string | The resource ID of the app service plan. |
-
-## Cross-referenced modules
-
-_None_
diff --git a/bicep-examples/dependencies/modules/webApp/serverfarm/main.bicep b/bicep-examples/dependencies/modules/webApp/serverfarm/main.bicep
deleted file mode 100644
index 856f2cc..0000000
--- a/bicep-examples/dependencies/modules/webApp/serverfarm/main.bicep
+++ /dev/null
@@ -1,238 +0,0 @@
-metadata name = 'App Service Plans'
-metadata description = 'This module deploys an App Service Plan.'
-metadata owner = 'Azure/module-maintainers'
-
-// ================ //
-// Parameters //
-// ================ //
-@description('Required. The name of the app service plan to deploy.')
-@minLength(1)
-@maxLength(40)
-param name string
-
-@description('Required. Defines the name, tier, size, family and capacity of the App Service Plan.')
-param sku object
-
-@description('Optional. Location for all resources.')
-param location string = resourceGroup().location
-
-@description('Optional. Kind of server OS.')
-@allowed([
- 'App'
- 'Elastic'
- 'FunctionApp'
- 'Windows'
- 'Linux'
-])
-param kind string = 'Windows'
-
-@description('Conditional. Defaults to false when creating Windows/app App Service Plan. Required if creating a Linux App Service Plan and must be set to true.')
-param reserved bool = false
-
-@description('Optional. The Resource ID of the App Service Environment to use for the App Service Plan.')
-param appServiceEnvironmentId string = ''
-
-@description('Optional. Target worker tier assigned to the App Service plan.')
-param workerTierName string = ''
-
-@description('Optional. If true, apps assigned to this App Service plan can be scaled independently. If false, apps assigned to this App Service plan will scale to all instances of the plan.')
-param perSiteScaling bool = false
-
-@description('Optional. Maximum number of total workers allowed for this ElasticScaleEnabled App Service Plan.')
-param maximumElasticWorkerCount int = 1
-
-@description('Optional. Scaling worker count.')
-param targetWorkerCount int = 0
-
-@description('Optional. The instance size of the hosting plan (small, medium, or large).')
-@allowed([
- 0
- 1
- 2
-])
-param targetWorkerSize int = 0
-
-@description('Optional. The lock settings of the service.')
-param lock lockType
-
-@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.')
-param roleAssignments roleAssignmentType
-
-@description('Optional. Tags of the resource.')
-param tags object?
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Optional. The diagnostic settings of the service.')
-param diagnosticSettings diagnosticSettingType
-
-@description('Optional. When true, this App Service Plan will perform availability zone balancing.')
-param zoneRedundant bool = false
-
-// ============ //
-// Dependencies //
-// ============ //
-var builtInRoleNames = {
- Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
- Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
- Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
- 'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')
- 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')
- 'Web Plan Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b')
- 'Website Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772')
-}
-
-resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
- name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
- properties: {
- mode: 'Incremental'
- template: {
- '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
- contentVersion: '1.0.0.0'
- resources: []
- }
- }
-}
-
-resource appServicePlan 'Microsoft.Web/serverfarms@2022-09-01' = {
- name: name
- kind: kind
- location: location
- tags: tags
- sku: sku
- properties: {
- workerTierName: workerTierName
- hostingEnvironmentProfile: !empty(appServiceEnvironmentId) ? {
- id: appServiceEnvironmentId
- } : null
- perSiteScaling: perSiteScaling
- maximumElasticWorkerCount: maximumElasticWorkerCount
- reserved: reserved
- targetWorkerCount: targetWorkerCount
- targetWorkerSizeId: targetWorkerSize
- zoneRedundant: zoneRedundant
- }
-}
-
-resource appServicePlan_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = [for (diagnosticSetting, index) in (diagnosticSettings ?? []): {
- name: diagnosticSetting.?name ?? '${name}-diagnosticSettings'
- properties: {
- storageAccountId: diagnosticSetting.?storageAccountResourceId
- workspaceId: diagnosticSetting.?workspaceResourceId
- eventHubAuthorizationRuleId: diagnosticSetting.?eventHubAuthorizationRuleResourceId
- eventHubName: diagnosticSetting.?eventHubName
- metrics: diagnosticSetting.?metricCategories ?? [
- {
- category: 'AllMetrics'
- timeGrain: null
- enabled: true
- }
- ]
- marketplacePartnerId: diagnosticSetting.?marketplacePartnerResourceId
- logAnalyticsDestinationType: diagnosticSetting.?logAnalyticsDestinationType
- }
- scope: appServicePlan
-}]
-
-resource appServicePlan_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') {
- name: lock.?name ?? 'lock-${name}'
- properties: {
- level: lock.?kind ?? ''
- notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.'
- }
- scope: appServicePlan
-}
-
-resource appServicePlan_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (roleAssignment, index) in (roleAssignments ?? []): {
- name: guid(appServicePlan.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName)
- properties: {
- roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] : roleAssignment.roleDefinitionIdOrName
- principalId: roleAssignment.principalId
- description: roleAssignment.?description
- principalType: roleAssignment.?principalType
- condition: roleAssignment.?condition
- conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set
- delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId
- }
- scope: appServicePlan
-}]
-
-// =========== //
-// Outputs //
-// =========== //
-@description('The resource group the app service plan was deployed into.')
-output resourceGroupName string = resourceGroup().name
-
-@description('The name of the app service plan.')
-output name string = appServicePlan.name
-
-@description('The resource ID of the app service plan.')
-output resourceId string = appServicePlan.id
-
-@description('The location the resource was deployed into.')
-output location string = appServicePlan.location
-
-// =============== //
-// Definitions //
-// =============== //
-
-type lockType = {
- @description('Optional. Specify the name of lock.')
- name: string?
-
- @description('Optional. Specify the type of lock.')
- kind: ('CanNotDelete' | 'ReadOnly' | 'None')?
-}?
-
-type roleAssignmentType = {
- @description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.')
- roleDefinitionIdOrName: string
-
- @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.')
- principalId: string
-
- @description('Optional. The principal type of the assigned principal ID.')
- principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device' | null)?
-
- @description('Optional. The description of the role assignment.')
- description: string?
-
- @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"')
- condition: string?
-
- @description('Optional. Version of the condition.')
- conditionVersion: '2.0'?
-
- @description('Optional. The Resource Id of the delegated managed identity resource.')
- delegatedManagedIdentityResourceId: string?
-}[]?
-
-type diagnosticSettingType = {
- @description('Optional. The name of diagnostic setting.')
- name: string?
-
- @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to \'\' to disable log collection.')
- metricCategories: {
- @description('Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to \'AllMetrics\' to collect all metrics.')
- category: string
- }[]?
-
- @description('Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.')
- logAnalyticsDestinationType: ('Dedicated' | 'AzureDiagnostics' | null)?
-
- @description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
- workspaceResourceId: string?
-
- @description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
- storageAccountResourceId: string?
-
- @description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.')
- eventHubAuthorizationRuleResourceId: string?
-
- @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.')
- eventHubName: string?
-
- @description('Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.')
- marketplacePartnerResourceId: string?
-}[]?
diff --git a/bicep-examples/dependencies/modules/webApp/serverfarm/main.json b/bicep-examples/dependencies/modules/webApp/serverfarm/main.json
deleted file mode 100644
index 53eec7f..0000000
--- a/bicep-examples/dependencies/modules/webApp/serverfarm/main.json
+++ /dev/null
@@ -1,452 +0,0 @@
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.0",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.22.6.54827",
- "templateHash": "14824797980620937555"
- },
- "name": "App Service Plans",
- "description": "This module deploys an App Service Plan.",
- "owner": "Azure/module-maintainers"
- },
- "definitions": {
- "lockType": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Specify the name of lock."
- }
- },
- "kind": {
- "type": "string",
- "allowedValues": [
- "CanNotDelete",
- "None",
- "ReadOnly"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. Specify the type of lock."
- }
- }
- },
- "nullable": true
- },
- "roleAssignmentType": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "roleDefinitionIdOrName": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead."
- }
- },
- "principalId": {
- "type": "string",
- "metadata": {
- "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to."
- }
- },
- "principalType": {
- "type": "string",
- "allowedValues": [
- "Device",
- "ForeignGroup",
- "Group",
- "ServicePrincipal",
- "User"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. The principal type of the assigned principal ID."
- }
- },
- "description": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The description of the role assignment."
- }
- },
- "condition": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
- }
- },
- "conditionVersion": {
- "type": "string",
- "allowedValues": [
- "2.0"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. Version of the condition."
- }
- },
- "delegatedManagedIdentityResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The Resource Id of the delegated managed identity resource."
- }
- }
- }
- },
- "nullable": true
- },
- "diagnosticSettingType": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The name of diagnostic setting."
- }
- },
- "metricCategories": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "category": {
- "type": "string",
- "metadata": {
- "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics."
- }
- }
- }
- },
- "nullable": true,
- "metadata": {
- "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection."
- }
- },
- "logAnalyticsDestinationType": {
- "type": "string",
- "allowedValues": [
- "AzureDiagnostics",
- "Dedicated"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type."
- }
- },
- "workspaceResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "storageAccountResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "eventHubAuthorizationRuleResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to."
- }
- },
- "eventHubName": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub."
- }
- },
- "marketplacePartnerResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs."
- }
- }
- }
- },
- "nullable": true
- }
- },
- "parameters": {
- "name": {
- "type": "string",
- "minLength": 1,
- "maxLength": 40,
- "metadata": {
- "description": "Required. The name of the app service plan to deploy."
- }
- },
- "sku": {
- "type": "object",
- "metadata": {
- "description": "Required. Defines the name, tier, size, family and capacity of the App Service Plan."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. Location for all resources."
- }
- },
- "kind": {
- "type": "string",
- "defaultValue": "Windows",
- "allowedValues": [
- "App",
- "Elastic",
- "FunctionApp",
- "Windows",
- "Linux"
- ],
- "metadata": {
- "description": "Optional. Kind of server OS."
- }
- },
- "reserved": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Conditional. Defaults to false when creating Windows/app App Service Plan. Required if creating a Linux App Service Plan and must be set to true."
- }
- },
- "appServiceEnvironmentId": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. The Resource ID of the App Service Environment to use for the App Service Plan."
- }
- },
- "workerTierName": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. Target worker tier assigned to the App Service plan."
- }
- },
- "perSiteScaling": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. If true, apps assigned to this App Service plan can be scaled independently. If false, apps assigned to this App Service plan will scale to all instances of the plan."
- }
- },
- "maximumElasticWorkerCount": {
- "type": "int",
- "defaultValue": 1,
- "metadata": {
- "description": "Optional. Maximum number of total workers allowed for this ElasticScaleEnabled App Service Plan."
- }
- },
- "targetWorkerCount": {
- "type": "int",
- "defaultValue": 0,
- "metadata": {
- "description": "Optional. Scaling worker count."
- }
- },
- "targetWorkerSize": {
- "type": "int",
- "defaultValue": 0,
- "allowedValues": [
- 0,
- 1,
- 2
- ],
- "metadata": {
- "description": "Optional. The instance size of the hosting plan (small, medium, or large)."
- }
- },
- "lock": {
- "$ref": "#/definitions/lockType",
- "metadata": {
- "description": "Optional. The lock settings of the service."
- }
- },
- "roleAssignments": {
- "$ref": "#/definitions/roleAssignmentType",
- "metadata": {
- "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
- }
- },
- "tags": {
- "type": "object",
- "nullable": true,
- "metadata": {
- "description": "Optional. Tags of the resource."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "diagnosticSettings": {
- "$ref": "#/definitions/diagnosticSettingType",
- "metadata": {
- "description": "Optional. The diagnostic settings of the service."
- }
- },
- "zoneRedundant": {
- "type": "bool",
- "defaultValue": false,
- "metadata": {
- "description": "Optional. When true, this App Service Plan will perform availability zone balancing."
- }
- }
- },
- "variables": {
- "builtInRoleNames": {
- "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
- "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
- "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
- "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]",
- "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]",
- "Web Plan Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b')]",
- "Website Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772')]"
- }
- },
- "resources": {
- "defaultTelemetry": {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- "appServicePlan": {
- "type": "Microsoft.Web/serverfarms",
- "apiVersion": "2022-09-01",
- "name": "[parameters('name')]",
- "kind": "[parameters('kind')]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "sku": "[parameters('sku')]",
- "properties": {
- "workerTierName": "[parameters('workerTierName')]",
- "hostingEnvironmentProfile": "[if(not(empty(parameters('appServiceEnvironmentId'))), createObject('id', parameters('appServiceEnvironmentId')), null())]",
- "perSiteScaling": "[parameters('perSiteScaling')]",
- "maximumElasticWorkerCount": "[parameters('maximumElasticWorkerCount')]",
- "reserved": "[parameters('reserved')]",
- "targetWorkerCount": "[parameters('targetWorkerCount')]",
- "targetWorkerSizeId": "[parameters('targetWorkerSize')]",
- "zoneRedundant": "[parameters('zoneRedundant')]"
- }
- },
- "appServicePlan_diagnosticSettings": {
- "copy": {
- "name": "appServicePlan_diagnosticSettings",
- "count": "[length(coalesce(parameters('diagnosticSettings'), createArray()))]"
- },
- "type": "Microsoft.Insights/diagnosticSettings",
- "apiVersion": "2021-05-01-preview",
- "scope": "[format('Microsoft.Web/serverfarms/{0}', parameters('name'))]",
- "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]",
- "properties": {
- "storageAccountId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'storageAccountResourceId')]",
- "workspaceId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'workspaceResourceId')]",
- "eventHubAuthorizationRuleId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubAuthorizationRuleResourceId')]",
- "eventHubName": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubName')]",
- "metrics": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics', 'timeGrain', null(), 'enabled', true())))]",
- "marketplacePartnerId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'marketplacePartnerResourceId')]",
- "logAnalyticsDestinationType": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logAnalyticsDestinationType')]"
- },
- "dependsOn": [
- "appServicePlan"
- ]
- },
- "appServicePlan_lock": {
- "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
- "type": "Microsoft.Authorization/locks",
- "apiVersion": "2020-05-01",
- "scope": "[format('Microsoft.Web/serverfarms/{0}', parameters('name'))]",
- "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]",
- "properties": {
- "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]",
- "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]"
- },
- "dependsOn": [
- "appServicePlan"
- ]
- },
- "appServicePlan_roleAssignments": {
- "copy": {
- "name": "appServicePlan_roleAssignments",
- "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]"
- },
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2022-04-01",
- "scope": "[format('Microsoft.Web/serverfarms/{0}', parameters('name'))]",
- "name": "[guid(resourceId('Microsoft.Web/serverfarms', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
- "properties": {
- "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
- "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]",
- "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]",
- "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]",
- "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]",
- "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]",
- "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]"
- },
- "dependsOn": [
- "appServicePlan"
- ]
- }
- },
- "outputs": {
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The resource group the app service plan was deployed into."
- },
- "value": "[resourceGroup().name]"
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the app service plan."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the app service plan."
- },
- "value": "[resourceId('Microsoft.Web/serverfarms', parameters('name'))]"
- },
- "location": {
- "type": "string",
- "metadata": {
- "description": "The location the resource was deployed into."
- },
- "value": "[reference('appServicePlan', '2022-09-01', 'full').location]"
- }
- }
-}
\ No newline at end of file
diff --git a/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/max/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/max/dependencies.bicep
deleted file mode 100644
index a7f42ae..0000000
--- a/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/max/dependencies.bicep
+++ /dev/null
@@ -1,13 +0,0 @@
-@description('Optional. The location to deploy to.')
-param location string = resourceGroup().location
-
-@description('Required. The name of the Managed Identity to create.')
-param managedIdentityName string
-
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
- name: managedIdentityName
- location: location
-}
-
-@description('The principal ID of the created Managed Identity.')
-output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/max/main.test.bicep b/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/max/main.test.bicep
deleted file mode 100644
index ab5b234..0000000
--- a/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/max/main.test.bicep
+++ /dev/null
@@ -1,107 +0,0 @@
-targetScope = 'subscription'
-
-metadata name = 'Using large parameter set'
-metadata description = 'This instance deploys the module with most of its features enabled.'
-
-// ========== //
-// Parameters //
-// ========== //
-
-@description('Optional. The name of the resource group to deploy for testing purposes.')
-@maxLength(90)
-param resourceGroupName string = 'dep-${namePrefix}-web.serverfarms-${serviceShort}-rg'
-
-@description('Optional. The location to deploy resources to.')
-param location string = deployment().location
-
-@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'wsfmax'
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Optional. A token to inject into the name of each resource.')
-param namePrefix string = '[[namePrefix]]'
-
-// ============ //
-// Dependencies //
-// ============ //
-
-// General resources
-// =================
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
- name: resourceGroupName
- location: location
-}
-
-module nestedDependencies 'dependencies.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-nestedDependencies'
- params: {
- managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
- }
-}
-
-// Diagnostics
-// ===========
-module diagnosticDependencies '../../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
- params: {
- storageAccountName: 'dep${namePrefix}diasa${serviceShort}01'
- logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}'
- eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}'
- eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}'
- location: location
- }
-}
-
-// ============== //
-// Test Execution //
-// ============== //
-
-module testDeployment '../../../main.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
- params: {
- enableDefaultTelemetry: enableDefaultTelemetry
- name: '${namePrefix}${serviceShort}001'
- sku: {
- capacity: '1'
- family: 'S'
- name: 'S1'
- size: 'S1'
- tier: 'Standard'
- }
- diagnosticSettings: [
- {
- name: 'customSetting'
- metricCategories: [
- {
- category: 'AllMetrics'
- }
- ]
- eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
- eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
- storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId
- workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
- }
- ]
- lock: {
- kind: 'CanNotDelete'
- name: 'myCustomLockName'
- }
- roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- principalId: nestedDependencies.outputs.managedIdentityPrincipalId
- principalType: 'ServicePrincipal'
- }
- ]
- tags: {
- 'hidden-title': 'This is visible in the resource name'
- Environment: 'Non-Prod'
- Role: 'DeploymentValidation'
- }
- }
-}
diff --git a/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/waf-aligned/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/waf-aligned/dependencies.bicep
deleted file mode 100644
index a7f42ae..0000000
--- a/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/waf-aligned/dependencies.bicep
+++ /dev/null
@@ -1,13 +0,0 @@
-@description('Optional. The location to deploy to.')
-param location string = resourceGroup().location
-
-@description('Required. The name of the Managed Identity to create.')
-param managedIdentityName string
-
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
- name: managedIdentityName
- location: location
-}
-
-@description('The principal ID of the created Managed Identity.')
-output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/waf-aligned/main.test.bicep b/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/waf-aligned/main.test.bicep
deleted file mode 100644
index b6be6a4..0000000
--- a/bicep-examples/dependencies/modules/webApp/serverfarm/tests/e2e/waf-aligned/main.test.bicep
+++ /dev/null
@@ -1,107 +0,0 @@
-targetScope = 'subscription'
-
-metadata name = 'WAF-aligned'
-metadata description = 'This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.'
-
-// ========== //
-// Parameters //
-// ========== //
-
-@description('Optional. The name of the resource group to deploy for testing purposes.')
-@maxLength(90)
-param resourceGroupName string = 'dep-${namePrefix}-web.serverfarms-${serviceShort}-rg'
-
-@description('Optional. The location to deploy resources to.')
-param location string = deployment().location
-
-@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'wsfwaf'
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Optional. A token to inject into the name of each resource.')
-param namePrefix string = '[[namePrefix]]'
-
-// ============ //
-// Dependencies //
-// ============ //
-
-// General resources
-// =================
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
- name: resourceGroupName
- location: location
-}
-
-module nestedDependencies 'dependencies.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-nestedDependencies'
- params: {
- managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
- }
-}
-
-// Diagnostics
-// ===========
-module diagnosticDependencies '../../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
- params: {
- storageAccountName: 'dep${namePrefix}diasa${serviceShort}01'
- logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}'
- eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}'
- eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}'
- location: location
- }
-}
-
-// ============== //
-// Test Execution //
-// ============== //
-
-module testDeployment '../../../main.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
- params: {
- enableDefaultTelemetry: enableDefaultTelemetry
- name: '${namePrefix}${serviceShort}001'
- sku: {
- capacity: '1'
- family: 'S'
- name: 'S1'
- size: 'S1'
- tier: 'Standard'
- }
- diagnosticSettings: [
- {
- name: 'customSetting'
- metricCategories: [
- {
- category: 'AllMetrics'
- }
- ]
- eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
- eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
- storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId
- workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
- }
- ]
- lock: {
- kind: 'CanNotDelete'
- name: 'myCustomLockName'
- }
- roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- principalId: nestedDependencies.outputs.managedIdentityPrincipalId
- principalType: 'ServicePrincipal'
- }
- ]
- tags: {
- 'hidden-title': 'This is visible in the resource name'
- Environment: 'Non-Prod'
- Role: 'DeploymentValidation'
- }
- }
-}
diff --git a/bicep-examples/dependencies/modules/webApp/serverfarm/version.json b/bicep-examples/dependencies/modules/webApp/serverfarm/version.json
deleted file mode 100644
index 96236a6..0000000
--- a/bicep-examples/dependencies/modules/webApp/serverfarm/version.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
- "version": "0.4",
- "pathFilters": [
- "./main.json"
- ]
-}
diff --git a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppCommon/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppCommon/dependencies.bicep
deleted file mode 100644
index 72e118b..0000000
--- a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppCommon/dependencies.bicep
+++ /dev/null
@@ -1,148 +0,0 @@
-@description('Optional. The location to deploy resources to.')
-param location string = resourceGroup().location
-
-@description('Required. The name of the Virtual Network to create.')
-param virtualNetworkName string
-
-@description('Required. The name of the Managed Identity to create.')
-param managedIdentityName string
-
-@description('Required. The name of the Server Farm to create.')
-param serverFarmName string
-
-@description('Required. The name of the Storage Account to create.')
-param storageAccountName string
-
-@description('Required. The name of the Application Insights instance to create.')
-param applicationInsightsName string
-
-@description('Required. The name of the Relay Namespace to create.')
-param relayNamespaceName string
-
-@description('Required. The name of the Hybrid Connection to create.')
-param hybridConnectionName string
-
-var addressPrefix = '10.0.0.0/16'
-
-resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = {
- name: virtualNetworkName
- location: location
- properties: {
- addressSpace: {
- addressPrefixes: [
- addressPrefix
- ]
- }
- subnets: [
- {
- name: 'defaultSubnet'
- properties: {
- addressPrefix: cidrSubnet(addressPrefix, 16, 0)
- }
- }
- ]
- }
-}
-
-resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
- name: 'privatelink.azurewebsites.net'
- location: 'global'
-
- resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = {
- name: '${virtualNetwork.name}-vnetlink'
- location: 'global'
- properties: {
- virtualNetwork: {
- id: virtualNetwork.id
- }
- registrationEnabled: false
- }
- }
-}
-
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
- name: managedIdentityName
- location: location
-}
-
-resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' = {
- name: storageAccountName
- location: location
- sku: {
- name: 'Standard_LRS'
- }
- kind: 'StorageV2'
- properties: {}
-}
-
-resource serverFarm 'Microsoft.Web/serverfarms@2022-03-01' = {
- name: serverFarmName
- location: location
- sku: {
- name: 'S1'
- tier: 'Standard'
- size: 'S1'
- family: 'S'
- capacity: 1
- }
- properties: {}
-}
-
-resource applicationInsights 'Microsoft.Insights/components@2020-02-02' = {
- name: applicationInsightsName
- location: location
- kind: ''
- properties: {}
-}
-
-resource namespace 'Microsoft.Relay/namespaces@2021-11-01' = {
- name: relayNamespaceName
- location: location
- sku: {
- name: 'Standard'
- }
- properties: {}
-}
-
-resource hybridConnection 'Microsoft.Relay/namespaces/hybridConnections@2021-11-01' = {
- name: hybridConnectionName
- parent: namespace
- properties: {
- requiresClientAuthorization: true
- userMetadata: '[{"key":"endpoint","value":"db-server.constoso.com:1433"}]'
- }
-}
-
-resource authorizationRule 'Microsoft.Relay/namespaces/hybridConnections/authorizationRules@2021-11-01' = {
- name: 'defaultSender'
- parent: hybridConnection
- properties: {
- rights: [
- 'Send'
- ]
- }
-}
-
-@description('The resource ID of the created Virtual Network Subnet.')
-output subnetResourceId string = virtualNetwork.properties.subnets[0].id
-
-@description('The principal ID of the created Managed Identity.')
-output managedIdentityPrincipalId string = managedIdentity.properties.principalId
-
-@description('The resource ID of the created Managed Identity.')
-output managedIdentityResourceId string = managedIdentity.id
-
-@description('The resource ID of the created Server Farm.')
-output serverFarmResourceId string = serverFarm.id
-
-@description('The resource ID of the created Storage Account.')
-output storageAccountResourceId string = storageAccount.id
-
-@description('The resource ID of the created Application Insights instance.')
-output applicationInsightsResourceId string = applicationInsights.id
-
-@description('The resource ID of the created Private DNS Zone.')
-output privateDNSZoneResourceId string = privateDNSZone.id
-
-@description('The resource ID of the created Hybrid Connection.')
-output hybridConnectionResourceId string = hybridConnection.id
diff --git a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppCommon/main.test.bicep b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppCommon/main.test.bicep
deleted file mode 100644
index 9219cb3..0000000
--- a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppCommon/main.test.bicep
+++ /dev/null
@@ -1,201 +0,0 @@
-targetScope = 'subscription'
-
-// ========== //
-// Parameters //
-// ========== //
-
-@description('Optional. The name of the resource group to deploy for testing purposes.')
-@maxLength(90)
-param resourceGroupName string = 'dep-${namePrefix}-web.sites-${serviceShort}-rg'
-
-@description('Optional. The location to deploy resources to.')
-param location string = deployment().location
-
-@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'wsfacom'
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Optional. A token to inject into the name of each resource.')
-param namePrefix string = '[[namePrefix]]'
-
-// ============ //
-// Dependencies //
-// ============ //
-
-// General resources
-// =================
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
- name: resourceGroupName
- location: location
-}
-
-module nestedDependencies 'dependencies.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-nestedDependencies'
- params: {
- virtualNetworkName: 'dep-[[namePrefix]]-vnet-${serviceShort}'
- managedIdentityName: 'dep-[[namePrefix]]-msi-${serviceShort}'
- serverFarmName: 'dep-[[namePrefix]]-sf-${serviceShort}'
- storageAccountName: 'dep[[namePrefix]]st${serviceShort}'
- applicationInsightsName: 'dep-[[namePrefix]]-appi-${serviceShort}'
- relayNamespaceName: 'dep-[[namePrefix]]-ns-${serviceShort}'
- hybridConnectionName: 'dep-[[namePrefix]]-hc-${serviceShort}'
- }
-}
-
-// Diagnostics
-// ===========
-module diagnosticDependencies '../../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
- params: {
- storageAccountName: 'dep${namePrefix}diasa${serviceShort}01'
- logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}'
- eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}'
- eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}'
- location: location
- }
-}
-
-// ============== //
-// Test Execution //
-// ============== //
-// For the below test case, please consider the guidelines described here: https://github.com/Azure/ResourceModules/wiki/Getting%20started%20-%20Scenario%202%20Onboard%20module%20library%20and%20CI%20environment#microsoftwebsites
-module testDeployment '../../../main.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
- params: {
- enableDefaultTelemetry: enableDefaultTelemetry
- name: '${namePrefix}${serviceShort}001'
- kind: 'functionapp'
- serverFarmResourceId: nestedDependencies.outputs.serverFarmResourceId
- appInsightResourceId: nestedDependencies.outputs.applicationInsightsResourceId
- appSettingsKeyValuePairs: {
- AzureFunctionsJobHost__logging__logLevel__default: 'Trace'
- EASYAUTH_SECRET: 'https://${namePrefix}-KeyVault${environment().suffixes.keyvaultDns}/secrets/Modules-Test-SP-Password'
- FUNCTIONS_EXTENSION_VERSION: '~4'
- FUNCTIONS_WORKER_RUNTIME: 'dotnet'
- }
- authSettingV2Configuration: {
- globalValidation: {
- requireAuthentication: true
- unauthenticatedClientAction: 'Return401'
- }
- httpSettings: {
- forwardProxy: {
- convention: 'NoProxy'
- }
- requireHttps: true
- routes: {
- apiPrefix: '/.auth'
- }
- }
- identityProviders: {
- azureActiveDirectory: {
- enabled: true
- login: {
- disableWWWAuthenticate: false
- }
- registration: {
- clientId: 'd874dd2f-2032-4db1-a053-f0ec243685aa'
- clientSecretSettingName: 'EASYAUTH_SECRET'
- openIdIssuer: 'https://sts.windows.net/${tenant().tenantId}/v2.0/'
- }
- validation: {
- allowedAudiences: [
- 'api://d874dd2f-2032-4db1-a053-f0ec243685aa'
- ]
- defaultAuthorizationPolicy: {
- allowedPrincipals: {}
- }
- jwtClaimChecks: {}
- }
- }
- }
- login: {
- allowedExternalRedirectUrls: [
- 'string'
- ]
- cookieExpiration: {
- convention: 'FixedTime'
- timeToExpiration: '08:00:00'
- }
- nonce: {
- nonceExpirationInterval: '00:05:00'
- validateNonce: true
- }
- preserveUrlFragmentsForLogins: false
- routes: {}
- tokenStore: {
- azureBlobStorage: {}
- enabled: true
- fileSystem: {}
- tokenRefreshExtensionHours: 72
- }
- }
- platform: {
- enabled: true
- runtimeVersion: '~1'
- }
- }
- diagnosticSettings: [
- {
- name: 'customSetting'
- metricCategories: [
- {
- category: 'AllMetrics'
- }
- ]
- eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
- eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
- storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId
- workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
- }
- ]
- lock: {
- kind: 'CanNotDelete'
- name: 'myCustomLockName'
- }
- privateEndpoints: [
- {
- subnetResourceId: nestedDependencies.outputs.subnetResourceId
- privateDnsZoneResourceIds: [
- nestedDependencies.outputs.privateDNSZoneResourceId
- ]
- tags: {
- 'hidden-title': 'This is visible in the resource name'
- Environment: 'Non-Prod'
- Role: 'DeploymentValidation'
- }
- }
- ]
- roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- principalId: nestedDependencies.outputs.managedIdentityPrincipalId
- principalType: 'ServicePrincipal'
- }
- ]
- setAzureWebJobsDashboard: true
- keyVaultAccessIdentityResourceId: nestedDependencies.outputs.managedIdentityResourceId
- siteConfig: {
- alwaysOn: true
- use32BitWorkerProcess: false
- }
- storageAccountResourceId: nestedDependencies.outputs.storageAccountResourceId
- managedIdentities: {
- systemAssigned: true
- userAssignedResourcesIds: [
- nestedDependencies.outputs.managedIdentityResourceId
- ]
- }
- hybridConnectionRelays: [
- {
- resourceId: nestedDependencies.outputs.hybridConnectionResourceId
- sendKeyName: 'defaultSender'
- }
- ]
- }
-}
diff --git a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppMin/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppMin/dependencies.bicep
deleted file mode 100644
index cd93e7e..0000000
--- a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppMin/dependencies.bicep
+++ /dev/null
@@ -1,21 +0,0 @@
-@description('Optional. The location to deploy resources to.')
-param location string = resourceGroup().location
-
-@description('Required. The name of the Server Farm to create.')
-param serverFarmName string
-
-resource serverFarm 'Microsoft.Web/serverfarms@2022-03-01' = {
- name: serverFarmName
- location: location
- sku: {
- name: 'S1'
- tier: 'Standard'
- size: 'S1'
- family: 'S'
- capacity: 1
- }
- properties: {}
-}
-
-@description('The resource ID of the created Server Farm.')
-output serverFarmResourceId string = serverFarm.id
diff --git a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppMin/main.test.bicep b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppMin/main.test.bicep
deleted file mode 100644
index 29a4169..0000000
--- a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/functionAppMin/main.test.bicep
+++ /dev/null
@@ -1,58 +0,0 @@
-targetScope = 'subscription'
-
-// ========== //
-// Parameters //
-// ========== //
-
-@description('Optional. The name of the resource group to deploy for testing purposes.')
-@maxLength(90)
-param resourceGroupName string = 'dep-${namePrefix}-web.sites-${serviceShort}-rg'
-
-@description('Optional. The location to deploy resources to.')
-param location string = deployment().location
-
-@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'wsfamin'
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Optional. A token to inject into the name of each resource.')
-param namePrefix string = '[[namePrefix]]'
-
-// ============ //
-// Dependencies //
-// ============ //
-
-// General resources
-// =================
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
- name: resourceGroupName
- location: location
-}
-
-module nestedDependencies 'dependencies.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-nestedDependencies'
- params: {
- serverFarmName: 'dep-${namePrefix}-sf-${serviceShort}'
- }
-}
-
-// ============== //
-// Test Execution //
-// ============== //
-
-module testDeployment '../../../main.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
- params: {
- enableDefaultTelemetry: enableDefaultTelemetry
- name: '${namePrefix}${serviceShort}001'
- kind: 'functionapp'
- serverFarmResourceId: nestedDependencies.outputs.serverFarmResourceId
- siteConfig: {
- alwaysOn: true
- }
- }
-}
diff --git a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppCommon/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppCommon/dependencies.bicep
deleted file mode 100644
index 79da8b0..0000000
--- a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppCommon/dependencies.bicep
+++ /dev/null
@@ -1,119 +0,0 @@
-@description('Optional. The location to deploy resources to.')
-param location string = resourceGroup().location
-
-@description('Required. The name of the Virtual Network to create.')
-param virtualNetworkName string
-
-@description('Required. The name of the Managed Identity to create.')
-param managedIdentityName string
-
-@description('Required. The name of the Server Farm to create.')
-param serverFarmName string
-
-@description('Required. The name of the Relay Namespace to create.')
-param relayNamespaceName string
-
-@description('Required. The name of the Hybrid Connection to create.')
-param hybridConnectionName string
-
-var addressPrefix = '10.0.0.0/16'
-
-resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = {
- name: virtualNetworkName
- location: location
- properties: {
- addressSpace: {
- addressPrefixes: [
- addressPrefix
- ]
- }
- subnets: [
- {
- name: 'defaultSubnet'
- properties: {
- addressPrefix: cidrSubnet(addressPrefix, 16, 0)
- }
- }
- ]
- }
-}
-
-resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
- name: 'privatelink.azurewebsites.net'
- location: 'global'
-
- resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = {
- name: '${virtualNetwork.name}-vnetlink'
- location: 'global'
- properties: {
- virtualNetwork: {
- id: virtualNetwork.id
- }
- registrationEnabled: false
- }
- }
-}
-
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
- name: managedIdentityName
- location: location
-}
-
-resource serverFarm 'Microsoft.Web/serverfarms@2022-03-01' = {
- name: serverFarmName
- location: location
- sku: {
- name: 'S1'
- tier: 'Standard'
- size: 'S1'
- family: 'S'
- capacity: 1
- }
- properties: {}
-}
-
-resource relayNamespace 'Microsoft.Relay/namespaces@2021-11-01' = {
- name: relayNamespaceName
- location: location
- sku: {
- name: 'Standard'
- }
- properties: {}
-}
-
-resource hybridConnection 'Microsoft.Relay/namespaces/hybridConnections@2021-11-01' = {
- name: hybridConnectionName
- parent: relayNamespace
- properties: {
- requiresClientAuthorization: true
- userMetadata: '[{"key":"endpoint","value":"db-server.constoso.com:1433"}]'
- }
-}
-
-resource authorizationRule 'Microsoft.Relay/namespaces/hybridConnections/authorizationRules@2021-11-01' = {
- name: 'defaultSender'
- parent: hybridConnection
- properties: {
- rights: [
- 'Send'
- ]
- }
-}
-
-@description('The resource ID of the created Virtual Network Subnet.')
-output subnetResourceId string = virtualNetwork.properties.subnets[0].id
-
-@description('The principal ID of the created Managed Identity.')
-output managedIdentityPrincipalId string = managedIdentity.properties.principalId
-
-@description('The resource ID of the created Managed Identity.')
-output managedIdentityResourceId string = managedIdentity.id
-
-@description('The resource ID of the created Server Farm.')
-output serverFarmResourceId string = serverFarm.id
-
-@description('The resource ID of the created Private DNS Zone.')
-output privateDNSZoneResourceId string = privateDNSZone.id
-
-@description('The resource ID of the created Hybrid Connection.')
-output hybridConnectionResourceId string = hybridConnection.id
diff --git a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppCommon/main.test.bicep b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppCommon/main.test.bicep
deleted file mode 100644
index ddf1838..0000000
--- a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppCommon/main.test.bicep
+++ /dev/null
@@ -1,200 +0,0 @@
-targetScope = 'subscription'
-
-// ========== //
-// Parameters //
-// ========== //
-
-@description('Optional. The name of the resource group to deploy for testing purposes.')
-@maxLength(90)
-param resourceGroupName string = 'dep-${namePrefix}-web.sites-${serviceShort}-rg'
-
-@description('Optional. The location to deploy resources to.')
-param location string = deployment().location
-
-@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'wswa'
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Optional. A token to inject into the name of each resource.')
-param namePrefix string = '[[namePrefix]]'
-
-// ============ //
-// Dependencies //
-// ============ //
-
-// General resources
-// =================
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
- name: resourceGroupName
- location: location
-}
-
-module nestedDependencies 'dependencies.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-nestedDependencies'
- params: {
- virtualNetworkName: 'dep-[[namePrefix]]-vnet-${serviceShort}'
- managedIdentityName: 'dep-[[namePrefix]]-msi-${serviceShort}'
- serverFarmName: 'dep-[[namePrefix]]-sf-${serviceShort}'
- relayNamespaceName: 'dep-[[namePrefix]]-ns-${serviceShort}'
- hybridConnectionName: 'dep-[[namePrefix]]-hc-${serviceShort}'
- }
-}
-
-// Diagnostics
-// ===========
-module diagnosticDependencies '../../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
- params: {
- storageAccountName: 'dep${namePrefix}diasa${serviceShort}01'
- logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}'
- eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}'
- eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}'
- location: location
- }
-}
-
-// ============== //
-// Test Execution //
-// ============== //
-module testDeployment '../../../main.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
- params: {
- enableDefaultTelemetry: enableDefaultTelemetry
- name: '${namePrefix}${serviceShort}001'
- kind: 'app'
- serverFarmResourceId: nestedDependencies.outputs.serverFarmResourceId
- diagnosticSettings: [
- {
- name: 'customSetting'
- metricCategories: [
- {
- category: 'AllMetrics'
- }
- ]
- eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
- eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
- storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId
- workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
- }
- ]
- httpsOnly: true
- lock: {
- kind: 'CanNotDelete'
- name: 'myCustomLockName'
- }
- slots: [
- {
- name: 'slot1'
- diagnosticSettings: [
- {
- name: 'customSetting'
- eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
- eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
- storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId
- workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
- }
- ]
- privateEndpoints: [
- {
- subnetResourceId: nestedDependencies.outputs.subnetResourceId
- privateDnsZoneResourceIds: [
-
- nestedDependencies.outputs.privateDNSZoneResourceId
-
- ]
- tags: {
- 'hidden-title': 'This is visible in the resource name'
- Environment: 'Non-Prod'
- Role: 'DeploymentValidation'
- }
- }
- ]
- roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- principalId: nestedDependencies.outputs.managedIdentityPrincipalId
- principalType: 'ServicePrincipal'
- }
- ]
- siteConfig: {
- alwaysOn: true
- metadata: [
- {
- name: 'CURRENT_STACK'
- value: 'dotnetcore'
- }
- ]
- }
- hybridConnectionRelays: [
- {
- resourceId: nestedDependencies.outputs.hybridConnectionResourceId
- sendKeyName: 'defaultSender'
- }
- ]
- }
- {
- name: 'slot2'
- }
- ]
- privateEndpoints: [
- {
- subnetResourceId: nestedDependencies.outputs.subnetResourceId
- privateDnsZoneResourceIds: [
- nestedDependencies.outputs.privateDNSZoneResourceId
- ]
- tags: {
- 'hidden-title': 'This is visible in the resource name'
- Environment: 'Non-Prod'
- Role: 'DeploymentValidation'
- }
- }
- ]
- roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- principalId: nestedDependencies.outputs.managedIdentityPrincipalId
- principalType: 'ServicePrincipal'
- }
- ]
- siteConfig: {
- alwaysOn: true
- metadata: [
- {
- name: 'CURRENT_STACK'
- value: 'dotnetcore'
- }
- ]
- }
- managedIdentities: {
- systemAssigned: true
- userAssignedResourcesIds: [
- nestedDependencies.outputs.managedIdentityResourceId
- ]
- }
- basicPublishingCredentialsPolicies: [
- {
- name: 'ftp'
- }
- {
- name: 'scm'
- }
-
- ]
- hybridConnectionRelays: [
- {
- resourceId: nestedDependencies.outputs.hybridConnectionResourceId
- sendKeyName: 'defaultSender'
- }
- ]
- scmSiteAlsoStopped: true
- vnetContentShareEnabled: true
- vnetImagePullEnabled: true
- vnetRouteAllEnabled: true
- publicNetworkAccess: 'Disabled'
- }
-}
diff --git a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppMin/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppMin/dependencies.bicep
deleted file mode 100644
index cd93e7e..0000000
--- a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppMin/dependencies.bicep
+++ /dev/null
@@ -1,21 +0,0 @@
-@description('Optional. The location to deploy resources to.')
-param location string = resourceGroup().location
-
-@description('Required. The name of the Server Farm to create.')
-param serverFarmName string
-
-resource serverFarm 'Microsoft.Web/serverfarms@2022-03-01' = {
- name: serverFarmName
- location: location
- sku: {
- name: 'S1'
- tier: 'Standard'
- size: 'S1'
- family: 'S'
- capacity: 1
- }
- properties: {}
-}
-
-@description('The resource ID of the created Server Farm.')
-output serverFarmResourceId string = serverFarm.id
diff --git a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppMin/main.test.bicep b/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppMin/main.test.bicep
deleted file mode 100644
index 38c74f7..0000000
--- a/bicep-examples/dependencies/modules/webApp/site/tests/e2e/webAppMin/main.test.bicep
+++ /dev/null
@@ -1,55 +0,0 @@
-targetScope = 'subscription'
-
-// ========== //
-// Parameters //
-// ========== //
-
-@description('Optional. The name of the resource group to deploy for testing purposes.')
-@maxLength(90)
-param resourceGroupName string = 'dep-${namePrefix}-web.sites-${serviceShort}-rg'
-
-@description('Optional. The location to deploy resources to.')
-param location string = deployment().location
-
-@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'wswamin'
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Optional. A token to inject into the name of each resource.')
-param namePrefix string = '[[namePrefix]]'
-
-// ============ //
-// Dependencies //
-// ============ //
-
-// General resources
-// =================
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
- name: resourceGroupName
- location: location
-}
-
-module nestedDependencies 'dependencies.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-nestedDependencies'
- params: {
- serverFarmName: 'dep-${namePrefix}-sf-${serviceShort}'
- }
-}
-
-// ============== //
-// Test Execution //
-// ============== //
-
-module testDeployment '../../../main.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
- params: {
- enableDefaultTelemetry: enableDefaultTelemetry
- name: '${namePrefix}${serviceShort}001'
- kind: 'app'
- serverFarmResourceId: nestedDependencies.outputs.serverFarmResourceId
- }
-}
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/README.md b/bicep-examples/dependencies/modules/webApp/static-site/README.md
deleted file mode 100644
index 98a80f1..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/README.md
+++ /dev/null
@@ -1,949 +0,0 @@
-# Static Web Apps `[Microsoft.Web/staticSites]`
-
-This module deploys a Static Web App.
-
-## Navigation
-
-- [Resource Types](#Resource-Types)
-- [Usage examples](#Usage-examples)
-- [Parameters](#Parameters)
-- [Outputs](#Outputs)
-- [Cross-referenced modules](#Cross-referenced-modules)
-
-## Resource Types
-
-| Resource Type | API Version |
-| :-- | :-- |
-| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
-| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
-| `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) |
-| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) |
-| `Microsoft.Web/staticSites` | [2021-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-03-01/staticSites) |
-| `Microsoft.Web/staticSites/config` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/staticSites/config) |
-| `Microsoft.Web/staticSites/customDomains` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-03-01/staticSites/customDomains) |
-| `Microsoft.Web/staticSites/linkedBackends` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-03-01/staticSites/linkedBackends) |
-
-## Usage examples
-
-The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
-
->**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
->**Note**: To reference the module, please use the following syntax `br:bicep/modules/web.static-site:1.0.0`.
-
-- [Using only defaults](#example-1-using-only-defaults)
-- [Using large parameter set](#example-2-using-large-parameter-set)
-- [WAF-aligned](#example-3-waf-aligned)
-
-### Example 1: _Using only defaults_
-
-This instance deploys the module with the minimum set of required parameters.
-
-
-via Bicep module
-
-```bicep
-module staticSite 'br:bicep/modules/web.static-site:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-wssmin'
- params: {
- // Required parameters
- name: 'wssmin001'
- // Non-required parameters
- enableDefaultTelemetry: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "name": {
- "value": "wssmin001"
- },
- // Non-required parameters
- "enableDefaultTelemetry": {
- "value": "
-
-### Example 2: _Using large parameter set_
-
-This instance deploys the module with most of its features enabled.
-
-
-via Bicep module
-
-```bicep
-module staticSite 'br:bicep/modules/web.static-site:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-wssmax'
- params: {
- // Required parameters
- name: 'wssmax001'
- // Non-required parameters
- allowConfigFileUpdates: true
- appSettings: {
- foo: 'bar'
- setting: 1
- }
- enableDefaultTelemetry: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "name": {
- "value": "wssmax001"
- },
- // Non-required parameters
- "allowConfigFileUpdates": {
- "value": true
- },
- "appSettings": {
- "value": {
- "foo": "bar",
- "setting": 1
- }
- },
- "enableDefaultTelemetry": {
- "value": "
-
-### Example 3: _WAF-aligned_
-
-This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.
-
-
-via Bicep module
-
-```bicep
-module staticSite 'br:bicep/modules/web.static-site:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-wsswaf'
- params: {
- // Required parameters
- name: 'wsswaf001'
- // Non-required parameters
- allowConfigFileUpdates: true
- appSettings: {
- foo: 'bar'
- setting: 1
- }
- enableDefaultTelemetry: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "name": {
- "value": "wsswaf001"
- },
- // Non-required parameters
- "allowConfigFileUpdates": {
- "value": true
- },
- "appSettings": {
- "value": {
- "foo": "bar",
- "setting": 1
- }
- },
- "enableDefaultTelemetry": {
- "value": "
-
-
-## Parameters
-
-**Required parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`name`](#parameter-name) | string | Name of the static site. |
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`allowConfigFileUpdates`](#parameter-allowconfigfileupdates) | bool | False if config file is locked for this static web app; otherwise, true. |
-| [`appSettings`](#parameter-appsettings) | object | Static site app settings. |
-| [`branch`](#parameter-branch) | string | The branch name of the GitHub repository. |
-| [`buildProperties`](#parameter-buildproperties) | object | Build properties for the static site. |
-| [`customDomains`](#parameter-customdomains) | array | The custom domains associated with this static site. The deployment will fail as long as the validation records are not present. |
-| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
-| [`enterpriseGradeCdnStatus`](#parameter-enterprisegradecdnstatus) | string | State indicating the status of the enterprise grade CDN serving traffic to the static web app. |
-| [`functionAppSettings`](#parameter-functionappsettings) | object | Function app settings. |
-| [`linkedBackend`](#parameter-linkedbackend) | object | Object with "resourceId" and "location" of the a user defined function app. |
-| [`location`](#parameter-location) | string | Location for all resources. |
-| [`lock`](#parameter-lock) | object | The lock settings of the service. |
-| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. |
-| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'sku' to be 'Standard'. |
-| [`provider`](#parameter-provider) | string | The provider that submitted the last deployment to the primary environment of the static site. |
-| [`repositoryToken`](#parameter-repositorytoken) | securestring | The Personal Access Token for accessing the GitHub repository. |
-| [`repositoryUrl`](#parameter-repositoryurl) | string | The name of the GitHub repository. |
-| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| [`sku`](#parameter-sku) | string | Type of static site to deploy. |
-| [`stagingEnvironmentPolicy`](#parameter-stagingenvironmentpolicy) | string | State indicating whether staging environments are allowed or not allowed for a static web app. |
-| [`tags`](#parameter-tags) | object | Tags of the resource. |
-| [`templateProperties`](#parameter-templateproperties) | object | Template Options for the static site. |
-
-### Parameter: `allowConfigFileUpdates`
-
-False if config file is locked for this static web app; otherwise, true.
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `appSettings`
-
-Static site app settings.
-- Required: No
-- Type: object
-- Default: `{}`
-
-### Parameter: `branch`
-
-The branch name of the GitHub repository.
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `buildProperties`
-
-Build properties for the static site.
-- Required: No
-- Type: object
-- Default: `{}`
-
-### Parameter: `customDomains`
-
-The custom domains associated with this static site. The deployment will fail as long as the validation records are not present.
-- Required: No
-- Type: array
-- Default: `[]`
-
-### Parameter: `enableDefaultTelemetry`
-
-Enable telemetry via a Globally Unique Identifier (GUID).
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `enterpriseGradeCdnStatus`
-
-State indicating the status of the enterprise grade CDN serving traffic to the static web app.
-- Required: No
-- Type: string
-- Default: `'Disabled'`
-- Allowed:
- ```Bicep
- [
- 'Disabled'
- 'Disabling'
- 'Enabled'
- 'Enabling'
- ]
- ```
-
-### Parameter: `functionAppSettings`
-
-Function app settings.
-- Required: No
-- Type: object
-- Default: `{}`
-
-### Parameter: `linkedBackend`
-
-Object with "resourceId" and "location" of the a user defined function app.
-- Required: No
-- Type: object
-- Default: `{}`
-
-### Parameter: `location`
-
-Location for all resources.
-- Required: No
-- Type: string
-- Default: `[resourceGroup().location]`
-
-### Parameter: `lock`
-
-The lock settings of the service.
-- Required: No
-- Type: object
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. |
-| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. |
-
-### Parameter: `lock.kind`
-
-Optional. Specify the type of lock.
-
-- Required: No
-- Type: string
-- Allowed: `[CanNotDelete, None, ReadOnly]`
-
-### Parameter: `lock.name`
-
-Optional. Specify the name of lock.
-
-- Required: No
-- Type: string
-
-### Parameter: `managedIdentities`
-
-The managed identity definition for this resource.
-- Required: No
-- Type: object
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. |
-| [`userAssignedResourcesIds`](#parameter-managedidentitiesuserassignedresourcesids) | No | array | Optional. The resource ID(s) to assign to the resource. |
-
-### Parameter: `managedIdentities.systemAssigned`
-
-Optional. Enables system assigned managed identity on the resource.
-
-- Required: No
-- Type: bool
-
-### Parameter: `managedIdentities.userAssignedResourcesIds`
-
-Optional. The resource ID(s) to assign to the resource.
-
-- Required: No
-- Type: array
-
-### Parameter: `name`
-
-Name of the static site.
-- Required: Yes
-- Type: string
-
-### Parameter: `privateEndpoints`
-
-Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'sku' to be 'Standard'.
-- Required: No
-- Type: array
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. |
-| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. |
-| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. |
-| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. |
-| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. |
-| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. |
-| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. |
-| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. |
-| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. |
-| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. |
-| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. |
-| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". |
-| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. |
-| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. |
-
-### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds`
-
-Optional. Application security groups in which the private endpoint IP configuration is included.
-
-- Required: No
-- Type: array
-
-### Parameter: `privateEndpoints.customDnsConfigs`
-
-Optional. Custom DNS configurations.
-
-- Required: No
-- Type: array
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. |
-| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. |
-
-### Parameter: `privateEndpoints.customDnsConfigs.fqdn`
-
-Required. Fqdn that resolves to private endpoint ip address.
-
-- Required: No
-- Type: string
-
-### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses`
-
-Required. A list of private ip addresses of the private endpoint.
-
-- Required: Yes
-- Type: array
-
-
-### Parameter: `privateEndpoints.customNetworkInterfaceName`
-
-Optional. The custom name of the network interface attached to the private endpoint.
-
-- Required: No
-- Type: string
-
-### Parameter: `privateEndpoints.enableTelemetry`
-
-Optional. Enable/Disable usage telemetry for module.
-
-- Required: No
-- Type: bool
-
-### Parameter: `privateEndpoints.ipConfigurations`
-
-Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints.
-
-- Required: No
-- Type: array
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. |
-| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. |
-
-### Parameter: `privateEndpoints.ipConfigurations.name`
-
-Required. The name of the resource that is unique within a resource group.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `privateEndpoints.ipConfigurations.properties`
-
-Required. Properties of private endpoint IP configurations.
-
-- Required: Yes
-- Type: object
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. |
-| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. |
-| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. |
-
-### Parameter: `privateEndpoints.ipConfigurations.properties.groupId`
-
-Required. The ID of a group obtained from the remote resource that this private endpoint should connect to.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `privateEndpoints.ipConfigurations.properties.memberName`
-
-Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress`
-
-Required. A private ip address obtained from the private endpoint's subnet.
-
-- Required: Yes
-- Type: string
-
-
-
-### Parameter: `privateEndpoints.location`
-
-Optional. The location to deploy the private endpoint to.
-
-- Required: No
-- Type: string
-
-### Parameter: `privateEndpoints.lock`
-
-Optional. Specify the type of lock.
-
-- Required: No
-- Type: object
-
-### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections`
-
-Optional. Manual PrivateLink Service Connections.
-
-- Required: No
-- Type: array
-
-### Parameter: `privateEndpoints.name`
-
-Optional. The name of the private endpoint.
-
-- Required: No
-- Type: string
-
-### Parameter: `privateEndpoints.privateDnsZoneGroupName`
-
-Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.
-
-- Required: No
-- Type: string
-
-### Parameter: `privateEndpoints.privateDnsZoneResourceIds`
-
-Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.
-
-- Required: No
-- Type: array
-
-### Parameter: `privateEndpoints.roleAssignments`
-
-Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
-
-- Required: No
-- Type: array
-
-### Parameter: `privateEndpoints.service`
-
-Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".
-
-- Required: No
-- Type: string
-
-### Parameter: `privateEndpoints.subnetResourceId`
-
-Required. Resource ID of the subnet where the endpoint needs to be created.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `privateEndpoints.tags`
-
-Optional. Tags to be applied on all resources/resource groups in this deployment.
-
-- Required: No
-- Type: object
-
-### Parameter: `provider`
-
-The provider that submitted the last deployment to the primary environment of the static site.
-- Required: No
-- Type: string
-- Default: `'None'`
-
-### Parameter: `repositoryToken`
-
-The Personal Access Token for accessing the GitHub repository.
-- Required: No
-- Type: securestring
-- Default: `''`
-
-### Parameter: `repositoryUrl`
-
-The name of the GitHub repository.
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `roleAssignments`
-
-Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
-- Required: No
-- Type: array
-
-
-| Name | Required | Type | Description |
-| :-- | :-- | :--| :-- |
-| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" |
-| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. |
-| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. |
-| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. |
-| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. |
-| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. |
-| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. |
-
-### Parameter: `roleAssignments.condition`
-
-Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.conditionVersion`
-
-Optional. Version of the condition.
-
-- Required: No
-- Type: string
-- Allowed: `[2.0]`
-
-### Parameter: `roleAssignments.delegatedManagedIdentityResourceId`
-
-Optional. The Resource Id of the delegated managed identity resource.
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.description`
-
-Optional. The description of the role assignment.
-
-- Required: No
-- Type: string
-
-### Parameter: `roleAssignments.principalId`
-
-Required. The principal ID of the principal (user/group/identity) to assign the role to.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `roleAssignments.principalType`
-
-Optional. The principal type of the assigned principal ID.
-
-- Required: No
-- Type: string
-- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]`
-
-### Parameter: `roleAssignments.roleDefinitionIdOrName`
-
-Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.
-
-- Required: Yes
-- Type: string
-
-### Parameter: `sku`
-
-Type of static site to deploy.
-- Required: No
-- Type: string
-- Default: `'Free'`
-- Allowed:
- ```Bicep
- [
- 'Free'
- 'Standard'
- ]
- ```
-
-### Parameter: `stagingEnvironmentPolicy`
-
-State indicating whether staging environments are allowed or not allowed for a static web app.
-- Required: No
-- Type: string
-- Default: `'Enabled'`
-- Allowed:
- ```Bicep
- [
- 'Disabled'
- 'Enabled'
- ]
- ```
-
-### Parameter: `tags`
-
-Tags of the resource.
-- Required: No
-- Type: object
-
-### Parameter: `templateProperties`
-
-Template Options for the static site.
-- Required: No
-- Type: object
-- Default: `{}`
-
-
-## Outputs
-
-| Output | Type | Description |
-| :-- | :-- | :-- |
-| `defaultHostname` | string | The default autogenerated hostname for the static site. |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the static site. |
-| `resourceGroupName` | string | The resource group the static site was deployed into. |
-| `resourceId` | string | The resource ID of the static site. |
-| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. |
-
-## Cross-referenced modules
-
-This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
-
-| Reference | Type |
-| :-- | :-- |
-| `modules/network/private-endpoint` | Local reference |
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/config/README.md b/bicep-examples/dependencies/modules/webApp/static-site/config/README.md
deleted file mode 100644
index e17e11d..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/config/README.md
+++ /dev/null
@@ -1,90 +0,0 @@
-# Static Web App Site Config `[Microsoft.Web/staticSites/config]`
-
-This module deploys a Static Web App Site Config.
-
-## Navigation
-
-- [Resource Types](#Resource-Types)
-- [Parameters](#Parameters)
-- [Outputs](#Outputs)
-- [Cross-referenced modules](#Cross-referenced-modules)
-
-## Resource Types
-
-| Resource Type | API Version |
-| :-- | :-- |
-| `Microsoft.Web/staticSites/config` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/staticSites/config) |
-
-## Parameters
-
-**Required parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`kind`](#parameter-kind) | string | Type of settings to apply. |
-| [`properties`](#parameter-properties) | object | App settings. |
-
-**Conditional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`staticSiteName`](#parameter-staticsitename) | string | The name of the parent Static Web App. Required if the template is used in a standalone deployment. |
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
-| [`location`](#parameter-location) | string | Location for all resources. |
-
-### Parameter: `enableDefaultTelemetry`
-
-Enable telemetry via a Globally Unique Identifier (GUID).
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `kind`
-
-Type of settings to apply.
-- Required: Yes
-- Type: string
-- Allowed:
- ```Bicep
- [
- 'appsettings'
- 'functionappsettings'
- ]
- ```
-
-### Parameter: `location`
-
-Location for all resources.
-- Required: No
-- Type: string
-- Default: `[resourceGroup().location]`
-
-### Parameter: `properties`
-
-App settings.
-- Required: Yes
-- Type: object
-
-### Parameter: `staticSiteName`
-
-The name of the parent Static Web App. Required if the template is used in a standalone deployment.
-- Required: Yes
-- Type: string
-
-
-## Outputs
-
-| Output | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the config. |
-| `resourceGroupName` | string | The name of the resource group the config was created in. |
-| `resourceId` | string | The resource ID of the config. |
-
-## Cross-referenced modules
-
-_None_
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/config/main.bicep b/bicep-examples/dependencies/modules/webApp/static-site/config/main.bicep
deleted file mode 100644
index 1db5657..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/config/main.bicep
+++ /dev/null
@@ -1,54 +0,0 @@
-metadata name = 'Static Web App Site Config'
-metadata description = 'This module deploys a Static Web App Site Config.'
-metadata owner = 'Azure/module-maintainers'
-
-@allowed([
- 'appsettings'
- 'functionappsettings'
-])
-@description('Required. Type of settings to apply.')
-param kind string
-
-@description('Required. App settings.')
-param properties object
-
-@description('Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment.')
-param staticSiteName string
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Optional. Location for all resources.')
-param location string = resourceGroup().location
-
-resource staticSite 'Microsoft.Web/staticSites@2022-03-01' existing = {
- name: staticSiteName
-}
-
-resource config 'Microsoft.Web/staticSites/config@2022-03-01' = {
- #disable-next-line BCP225 // Disables incorrect error that `name` cannot be determined at compile time.
- name: kind
- parent: staticSite
- properties: properties
-}
-
-resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
- name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
- properties: {
- mode: 'Incremental'
- template: {
- '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
- contentVersion: '1.0.0.0'
- resources: []
- }
- }
-}
-
-@description('The name of the config.')
-output name string = config.name
-
-@description('The resource ID of the config.')
-output resourceId string = config.id
-
-@description('The name of the resource group the config was created in.')
-output resourceGroupName string = resourceGroup().name
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/config/main.json b/bicep-examples/dependencies/modules/webApp/static-site/config/main.json
deleted file mode 100644
index e063d1a..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/config/main.json
+++ /dev/null
@@ -1,97 +0,0 @@
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.22.6.54827",
- "templateHash": "8340850851413090940"
- },
- "name": "Static Web App Site Config",
- "description": "This module deploys a Static Web App Site Config.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "kind": {
- "type": "string",
- "allowedValues": [
- "appsettings",
- "functionappsettings"
- ],
- "metadata": {
- "description": "Required. Type of settings to apply."
- }
- },
- "properties": {
- "type": "object",
- "metadata": {
- "description": "Required. App settings."
- }
- },
- "staticSiteName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. Location for all resources."
- }
- }
- },
- "resources": [
- {
- "type": "Microsoft.Web/staticSites/config",
- "apiVersion": "2022-03-01",
- "name": "[format('{0}/{1}', parameters('staticSiteName'), parameters('kind'))]",
- "properties": "[parameters('properties')]"
- },
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the config."
- },
- "value": "[parameters('kind')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the config."
- },
- "value": "[resourceId('Microsoft.Web/staticSites/config', parameters('staticSiteName'), parameters('kind'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the resource group the config was created in."
- },
- "value": "[resourceGroup().name]"
- }
- }
-}
\ No newline at end of file
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/config/version.json b/bicep-examples/dependencies/modules/webApp/static-site/config/version.json
deleted file mode 100644
index 9ed3662..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/config/version.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
- "version": "0.6",
- "pathFilters": [
- "./main.json"
- ]
-}
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/README.md b/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/README.md
deleted file mode 100644
index f5b55f3..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/README.md
+++ /dev/null
@@ -1,84 +0,0 @@
-# Static Web App Site Custom Domains `[Microsoft.Web/staticSites/customDomains]`
-
-This module deploys a Static Web App Site Custom Domain.
-
-## Navigation
-
-- [Resource Types](#Resource-Types)
-- [Parameters](#Parameters)
-- [Outputs](#Outputs)
-- [Cross-referenced modules](#Cross-referenced-modules)
-
-## Resource Types
-
-| Resource Type | API Version |
-| :-- | :-- |
-| `Microsoft.Web/staticSites/customDomains` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-03-01/staticSites/customDomains) |
-
-## Parameters
-
-**Required parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`name`](#parameter-name) | string | The custom domain name. |
-
-**Conditional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`staticSiteName`](#parameter-staticsitename) | string | The name of the parent Static Web App. Required if the template is used in a standalone deployment. |
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
-| [`location`](#parameter-location) | string | Location for all resources. |
-| [`validationMethod`](#parameter-validationmethod) | string | Validation method for adding a custom domain. |
-
-### Parameter: `enableDefaultTelemetry`
-
-Enable telemetry via a Globally Unique Identifier (GUID).
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `location`
-
-Location for all resources.
-- Required: No
-- Type: string
-- Default: `[resourceGroup().location]`
-
-### Parameter: `name`
-
-The custom domain name.
-- Required: Yes
-- Type: string
-
-### Parameter: `staticSiteName`
-
-The name of the parent Static Web App. Required if the template is used in a standalone deployment.
-- Required: Yes
-- Type: string
-
-### Parameter: `validationMethod`
-
-Validation method for adding a custom domain.
-- Required: No
-- Type: string
-- Default: `'cname-delegation'`
-
-
-## Outputs
-
-| Output | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the static site custom domain. |
-| `resourceGroupName` | string | The resource group the static site custom domain was deployed into. |
-| `resourceId` | string | The resource ID of the static site custom domain. |
-
-## Cross-referenced modules
-
-_None_
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/main.bicep b/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/main.bicep
deleted file mode 100644
index b392892..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/main.bicep
+++ /dev/null
@@ -1,51 +0,0 @@
-metadata name = 'Static Web App Site Custom Domains'
-metadata description = 'This module deploys a Static Web App Site Custom Domain.'
-metadata owner = 'Azure/module-maintainers'
-
-@description('Required. The custom domain name.')
-param name string
-
-@description('Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment.')
-param staticSiteName string
-
-@description('Optional. Validation method for adding a custom domain.')
-param validationMethod string = 'cname-delegation'
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Optional. Location for all resources.')
-param location string = resourceGroup().location
-
-resource staticSite 'Microsoft.Web/staticSites@2022-03-01' existing = {
- name: staticSiteName
-}
-
-resource customDomain 'Microsoft.Web/staticSites/customDomains@2022-03-01' = {
- name: name
- parent: staticSite
- properties: {
- validationMethod: validationMethod
- }
-}
-
-resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
- name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
- properties: {
- mode: 'Incremental'
- template: {
- '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
- contentVersion: '1.0.0.0'
- resources: []
- }
- }
-}
-
-@description('The name of the static site custom domain.')
-output name string = customDomain.name
-
-@description('The resource ID of the static site custom domain.')
-output resourceId string = customDomain.id
-
-@description('The resource group the static site custom domain was deployed into.')
-output resourceGroupName string = resourceGroup().name
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/main.json b/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/main.json
deleted file mode 100644
index 6613ffb..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/main.json
+++ /dev/null
@@ -1,96 +0,0 @@
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.22.6.54827",
- "templateHash": "13208835708722733896"
- },
- "name": "Static Web App Site Custom Domains",
- "description": "This module deploys a Static Web App Site Custom Domain.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The custom domain name."
- }
- },
- "staticSiteName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment."
- }
- },
- "validationMethod": {
- "type": "string",
- "defaultValue": "cname-delegation",
- "metadata": {
- "description": "Optional. Validation method for adding a custom domain."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. Location for all resources."
- }
- }
- },
- "resources": [
- {
- "type": "Microsoft.Web/staticSites/customDomains",
- "apiVersion": "2022-03-01",
- "name": "[format('{0}/{1}', parameters('staticSiteName'), parameters('name'))]",
- "properties": {
- "validationMethod": "[parameters('validationMethod')]"
- }
- },
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the static site custom domain."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the static site custom domain."
- },
- "value": "[resourceId('Microsoft.Web/staticSites/customDomains', parameters('staticSiteName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The resource group the static site custom domain was deployed into."
- },
- "value": "[resourceGroup().name]"
- }
- }
-}
\ No newline at end of file
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/version.json b/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/version.json
deleted file mode 100644
index 9ed3662..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/custom-domain/version.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
- "version": "0.6",
- "pathFilters": [
- "./main.json"
- ]
-}
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/README.md b/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/README.md
deleted file mode 100644
index c77db73..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/README.md
+++ /dev/null
@@ -1,92 +0,0 @@
-# Static Web App Site Linked Backends `[Microsoft.Web/staticSites/linkedBackends]`
-
-This module deploys a Custom Function App into a Static Web App Site using the Linked Backends property.
-
-## Navigation
-
-- [Resource Types](#Resource-Types)
-- [Parameters](#Parameters)
-- [Outputs](#Outputs)
-- [Cross-referenced modules](#Cross-referenced-modules)
-
-## Resource Types
-
-| Resource Type | API Version |
-| :-- | :-- |
-| `Microsoft.Web/staticSites/linkedBackends` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-03-01/staticSites/linkedBackends) |
-
-## Parameters
-
-**Required parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`backendResourceId`](#parameter-backendresourceid) | string | The resource ID of the backend linked to the static site. |
-
-**Conditional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`staticSiteName`](#parameter-staticsitename) | string | The name of the parent Static Web App. Required if the template is used in a standalone deployment. |
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
-| [`location`](#parameter-location) | string | Location for all resources. |
-| [`name`](#parameter-name) | string | Name of the backend to link to the static site. |
-| [`region`](#parameter-region) | string | The region of the backend linked to the static site. |
-
-### Parameter: `backendResourceId`
-
-The resource ID of the backend linked to the static site.
-- Required: Yes
-- Type: string
-
-### Parameter: `enableDefaultTelemetry`
-
-Enable telemetry via a Globally Unique Identifier (GUID).
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `location`
-
-Location for all resources.
-- Required: No
-- Type: string
-- Default: `[resourceGroup().location]`
-
-### Parameter: `name`
-
-Name of the backend to link to the static site.
-- Required: No
-- Type: string
-- Default: `[uniqueString(parameters('backendResourceId'))]`
-
-### Parameter: `region`
-
-The region of the backend linked to the static site.
-- Required: No
-- Type: string
-- Default: `[resourceGroup().location]`
-
-### Parameter: `staticSiteName`
-
-The name of the parent Static Web App. Required if the template is used in a standalone deployment.
-- Required: Yes
-- Type: string
-
-
-## Outputs
-
-| Output | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the static site linked backend. |
-| `resourceGroupName` | string | The resource group the static site linked backend was deployed into. |
-| `resourceId` | string | The resource ID of the static site linked backend. |
-
-## Cross-referenced modules
-
-_None_
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/main.bicep b/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/main.bicep
deleted file mode 100644
index ac5132d..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/main.bicep
+++ /dev/null
@@ -1,55 +0,0 @@
-metadata name = 'Static Web App Site Linked Backends'
-metadata description = 'This module deploys a Custom Function App into a Static Web App Site using the Linked Backends property.'
-metadata owner = 'Azure/module-maintainers'
-
-@description('Required. The resource ID of the backend linked to the static site.')
-param backendResourceId string
-
-@description('Optional. The region of the backend linked to the static site.')
-param region string = resourceGroup().location
-
-@description('Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment.')
-param staticSiteName string
-
-@description('Optional. Name of the backend to link to the static site.')
-param name string = uniqueString(backendResourceId)
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Optional. Location for all resources.')
-param location string = resourceGroup().location
-
-resource staticSite 'Microsoft.Web/staticSites@2022-03-01' existing = {
- name: staticSiteName
-}
-
-resource linkedBackend 'Microsoft.Web/staticSites/linkedBackends@2022-03-01' = {
- name: name
- parent: staticSite
- properties: {
- backendResourceId: backendResourceId
- region: region
- }
-}
-
-resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
- name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
- properties: {
- mode: 'Incremental'
- template: {
- '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
- contentVersion: '1.0.0.0'
- resources: []
- }
- }
-}
-
-@description('The name of the static site linked backend.')
-output name string = linkedBackend.name
-
-@description('The resource ID of the static site linked backend.')
-output resourceId string = linkedBackend.id
-
-@description('The resource group the static site linked backend was deployed into.')
-output resourceGroupName string = resourceGroup().name
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/main.json b/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/main.json
deleted file mode 100644
index 78a0569..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/main.json
+++ /dev/null
@@ -1,104 +0,0 @@
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.22.6.54827",
- "templateHash": "13553590806488370796"
- },
- "name": "Static Web App Site Linked Backends",
- "description": "This module deploys a Custom Function App into a Static Web App Site using the Linked Backends property.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "backendResourceId": {
- "type": "string",
- "metadata": {
- "description": "Required. The resource ID of the backend linked to the static site."
- }
- },
- "region": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. The region of the backend linked to the static site."
- }
- },
- "staticSiteName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment."
- }
- },
- "name": {
- "type": "string",
- "defaultValue": "[uniqueString(parameters('backendResourceId'))]",
- "metadata": {
- "description": "Optional. Name of the backend to link to the static site."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. Location for all resources."
- }
- }
- },
- "resources": [
- {
- "type": "Microsoft.Web/staticSites/linkedBackends",
- "apiVersion": "2022-03-01",
- "name": "[format('{0}/{1}', parameters('staticSiteName'), parameters('name'))]",
- "properties": {
- "backendResourceId": "[parameters('backendResourceId')]",
- "region": "[parameters('region')]"
- }
- },
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the static site linked backend."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the static site linked backend."
- },
- "value": "[resourceId('Microsoft.Web/staticSites/linkedBackends', parameters('staticSiteName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The resource group the static site linked backend was deployed into."
- },
- "value": "[resourceGroup().name]"
- }
- }
-}
\ No newline at end of file
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/version.json b/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/version.json
deleted file mode 100644
index 9ed3662..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/linked-backend/version.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
- "version": "0.6",
- "pathFilters": [
- "./main.json"
- ]
-}
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/main.bicep b/bicep-examples/dependencies/modules/webApp/static-site/main.bicep
deleted file mode 100644
index 990e85f..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/main.bicep
+++ /dev/null
@@ -1,355 +0,0 @@
-metadata name = 'Static Web Apps'
-metadata description = 'This module deploys a Static Web App.'
-metadata owner = 'Azure/module-maintainers'
-
-@description('Required. Name of the static site.')
-@minLength(1)
-@maxLength(40)
-param name string
-
-@allowed([
- 'Free'
- 'Standard'
-])
-@description('Optional. Type of static site to deploy.')
-param sku string = 'Free'
-
-@description('Optional. False if config file is locked for this static web app; otherwise, true.')
-param allowConfigFileUpdates bool = true
-
-@description('Optional. Location for all resources.')
-param location string = resourceGroup().location
-
-@allowed([
- 'Enabled'
- 'Disabled'
-])
-@description('Optional. State indicating whether staging environments are allowed or not allowed for a static web app.')
-param stagingEnvironmentPolicy string = 'Enabled'
-
-@allowed([
- 'Disabled'
- 'Disabling'
- 'Enabled'
- 'Enabling'
-])
-@description('Optional. State indicating the status of the enterprise grade CDN serving traffic to the static web app.')
-param enterpriseGradeCdnStatus string = 'Disabled'
-
-@description('Optional. Build properties for the static site.')
-param buildProperties object = {}
-
-@description('Optional. Template Options for the static site.')
-param templateProperties object = {}
-
-@description('Optional. The provider that submitted the last deployment to the primary environment of the static site.')
-param provider string = 'None'
-
-@secure()
-@description('Optional. The Personal Access Token for accessing the GitHub repository.')
-param repositoryToken string = ''
-
-@description('Optional. The name of the GitHub repository.')
-param repositoryUrl string = ''
-
-@description('Optional. The branch name of the GitHub repository.')
-param branch string = ''
-
-@description('Optional. The managed identity definition for this resource.')
-param managedIdentities managedIdentitiesType
-
-@description('Optional. The lock settings of the service.')
-param lock lockType
-
-@description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the \'sku\' to be \'Standard\'.')
-param privateEndpoints privateEndpointType
-
-@description('Optional. Tags of the resource.')
-param tags object?
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.')
-param roleAssignments roleAssignmentType
-
-@description('Optional. Object with "resourceId" and "location" of the a user defined function app.')
-param linkedBackend object = {}
-
-@description('Optional. Static site app settings.')
-param appSettings object = {}
-
-@description('Optional. Function app settings.')
-param functionAppSettings object = {}
-
-@description('Optional. The custom domains associated with this static site. The deployment will fail as long as the validation records are not present.')
-param customDomains array = []
-
-var enableReferencedModulesTelemetry = false
-
-var formattedUserAssignedIdentities = reduce(map((managedIdentities.?userAssignedResourcesIds ?? []), (id) => { '${id}': {} }), {}, (cur, next) => union(cur, next)) // Converts the flat array to an object like { '${id1}': {}, '${id2}': {} }
-
-var identity = !empty(managedIdentities) ? {
- type: (managedIdentities.?systemAssigned ?? false) ? (!empty(managedIdentities.?userAssignedResourcesIds ?? {}) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned') : (!empty(managedIdentities.?userAssignedResourcesIds ?? {}) ? 'UserAssigned' : null)
- userAssignedIdentities: !empty(formattedUserAssignedIdentities) ? formattedUserAssignedIdentities : null
-} : null
-
-var builtInRoleNames = {
- Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
- Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
- Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
- 'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')
- 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')
- 'Web Plan Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b')
- 'Website Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772')
-}
-
-resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
- name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}'
- properties: {
- mode: 'Incremental'
- template: {
- '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
- contentVersion: '1.0.0.0'
- resources: []
- }
- }
-}
-
-resource staticSite 'Microsoft.Web/staticSites@2021-03-01' = {
- name: name
- location: location
- tags: tags
- identity: identity
- sku: {
- name: sku
- tier: sku
- }
- properties: {
- allowConfigFileUpdates: allowConfigFileUpdates
- stagingEnvironmentPolicy: stagingEnvironmentPolicy
- enterpriseGradeCdnStatus: enterpriseGradeCdnStatus
- provider: !empty(provider) ? provider : 'None'
- branch: !empty(branch) ? branch : null
- buildProperties: !empty(buildProperties) ? buildProperties : null
- repositoryToken: !empty(repositoryToken) ? repositoryToken : null
- repositoryUrl: !empty(repositoryUrl) ? repositoryUrl : null
- templateProperties: !empty(templateProperties) ? templateProperties : null
- }
-}
-
-module staticSite_linkedBackend 'linked-backend/main.bicep' = if (!empty(linkedBackend)) {
- name: '${uniqueString(deployment().name, location)}-StaticSite-UserDefinedFunction'
- params: {
- staticSiteName: staticSite.name
- backendResourceId: linkedBackend.resourceId
- region: contains(linkedBackend, 'location') ? linkedBackend.location : location
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
-}
-
-module staticSite_appSettings 'config/main.bicep' = if (!empty(appSettings)) {
- name: '${uniqueString(deployment().name, location)}-StaticSite-appSettings'
- params: {
- kind: 'appsettings'
- staticSiteName: staticSite.name
- properties: appSettings
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
-}
-
-module staticSite_functionAppSettings 'config/main.bicep' = if (!empty(functionAppSettings)) {
- name: '${uniqueString(deployment().name, location)}-StaticSite-functionAppSettings'
- params: {
- kind: 'functionappsettings'
- staticSiteName: staticSite.name
- properties: functionAppSettings
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
-}
-
-module staticSite_customDomains 'custom-domain/main.bicep' = [for (customDomain, index) in customDomains: {
- name: '${uniqueString(deployment().name, location)}-StaticSite-customDomains-${index}'
- params: {
- name: customDomain
- staticSiteName: staticSite.name
- validationMethod: indexOf(customDomain, '.') == lastIndexOf(customDomain, '.') ? 'dns-txt-token' : 'cname-delegation'
- enableDefaultTelemetry: enableReferencedModulesTelemetry
- }
-}]
-
-resource staticSite_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') {
- name: lock.?name ?? 'lock-${name}'
- properties: {
- level: lock.?kind ?? ''
- notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.'
- }
- scope: staticSite
-}
-
-resource staticSite_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (roleAssignment, index) in (roleAssignments ?? []): {
- name: guid(staticSite.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName)
- properties: {
- roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] : roleAssignment.roleDefinitionIdOrName
- principalId: roleAssignment.principalId
- description: roleAssignment.?description
- principalType: roleAssignment.?principalType
- condition: roleAssignment.?condition
- conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set
- delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId
- }
- scope: staticSite
-}]
-
-module staticSite_privateEndpoints '../../network/private-endpoint/main.bicep' = [for (privateEndpoint, index) in (privateEndpoints ?? []): {
- name: '${uniqueString(deployment().name, location)}-staticSite-PrivateEndpoint-${index}'
- params: {
- groupIds: [
- privateEndpoint.?service ?? 'staticSites'
- ]
- name: privateEndpoint.?name ?? 'pep-${last(split(staticSite.id, '/'))}-${privateEndpoint.?service ?? 'staticSites'}-${index}'
- serviceResourceId: staticSite.id
- subnetResourceId: privateEndpoint.subnetResourceId
- enableDefaultTelemetry: privateEndpoint.?enableDefaultTelemetry ?? enableReferencedModulesTelemetry
- location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location
- lock: privateEndpoint.?lock ?? lock
- privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName
- privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds
- roleAssignments: privateEndpoint.?roleAssignments
- tags: privateEndpoint.?tags ?? tags
- manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections
- customDnsConfigs: privateEndpoint.?customDnsConfigs
- ipConfigurations: privateEndpoint.?ipConfigurations
- applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds
- customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName
- }
-}]
-
-@description('The name of the static site.')
-output name string = staticSite.name
-
-@description('The resource ID of the static site.')
-output resourceId string = staticSite.id
-
-@description('The resource group the static site was deployed into.')
-output resourceGroupName string = resourceGroup().name
-
-@description('The principal ID of the system assigned identity.')
-output systemAssignedMIPrincipalId string = (managedIdentities.?systemAssigned ?? false) && contains(staticSite.identity, 'principalId') ? staticSite.identity.principalId : ''
-
-@description('The location the resource was deployed into.')
-output location string = staticSite.location
-
-@description('The default autogenerated hostname for the static site.')
-output defaultHostname string = staticSite.properties.defaultHostname
-
-// =============== //
-// Definitions //
-// =============== //
-
-type managedIdentitiesType = {
- @description('Optional. Enables system assigned managed identity on the resource.')
- systemAssigned: bool?
-
- @description('Optional. The resource ID(s) to assign to the resource.')
- userAssignedResourcesIds: string[]?
-}?
-
-type lockType = {
- @description('Optional. Specify the name of lock.')
- name: string?
-
- @description('Optional. Specify the type of lock.')
- kind: ('CanNotDelete' | 'ReadOnly' | 'None')?
-}?
-
-type roleAssignmentType = {
- @description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.')
- roleDefinitionIdOrName: string
-
- @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.')
- principalId: string
-
- @description('Optional. The principal type of the assigned principal ID.')
- principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device' | null)?
-
- @description('Optional. The description of the role assignment.')
- description: string?
-
- @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"')
- condition: string?
-
- @description('Optional. Version of the condition.')
- conditionVersion: '2.0'?
-
- @description('Optional. The Resource Id of the delegated managed identity resource.')
- delegatedManagedIdentityResourceId: string?
-}[]?
-
-type privateEndpointType = {
- @description('Optional. The name of the private endpoint.')
- name: string?
-
- @description('Optional. The location to deploy the private endpoint to.')
- location: string?
-
- @description('Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".')
- service: string?
-
- @description('Required. Resource ID of the subnet where the endpoint needs to be created.')
- subnetResourceId: string
-
- @description('Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided.')
- privateDnsZoneGroupName: string?
-
- @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.')
- privateDnsZoneResourceIds: string[]?
-
- @description('Optional. Custom DNS configurations.')
- customDnsConfigs: {
- @description('Required. Fqdn that resolves to private endpoint ip address.')
- fqdn: string?
-
- @description('Required. A list of private ip addresses of the private endpoint.')
- ipAddresses: string[]
- }[]?
-
- @description('Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints.')
- ipConfigurations: {
- @description('Required. The name of the resource that is unique within a resource group.')
- name: string
-
- @description('Required. Properties of private endpoint IP configurations.')
- properties: {
- @description('Required. The ID of a group obtained from the remote resource that this private endpoint should connect to.')
- groupId: string
-
- @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.')
- memberName: string
-
- @description('Required. A private ip address obtained from the private endpoint\'s subnet.')
- privateIPAddress: string
- }
- }[]?
-
- @description('Optional. Application security groups in which the private endpoint IP configuration is included.')
- applicationSecurityGroupResourceIds: string[]?
-
- @description('Optional. The custom name of the network interface attached to the private endpoint.')
- customNetworkInterfaceName: string?
-
- @description('Optional. Specify the type of lock.')
- lock: lockType
-
- @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.')
- roleAssignments: roleAssignmentType
-
- @description('Optional. Tags to be applied on all resources/resource groups in this deployment.')
- tags: object?
-
- @description('Optional. Manual PrivateLink Service Connections.')
- manualPrivateLinkServiceConnections: array?
-
- @description('Optional. Enable/Disable usage telemetry for module.')
- enableTelemetry: bool?
-}[]?
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/main.json b/bicep-examples/dependencies/modules/webApp/static-site/main.json
deleted file mode 100644
index e42e784..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/main.json
+++ /dev/null
@@ -1,1731 +0,0 @@
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.0",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.22.6.54827",
- "templateHash": "2662580552466474915"
- },
- "name": "Static Web Apps",
- "description": "This module deploys a Static Web App.",
- "owner": "Azure/module-maintainers"
- },
- "definitions": {
- "managedIdentitiesType": {
- "type": "object",
- "properties": {
- "systemAssigned": {
- "type": "bool",
- "nullable": true,
- "metadata": {
- "description": "Optional. Enables system assigned managed identity on the resource."
- }
- },
- "userAssignedResourcesIds": {
- "type": "array",
- "items": {
- "type": "string"
- },
- "nullable": true,
- "metadata": {
- "description": "Optional. The resource ID(s) to assign to the resource."
- }
- }
- },
- "nullable": true
- },
- "lockType": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Specify the name of lock."
- }
- },
- "kind": {
- "type": "string",
- "allowedValues": [
- "CanNotDelete",
- "None",
- "ReadOnly"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. Specify the type of lock."
- }
- }
- },
- "nullable": true
- },
- "roleAssignmentType": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "roleDefinitionIdOrName": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead."
- }
- },
- "principalId": {
- "type": "string",
- "metadata": {
- "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to."
- }
- },
- "principalType": {
- "type": "string",
- "allowedValues": [
- "Device",
- "ForeignGroup",
- "Group",
- "ServicePrincipal",
- "User"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. The principal type of the assigned principal ID."
- }
- },
- "description": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The description of the role assignment."
- }
- },
- "condition": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
- }
- },
- "conditionVersion": {
- "type": "string",
- "allowedValues": [
- "2.0"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. Version of the condition."
- }
- },
- "delegatedManagedIdentityResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The Resource Id of the delegated managed identity resource."
- }
- }
- }
- },
- "nullable": true
- },
- "privateEndpointType": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The name of the private endpoint."
- }
- },
- "location": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The location to deploy the private endpoint to."
- }
- },
- "service": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"."
- }
- },
- "subnetResourceId": {
- "type": "string",
- "metadata": {
- "description": "Required. Resource ID of the subnet where the endpoint needs to be created."
- }
- },
- "privateDnsZoneGroupName": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided."
- }
- },
- "privateDnsZoneResourceIds": {
- "type": "array",
- "items": {
- "type": "string"
- },
- "nullable": true,
- "metadata": {
- "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones."
- }
- },
- "customDnsConfigs": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "fqdn": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Required. Fqdn that resolves to private endpoint ip address."
- }
- },
- "ipAddresses": {
- "type": "array",
- "items": {
- "type": "string"
- },
- "metadata": {
- "description": "Required. A list of private ip addresses of the private endpoint."
- }
- }
- }
- },
- "nullable": true,
- "metadata": {
- "description": "Optional. Custom DNS configurations."
- }
- },
- "ipConfigurations": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the resource that is unique within a resource group."
- }
- },
- "properties": {
- "type": "object",
- "properties": {
- "groupId": {
- "type": "string",
- "metadata": {
- "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to."
- }
- },
- "memberName": {
- "type": "string",
- "metadata": {
- "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to."
- }
- },
- "privateIPAddress": {
- "type": "string",
- "metadata": {
- "description": "Required. A private ip address obtained from the private endpoint's subnet."
- }
- }
- },
- "metadata": {
- "description": "Required. Properties of private endpoint IP configurations."
- }
- }
- }
- },
- "nullable": true,
- "metadata": {
- "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints."
- }
- },
- "applicationSecurityGroupResourceIds": {
- "type": "array",
- "items": {
- "type": "string"
- },
- "nullable": true,
- "metadata": {
- "description": "Optional. Application security groups in which the private endpoint IP configuration is included."
- }
- },
- "customNetworkInterfaceName": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The custom name of the network interface attached to the private endpoint."
- }
- },
- "lock": {
- "$ref": "#/definitions/lockType",
- "metadata": {
- "description": "Optional. Specify the type of lock."
- }
- },
- "roleAssignments": {
- "$ref": "#/definitions/roleAssignmentType",
- "metadata": {
- "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
- }
- },
- "tags": {
- "type": "object",
- "nullable": true,
- "metadata": {
- "description": "Optional. Tags to be applied on all resources/resource groups in this deployment."
- }
- },
- "manualPrivateLinkServiceConnections": {
- "type": "array",
- "nullable": true,
- "metadata": {
- "description": "Optional. Manual PrivateLink Service Connections."
- }
- },
- "enableTelemetry": {
- "type": "bool",
- "nullable": true,
- "metadata": {
- "description": "Optional. Enable/Disable usage telemetry for module."
- }
- }
- }
- },
- "nullable": true
- }
- },
- "parameters": {
- "name": {
- "type": "string",
- "minLength": 1,
- "maxLength": 40,
- "metadata": {
- "description": "Required. Name of the static site."
- }
- },
- "sku": {
- "type": "string",
- "defaultValue": "Free",
- "allowedValues": [
- "Free",
- "Standard"
- ],
- "metadata": {
- "description": "Optional. Type of static site to deploy."
- }
- },
- "allowConfigFileUpdates": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. False if config file is locked for this static web app; otherwise, true."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. Location for all resources."
- }
- },
- "stagingEnvironmentPolicy": {
- "type": "string",
- "defaultValue": "Enabled",
- "allowedValues": [
- "Enabled",
- "Disabled"
- ],
- "metadata": {
- "description": "Optional. State indicating whether staging environments are allowed or not allowed for a static web app."
- }
- },
- "enterpriseGradeCdnStatus": {
- "type": "string",
- "defaultValue": "Disabled",
- "allowedValues": [
- "Disabled",
- "Disabling",
- "Enabled",
- "Enabling"
- ],
- "metadata": {
- "description": "Optional. State indicating the status of the enterprise grade CDN serving traffic to the static web app."
- }
- },
- "buildProperties": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Build properties for the static site."
- }
- },
- "templateProperties": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Template Options for the static site."
- }
- },
- "provider": {
- "type": "string",
- "defaultValue": "None",
- "metadata": {
- "description": "Optional. The provider that submitted the last deployment to the primary environment of the static site."
- }
- },
- "repositoryToken": {
- "type": "securestring",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. The Personal Access Token for accessing the GitHub repository."
- }
- },
- "repositoryUrl": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. The name of the GitHub repository."
- }
- },
- "branch": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "description": "Optional. The branch name of the GitHub repository."
- }
- },
- "managedIdentities": {
- "$ref": "#/definitions/managedIdentitiesType",
- "metadata": {
- "description": "Optional. The managed identity definition for this resource."
- }
- },
- "lock": {
- "$ref": "#/definitions/lockType",
- "metadata": {
- "description": "Optional. The lock settings of the service."
- }
- },
- "privateEndpoints": {
- "$ref": "#/definitions/privateEndpointType",
- "metadata": {
- "description": "Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'sku' to be 'Standard'."
- }
- },
- "tags": {
- "type": "object",
- "nullable": true,
- "metadata": {
- "description": "Optional. Tags of the resource."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "roleAssignments": {
- "$ref": "#/definitions/roleAssignmentType",
- "metadata": {
- "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
- }
- },
- "linkedBackend": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Object with \"resourceId\" and \"location\" of the a user defined function app."
- }
- },
- "appSettings": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Static site app settings."
- }
- },
- "functionAppSettings": {
- "type": "object",
- "defaultValue": {},
- "metadata": {
- "description": "Optional. Function app settings."
- }
- },
- "customDomains": {
- "type": "array",
- "defaultValue": [],
- "metadata": {
- "description": "Optional. The custom domains associated with this static site. The deployment will fail as long as the validation records are not present."
- }
- }
- },
- "variables": {
- "enableReferencedModulesTelemetry": false,
- "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]",
- "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]",
- "builtInRoleNames": {
- "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
- "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
- "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
- "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]",
- "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]",
- "Web Plan Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b')]",
- "Website Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772')]"
- }
- },
- "resources": {
- "defaultTelemetry": {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- "staticSite": {
- "type": "Microsoft.Web/staticSites",
- "apiVersion": "2021-03-01",
- "name": "[parameters('name')]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "identity": "[variables('identity')]",
- "sku": {
- "name": "[parameters('sku')]",
- "tier": "[parameters('sku')]"
- },
- "properties": {
- "allowConfigFileUpdates": "[parameters('allowConfigFileUpdates')]",
- "stagingEnvironmentPolicy": "[parameters('stagingEnvironmentPolicy')]",
- "enterpriseGradeCdnStatus": "[parameters('enterpriseGradeCdnStatus')]",
- "provider": "[if(not(empty(parameters('provider'))), parameters('provider'), 'None')]",
- "branch": "[if(not(empty(parameters('branch'))), parameters('branch'), null())]",
- "buildProperties": "[if(not(empty(parameters('buildProperties'))), parameters('buildProperties'), null())]",
- "repositoryToken": "[if(not(empty(parameters('repositoryToken'))), parameters('repositoryToken'), null())]",
- "repositoryUrl": "[if(not(empty(parameters('repositoryUrl'))), parameters('repositoryUrl'), null())]",
- "templateProperties": "[if(not(empty(parameters('templateProperties'))), parameters('templateProperties'), null())]"
- }
- },
- "staticSite_lock": {
- "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
- "type": "Microsoft.Authorization/locks",
- "apiVersion": "2020-05-01",
- "scope": "[format('Microsoft.Web/staticSites/{0}', parameters('name'))]",
- "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]",
- "properties": {
- "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]",
- "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]"
- },
- "dependsOn": [
- "staticSite"
- ]
- },
- "staticSite_roleAssignments": {
- "copy": {
- "name": "staticSite_roleAssignments",
- "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]"
- },
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2022-04-01",
- "scope": "[format('Microsoft.Web/staticSites/{0}', parameters('name'))]",
- "name": "[guid(resourceId('Microsoft.Web/staticSites', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
- "properties": {
- "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
- "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]",
- "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]",
- "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]",
- "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]",
- "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]",
- "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]"
- },
- "dependsOn": [
- "staticSite"
- ]
- },
- "staticSite_linkedBackend": {
- "condition": "[not(empty(parameters('linkedBackend')))]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-StaticSite-UserDefinedFunction', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "staticSiteName": {
- "value": "[parameters('name')]"
- },
- "backendResourceId": {
- "value": "[parameters('linkedBackend').resourceId]"
- },
- "region": "[if(contains(parameters('linkedBackend'), 'location'), createObject('value', parameters('linkedBackend').location), createObject('value', parameters('location')))]",
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.22.6.54827",
- "templateHash": "13553590806488370796"
- },
- "name": "Static Web App Site Linked Backends",
- "description": "This module deploys a Custom Function App into a Static Web App Site using the Linked Backends property.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "backendResourceId": {
- "type": "string",
- "metadata": {
- "description": "Required. The resource ID of the backend linked to the static site."
- }
- },
- "region": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. The region of the backend linked to the static site."
- }
- },
- "staticSiteName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment."
- }
- },
- "name": {
- "type": "string",
- "defaultValue": "[uniqueString(parameters('backendResourceId'))]",
- "metadata": {
- "description": "Optional. Name of the backend to link to the static site."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. Location for all resources."
- }
- }
- },
- "resources": [
- {
- "type": "Microsoft.Web/staticSites/linkedBackends",
- "apiVersion": "2022-03-01",
- "name": "[format('{0}/{1}', parameters('staticSiteName'), parameters('name'))]",
- "properties": {
- "backendResourceId": "[parameters('backendResourceId')]",
- "region": "[parameters('region')]"
- }
- },
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the static site linked backend."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the static site linked backend."
- },
- "value": "[resourceId('Microsoft.Web/staticSites/linkedBackends', parameters('staticSiteName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The resource group the static site linked backend was deployed into."
- },
- "value": "[resourceGroup().name]"
- }
- }
- }
- },
- "dependsOn": [
- "staticSite"
- ]
- },
- "staticSite_appSettings": {
- "condition": "[not(empty(parameters('appSettings')))]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-StaticSite-appSettings', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "kind": {
- "value": "appsettings"
- },
- "staticSiteName": {
- "value": "[parameters('name')]"
- },
- "properties": {
- "value": "[parameters('appSettings')]"
- },
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.22.6.54827",
- "templateHash": "8340850851413090940"
- },
- "name": "Static Web App Site Config",
- "description": "This module deploys a Static Web App Site Config.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "kind": {
- "type": "string",
- "allowedValues": [
- "appsettings",
- "functionappsettings"
- ],
- "metadata": {
- "description": "Required. Type of settings to apply."
- }
- },
- "properties": {
- "type": "object",
- "metadata": {
- "description": "Required. App settings."
- }
- },
- "staticSiteName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. Location for all resources."
- }
- }
- },
- "resources": [
- {
- "type": "Microsoft.Web/staticSites/config",
- "apiVersion": "2022-03-01",
- "name": "[format('{0}/{1}', parameters('staticSiteName'), parameters('kind'))]",
- "properties": "[parameters('properties')]"
- },
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the config."
- },
- "value": "[parameters('kind')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the config."
- },
- "value": "[resourceId('Microsoft.Web/staticSites/config', parameters('staticSiteName'), parameters('kind'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the resource group the config was created in."
- },
- "value": "[resourceGroup().name]"
- }
- }
- }
- },
- "dependsOn": [
- "staticSite"
- ]
- },
- "staticSite_functionAppSettings": {
- "condition": "[not(empty(parameters('functionAppSettings')))]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-StaticSite-functionAppSettings', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "kind": {
- "value": "functionappsettings"
- },
- "staticSiteName": {
- "value": "[parameters('name')]"
- },
- "properties": {
- "value": "[parameters('functionAppSettings')]"
- },
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.22.6.54827",
- "templateHash": "8340850851413090940"
- },
- "name": "Static Web App Site Config",
- "description": "This module deploys a Static Web App Site Config.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "kind": {
- "type": "string",
- "allowedValues": [
- "appsettings",
- "functionappsettings"
- ],
- "metadata": {
- "description": "Required. Type of settings to apply."
- }
- },
- "properties": {
- "type": "object",
- "metadata": {
- "description": "Required. App settings."
- }
- },
- "staticSiteName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. Location for all resources."
- }
- }
- },
- "resources": [
- {
- "type": "Microsoft.Web/staticSites/config",
- "apiVersion": "2022-03-01",
- "name": "[format('{0}/{1}', parameters('staticSiteName'), parameters('kind'))]",
- "properties": "[parameters('properties')]"
- },
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the config."
- },
- "value": "[parameters('kind')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the config."
- },
- "value": "[resourceId('Microsoft.Web/staticSites/config', parameters('staticSiteName'), parameters('kind'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The name of the resource group the config was created in."
- },
- "value": "[resourceGroup().name]"
- }
- }
- }
- },
- "dependsOn": [
- "staticSite"
- ]
- },
- "staticSite_customDomains": {
- "copy": {
- "name": "staticSite_customDomains",
- "count": "[length(parameters('customDomains'))]"
- },
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-StaticSite-customDomains-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "name": {
- "value": "[parameters('customDomains')[copyIndex()]]"
- },
- "staticSiteName": {
- "value": "[parameters('name')]"
- },
- "validationMethod": "[if(equals(indexOf(parameters('customDomains')[copyIndex()], '.'), lastIndexOf(parameters('customDomains')[copyIndex()], '.')), createObject('value', 'dns-txt-token'), createObject('value', 'cname-delegation'))]",
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.22.6.54827",
- "templateHash": "13208835708722733896"
- },
- "name": "Static Web App Site Custom Domains",
- "description": "This module deploys a Static Web App Site Custom Domain.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The custom domain name."
- }
- },
- "staticSiteName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent Static Web App. Required if the template is used in a standalone deployment."
- }
- },
- "validationMethod": {
- "type": "string",
- "defaultValue": "cname-delegation",
- "metadata": {
- "description": "Optional. Validation method for adding a custom domain."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. Location for all resources."
- }
- }
- },
- "resources": [
- {
- "type": "Microsoft.Web/staticSites/customDomains",
- "apiVersion": "2022-03-01",
- "name": "[format('{0}/{1}', parameters('staticSiteName'), parameters('name'))]",
- "properties": {
- "validationMethod": "[parameters('validationMethod')]"
- }
- },
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the static site custom domain."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the static site custom domain."
- },
- "value": "[resourceId('Microsoft.Web/staticSites/customDomains', parameters('staticSiteName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The resource group the static site custom domain was deployed into."
- },
- "value": "[resourceGroup().name]"
- }
- }
- }
- },
- "dependsOn": [
- "staticSite"
- ]
- },
- "staticSite_privateEndpoints": {
- "copy": {
- "name": "staticSite_privateEndpoints",
- "count": "[length(coalesce(parameters('privateEndpoints'), createArray()))]"
- },
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-staticSite-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "groupIds": {
- "value": [
- "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites')]"
- ]
- },
- "name": {
- "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/staticSites', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'staticSites'), copyIndex()))]"
- },
- "serviceResourceId": {
- "value": "[resourceId('Microsoft.Web/staticSites', parameters('name'))]"
- },
- "subnetResourceId": {
- "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]"
- },
- "enableDefaultTelemetry": {
- "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableDefaultTelemetry'), variables('enableReferencedModulesTelemetry'))]"
- },
- "location": {
- "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]"
- },
- "lock": {
- "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'lock'), parameters('lock'))]"
- },
- "privateDnsZoneGroupName": {
- "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroupName')]"
- },
- "privateDnsZoneResourceIds": {
- "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneResourceIds')]"
- },
- "roleAssignments": {
- "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'roleAssignments')]"
- },
- "tags": {
- "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]"
- },
- "manualPrivateLinkServiceConnections": {
- "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]"
- },
- "customDnsConfigs": {
- "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]"
- },
- "ipConfigurations": {
- "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'ipConfigurations')]"
- },
- "applicationSecurityGroupResourceIds": {
- "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'applicationSecurityGroupResourceIds')]"
- },
- "customNetworkInterfaceName": {
- "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "languageVersion": "2.0",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.22.6.54827",
- "templateHash": "12078057657290521609"
- },
- "name": "Private Endpoints",
- "description": "This module deploys a Private Endpoint.",
- "owner": "Azure/module-maintainers"
- },
- "definitions": {
- "roleAssignmentType": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "roleDefinitionIdOrName": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead."
- }
- },
- "principalId": {
- "type": "string",
- "metadata": {
- "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to."
- }
- },
- "principalType": {
- "type": "string",
- "allowedValues": [
- "Device",
- "ForeignGroup",
- "Group",
- "ServicePrincipal",
- "User"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. The principal type of the assigned principal ID."
- }
- },
- "description": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The description of the role assignment."
- }
- },
- "condition": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\""
- }
- },
- "conditionVersion": {
- "type": "string",
- "allowedValues": [
- "2.0"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. Version of the condition."
- }
- },
- "delegatedManagedIdentityResourceId": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The Resource Id of the delegated managed identity resource."
- }
- }
- }
- },
- "nullable": true
- },
- "lockType": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. Specify the name of lock."
- }
- },
- "kind": {
- "type": "string",
- "allowedValues": [
- "CanNotDelete",
- "None",
- "ReadOnly"
- ],
- "nullable": true,
- "metadata": {
- "description": "Optional. Specify the type of lock."
- }
- }
- },
- "nullable": true
- },
- "ipConfigurationsType": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. The name of the resource that is unique within a resource group."
- }
- },
- "properties": {
- "type": "object",
- "properties": {
- "groupId": {
- "type": "string",
- "metadata": {
- "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to."
- }
- },
- "memberName": {
- "type": "string",
- "metadata": {
- "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to."
- }
- },
- "privateIPAddress": {
- "type": "string",
- "metadata": {
- "description": "Required. A private ip address obtained from the private endpoint's subnet."
- }
- }
- },
- "metadata": {
- "description": "Required. Properties of private endpoint IP configurations."
- }
- }
- }
- },
- "nullable": true
- },
- "customDnsConfigType": {
- "type": "array",
- "items": {
- "type": "object",
- "properties": {
- "fqdn": {
- "type": "string",
- "metadata": {
- "description": "Required. Fqdn that resolves to private endpoint ip address."
- }
- },
- "ipAddresses": {
- "type": "array",
- "items": {
- "type": "string"
- },
- "metadata": {
- "description": "Required. A list of private ip addresses of the private endpoint."
- }
- }
- }
- },
- "nullable": true
- }
- },
- "parameters": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "Required. Name of the private endpoint resource to create."
- }
- },
- "subnetResourceId": {
- "type": "string",
- "metadata": {
- "description": "Required. Resource ID of the subnet where the endpoint needs to be created."
- }
- },
- "serviceResourceId": {
- "type": "string",
- "metadata": {
- "description": "Required. Resource ID of the resource that needs to be connected to the network."
- }
- },
- "applicationSecurityGroupResourceIds": {
- "type": "array",
- "nullable": true,
- "metadata": {
- "description": "Optional. Application security groups in which the private endpoint IP configuration is included."
- }
- },
- "customNetworkInterfaceName": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The custom name of the network interface attached to the private endpoint."
- }
- },
- "ipConfigurations": {
- "$ref": "#/definitions/ipConfigurationsType",
- "nullable": true,
- "metadata": {
- "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints."
- }
- },
- "groupIds": {
- "type": "array",
- "metadata": {
- "description": "Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to."
- }
- },
- "privateDnsZoneGroupName": {
- "type": "string",
- "nullable": true,
- "metadata": {
- "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided."
- }
- },
- "privateDnsZoneResourceIds": {
- "type": "array",
- "nullable": true,
- "metadata": {
- "description": "Optional. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones."
- }
- },
- "location": {
- "type": "string",
- "defaultValue": "[resourceGroup().location]",
- "metadata": {
- "description": "Optional. Location for all Resources."
- }
- },
- "lock": {
- "$ref": "#/definitions/lockType",
- "metadata": {
- "description": "Optional. The lock settings of the service."
- }
- },
- "roleAssignments": {
- "$ref": "#/definitions/roleAssignmentType",
- "metadata": {
- "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
- }
- },
- "tags": {
- "type": "object",
- "nullable": true,
- "metadata": {
- "description": "Optional. Tags to be applied on all resources/resource groups in this deployment."
- }
- },
- "customDnsConfigs": {
- "$ref": "#/definitions/customDnsConfigType",
- "nullable": true,
- "metadata": {
- "description": "Optional. Custom DNS configurations."
- }
- },
- "manualPrivateLinkServiceConnections": {
- "type": "array",
- "nullable": true,
- "metadata": {
- "description": "Optional. Manual PrivateLink Service Connections."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable/Disable usage telemetry for module."
- }
- }
- },
- "variables": {
- "enableReferencedModulesTelemetry": false,
- "builtInRoleNames": {
- "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
- "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]",
- "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]",
- "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]",
- "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]",
- "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]",
- "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
- "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]",
- "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
- "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]"
- }
- },
- "resources": {
- "defaultTelemetry": {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- "privateEndpoint": {
- "type": "Microsoft.Network/privateEndpoints",
- "apiVersion": "2023-04-01",
- "name": "[parameters('name')]",
- "location": "[parameters('location')]",
- "tags": "[parameters('tags')]",
- "properties": {
- "copy": [
- {
- "name": "applicationSecurityGroups",
- "count": "[length(coalesce(parameters('applicationSecurityGroupResourceIds'), createArray()))]",
- "input": {
- "id": "[coalesce(parameters('applicationSecurityGroupResourceIds'), createArray())[copyIndex('applicationSecurityGroups')]]"
- }
- }
- ],
- "customDnsConfigs": "[parameters('customDnsConfigs')]",
- "customNetworkInterfaceName": "[coalesce(parameters('customNetworkInterfaceName'), '')]",
- "ipConfigurations": "[coalesce(parameters('ipConfigurations'), createArray())]",
- "manualPrivateLinkServiceConnections": "[coalesce(parameters('manualPrivateLinkServiceConnections'), createArray())]",
- "privateLinkServiceConnections": [
- {
- "name": "[parameters('name')]",
- "properties": {
- "privateLinkServiceId": "[parameters('serviceResourceId')]",
- "groupIds": "[parameters('groupIds')]"
- }
- }
- ],
- "subnet": {
- "id": "[parameters('subnetResourceId')]"
- }
- }
- },
- "privateEndpoint_lock": {
- "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
- "type": "Microsoft.Authorization/locks",
- "apiVersion": "2020-05-01",
- "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]",
- "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]",
- "properties": {
- "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]",
- "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]"
- },
- "dependsOn": [
- "privateEndpoint"
- ]
- },
- "privateEndpoint_roleAssignments": {
- "copy": {
- "name": "privateEndpoint_roleAssignments",
- "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]"
- },
- "type": "Microsoft.Authorization/roleAssignments",
- "apiVersion": "2022-04-01",
- "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]",
- "name": "[guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
- "properties": {
- "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
- "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]",
- "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]",
- "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]",
- "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]",
- "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]",
- "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]"
- },
- "dependsOn": [
- "privateEndpoint"
- ]
- },
- "privateEndpoint_privateDnsZoneGroup": {
- "condition": "[not(empty(parameters('privateDnsZoneResourceIds')))]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2022-09-01",
- "name": "[format('{0}-PrivateEndpoint-PrivateDnsZoneGroup', uniqueString(deployment().name))]",
- "properties": {
- "expressionEvaluationOptions": {
- "scope": "inner"
- },
- "mode": "Incremental",
- "parameters": {
- "name": {
- "value": "[coalesce(parameters('privateDnsZoneGroupName'), 'default')]"
- },
- "privateDNSResourceIds": {
- "value": "[coalesce(parameters('privateDnsZoneResourceIds'), createArray())]"
- },
- "privateEndpointName": {
- "value": "[parameters('name')]"
- },
- "enableDefaultTelemetry": {
- "value": "[variables('enableReferencedModulesTelemetry')]"
- }
- },
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "metadata": {
- "_generator": {
- "name": "bicep",
- "version": "0.22.6.54827",
- "templateHash": "16391702514342252839"
- },
- "name": "Private Endpoint Private DNS Zone Groups",
- "description": "This module deploys a Private Endpoint Private DNS Zone Group.",
- "owner": "Azure/module-maintainers"
- },
- "parameters": {
- "privateEndpointName": {
- "type": "string",
- "metadata": {
- "description": "Conditional. The name of the parent private endpoint. Required if the template is used in a standalone deployment."
- }
- },
- "privateDNSResourceIds": {
- "type": "array",
- "minLength": 1,
- "maxLength": 5,
- "metadata": {
- "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones."
- }
- },
- "name": {
- "type": "string",
- "defaultValue": "default",
- "metadata": {
- "description": "Optional. The name of the private DNS zone group."
- }
- },
- "enableDefaultTelemetry": {
- "type": "bool",
- "defaultValue": true,
- "metadata": {
- "description": "Optional. Enable/Disable usage telemetry for module."
- }
- }
- },
- "variables": {
- "copy": [
- {
- "name": "privateDnsZoneConfigs",
- "count": "[length(parameters('privateDNSResourceIds'))]",
- "input": {
- "name": "[last(split(parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')], '/'))]",
- "properties": {
- "privateDnsZoneId": "[parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')]]"
- }
- }
- }
- ]
- },
- "resources": [
- {
- "condition": "[parameters('enableDefaultTelemetry')]",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-04-01",
- "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]",
- "properties": {
- "mode": "Incremental",
- "template": {
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
- "contentVersion": "1.0.0.0",
- "resources": []
- }
- }
- },
- {
- "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
- "apiVersion": "2023-04-01",
- "name": "[format('{0}/{1}', parameters('privateEndpointName'), parameters('name'))]",
- "properties": {
- "privateDnsZoneConfigs": "[variables('privateDnsZoneConfigs')]"
- }
- }
- ],
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the private endpoint DNS zone group."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the private endpoint DNS zone group."
- },
- "value": "[resourceId('Microsoft.Network/privateEndpoints/privateDnsZoneGroups', parameters('privateEndpointName'), parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The resource group the private endpoint DNS zone group was deployed into."
- },
- "value": "[resourceGroup().name]"
- }
- }
- }
- },
- "dependsOn": [
- "privateEndpoint"
- ]
- }
- },
- "outputs": {
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The resource group the private endpoint was deployed into."
- },
- "value": "[resourceGroup().name]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the private endpoint."
- },
- "value": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]"
- },
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the private endpoint."
- },
- "value": "[parameters('name')]"
- },
- "location": {
- "type": "string",
- "metadata": {
- "description": "The location the resource was deployed into."
- },
- "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]"
- }
- }
- }
- },
- "dependsOn": [
- "staticSite"
- ]
- }
- },
- "outputs": {
- "name": {
- "type": "string",
- "metadata": {
- "description": "The name of the static site."
- },
- "value": "[parameters('name')]"
- },
- "resourceId": {
- "type": "string",
- "metadata": {
- "description": "The resource ID of the static site."
- },
- "value": "[resourceId('Microsoft.Web/staticSites', parameters('name'))]"
- },
- "resourceGroupName": {
- "type": "string",
- "metadata": {
- "description": "The resource group the static site was deployed into."
- },
- "value": "[resourceGroup().name]"
- },
- "systemAssignedMIPrincipalId": {
- "type": "string",
- "metadata": {
- "description": "The principal ID of the system assigned identity."
- },
- "value": "[if(and(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), contains(reference('staticSite', '2021-03-01', 'full').identity, 'principalId')), reference('staticSite', '2021-03-01', 'full').identity.principalId, '')]"
- },
- "location": {
- "type": "string",
- "metadata": {
- "description": "The location the resource was deployed into."
- },
- "value": "[reference('staticSite', '2021-03-01', 'full').location]"
- },
- "defaultHostname": {
- "type": "string",
- "metadata": {
- "description": "The default autogenerated hostname for the static site."
- },
- "value": "[reference('staticSite').defaultHostname]"
- }
- }
-}
\ No newline at end of file
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/defaults/main.test.bicep b/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/defaults/main.test.bicep
deleted file mode 100644
index 97845e5..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/defaults/main.test.bicep
+++ /dev/null
@@ -1,48 +0,0 @@
-targetScope = 'subscription'
-
-metadata name = 'Using only defaults'
-metadata description = 'This instance deploys the module with the minimum set of required parameters.'
-
-// ========== //
-// Parameters //
-// ========== //
-
-@description('Optional. The name of the resource group to deploy for testing purposes.')
-@maxLength(90)
-param resourceGroupName string = 'dep-${namePrefix}-web.staticsites-${serviceShort}-rg'
-
-@description('Optional. The location to deploy resources to.')
-param location string = deployment().location
-
-@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'wssmin'
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Optional. A token to inject into the name of each resource.')
-param namePrefix string = '[[namePrefix]]'
-
-// ============ //
-// Dependencies //
-// ============ //
-
-// General resources
-// =================
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
- name: resourceGroupName
- location: location
-}
-
-// ============== //
-// Test Execution //
-// ============== //
-
-module testDeployment '../../../main.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
- params: {
- enableDefaultTelemetry: enableDefaultTelemetry
- name: '${namePrefix}${serviceShort}001'
- }
-}
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/max/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/max/dependencies.bicep
deleted file mode 100644
index 7939cfd..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/max/dependencies.bicep
+++ /dev/null
@@ -1,94 +0,0 @@
-@description('Optional. The location to deploy to.')
-param location string = resourceGroup().location
-
-@description('Required. The name of the Virtual Network to create.')
-param virtualNetworkName string
-
-@description('Required. The name of the Managed Identity to create.')
-param managedIdentityName string
-
-@description('Required. The name of the Function App to create.')
-param siteName string
-
-@description('Required. The name of the Server Farm to create.')
-param serverFarmName string
-
-var addressPrefix = '10.0.0.0/16'
-
-resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = {
- name: virtualNetworkName
- location: location
- properties: {
- addressSpace: {
- addressPrefixes: [
- addressPrefix
- ]
- }
- subnets: [
- {
- name: 'defaultSubnet'
- properties: {
- addressPrefix: cidrSubnet(addressPrefix, 16, 0)
- }
- }
- ]
- }
-}
-
-resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
- name: 'privatelink.azurestaticapps.net'
- location: 'global'
-
- resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = {
- name: '${virtualNetwork.name}-vnetlink'
- location: 'global'
- properties: {
- virtualNetwork: {
- id: virtualNetwork.id
- }
- registrationEnabled: false
- }
- }
-}
-
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
- name: managedIdentityName
- location: location
-}
-
-resource serverFarm 'Microsoft.Web/serverfarms@2022-03-01' = {
- name: serverFarmName
- location: location
- sku: {
- name: 'S1'
- tier: 'Standard'
- size: 'S1'
- family: 'S'
- capacity: 1
- }
- properties: {}
-}
-
-resource functionApp 'Microsoft.Web/sites@2022-03-01' = {
- name: siteName
- location: location
- kind: 'functionapp'
- properties: {
- serverFarmId: serverFarm.id
- }
-}
-
-@description('The resource ID of the created Virtual Network Subnet.')
-output subnetResourceId string = virtualNetwork.properties.subnets[0].id
-
-@description('The principal ID of the created Managed Identity.')
-output managedIdentityPrincipalId string = managedIdentity.properties.principalId
-
-@description('The resource ID of the created Managed Identity.')
-output managedIdentityResourceId string = managedIdentity.id
-
-@description('The resource ID of the created Private DNS zone.')
-output privateDNSZoneResourceId string = privateDNSZone.id
-
-@description('The resource ID of the created Function App.')
-output siteResourceId string = functionApp.id
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/max/main.test.bicep b/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/max/main.test.bicep
deleted file mode 100644
index 0a800c7..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/max/main.test.bicep
+++ /dev/null
@@ -1,109 +0,0 @@
-targetScope = 'subscription'
-
-metadata name = 'Using large parameter set'
-metadata description = 'This instance deploys the module with most of its features enabled.'
-
-// ========== //
-// Parameters //
-// ========== //
-
-@description('Optional. The name of the resource group to deploy for testing purposes.')
-@maxLength(90)
-param resourceGroupName string = 'dep-${namePrefix}-web.staticsites-${serviceShort}-rg'
-
-@description('Optional. The location to deploy resources to.')
-param location string = deployment().location
-
-@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'wssmax'
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Optional. A token to inject into the name of each resource.')
-param namePrefix string = '[[namePrefix]]'
-
-// ============ //
-// Dependencies //
-// ============ //
-
-// General resources
-// =================
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
- name: resourceGroupName
- location: location
-}
-
-module nestedDependencies 'dependencies.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-nestedDependencies'
- params: {
- virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}'
- managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
- siteName: 'dep-${namePrefix}-fa-${serviceShort}'
- serverFarmName: 'dep-${namePrefix}-sf-${serviceShort}'
- }
-}
-
-// ============== //
-// Test Execution //
-// ============== //
-
-module testDeployment '../../../main.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
- params: {
- enableDefaultTelemetry: enableDefaultTelemetry
- name: '${namePrefix}${serviceShort}001'
- allowConfigFileUpdates: true
- enterpriseGradeCdnStatus: 'Disabled'
- lock: {
- kind: 'CanNotDelete'
- name: 'myCustomLockName'
- }
- privateEndpoints: [
- {
- subnetResourceId: nestedDependencies.outputs.subnetResourceId
- privateDnsZoneResourceIds: [
- nestedDependencies.outputs.privateDNSZoneResourceId
- ]
- tags: {
- 'hidden-title': 'This is visible in the resource name'
- Environment: 'Non-Prod'
- Role: 'DeploymentValidation'
- }
- }
- ]
- roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- principalId: nestedDependencies.outputs.managedIdentityPrincipalId
- principalType: 'ServicePrincipal'
- }
- ]
- sku: 'Standard'
- stagingEnvironmentPolicy: 'Enabled'
- managedIdentities: {
- systemAssigned: true
- userAssignedResourcesIds: [
- nestedDependencies.outputs.managedIdentityResourceId
- ]
- }
- appSettings: {
- foo: 'bar'
- setting: 1
- }
- functionAppSettings: {
- foo: 'bar'
- setting: 1
- }
- linkedBackend: {
- resourceId: nestedDependencies.outputs.siteResourceId
- }
- tags: {
- 'hidden-title': 'This is visible in the resource name'
- Environment: 'Non-Prod'
- Role: 'DeploymentValidation'
- }
- }
-}
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/waf-aligned/dependencies.bicep b/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/waf-aligned/dependencies.bicep
deleted file mode 100644
index 7939cfd..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/waf-aligned/dependencies.bicep
+++ /dev/null
@@ -1,94 +0,0 @@
-@description('Optional. The location to deploy to.')
-param location string = resourceGroup().location
-
-@description('Required. The name of the Virtual Network to create.')
-param virtualNetworkName string
-
-@description('Required. The name of the Managed Identity to create.')
-param managedIdentityName string
-
-@description('Required. The name of the Function App to create.')
-param siteName string
-
-@description('Required. The name of the Server Farm to create.')
-param serverFarmName string
-
-var addressPrefix = '10.0.0.0/16'
-
-resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = {
- name: virtualNetworkName
- location: location
- properties: {
- addressSpace: {
- addressPrefixes: [
- addressPrefix
- ]
- }
- subnets: [
- {
- name: 'defaultSubnet'
- properties: {
- addressPrefix: cidrSubnet(addressPrefix, 16, 0)
- }
- }
- ]
- }
-}
-
-resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
- name: 'privatelink.azurestaticapps.net'
- location: 'global'
-
- resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = {
- name: '${virtualNetwork.name}-vnetlink'
- location: 'global'
- properties: {
- virtualNetwork: {
- id: virtualNetwork.id
- }
- registrationEnabled: false
- }
- }
-}
-
-resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
- name: managedIdentityName
- location: location
-}
-
-resource serverFarm 'Microsoft.Web/serverfarms@2022-03-01' = {
- name: serverFarmName
- location: location
- sku: {
- name: 'S1'
- tier: 'Standard'
- size: 'S1'
- family: 'S'
- capacity: 1
- }
- properties: {}
-}
-
-resource functionApp 'Microsoft.Web/sites@2022-03-01' = {
- name: siteName
- location: location
- kind: 'functionapp'
- properties: {
- serverFarmId: serverFarm.id
- }
-}
-
-@description('The resource ID of the created Virtual Network Subnet.')
-output subnetResourceId string = virtualNetwork.properties.subnets[0].id
-
-@description('The principal ID of the created Managed Identity.')
-output managedIdentityPrincipalId string = managedIdentity.properties.principalId
-
-@description('The resource ID of the created Managed Identity.')
-output managedIdentityResourceId string = managedIdentity.id
-
-@description('The resource ID of the created Private DNS zone.')
-output privateDNSZoneResourceId string = privateDNSZone.id
-
-@description('The resource ID of the created Function App.')
-output siteResourceId string = functionApp.id
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/waf-aligned/main.test.bicep b/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/waf-aligned/main.test.bicep
deleted file mode 100644
index 0b1be92..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/tests/e2e/waf-aligned/main.test.bicep
+++ /dev/null
@@ -1,109 +0,0 @@
-targetScope = 'subscription'
-
-metadata name = 'WAF-aligned'
-metadata description = 'This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.'
-
-// ========== //
-// Parameters //
-// ========== //
-
-@description('Optional. The name of the resource group to deploy for testing purposes.')
-@maxLength(90)
-param resourceGroupName string = 'dep-${namePrefix}-web.staticsites-${serviceShort}-rg'
-
-@description('Optional. The location to deploy resources to.')
-param location string = deployment().location
-
-@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
-param serviceShort string = 'wsswaf'
-
-@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
-param enableDefaultTelemetry bool = true
-
-@description('Optional. A token to inject into the name of each resource.')
-param namePrefix string = '[[namePrefix]]'
-
-// ============ //
-// Dependencies //
-// ============ //
-
-// General resources
-// =================
-resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
- name: resourceGroupName
- location: location
-}
-
-module nestedDependencies 'dependencies.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-nestedDependencies'
- params: {
- virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}'
- managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
- siteName: 'dep-${namePrefix}-fa-${serviceShort}'
- serverFarmName: 'dep-${namePrefix}-sf-${serviceShort}'
- }
-}
-
-// ============== //
-// Test Execution //
-// ============== //
-
-module testDeployment '../../../main.bicep' = {
- scope: resourceGroup
- name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
- params: {
- enableDefaultTelemetry: enableDefaultTelemetry
- name: '${namePrefix}${serviceShort}001'
- allowConfigFileUpdates: true
- enterpriseGradeCdnStatus: 'Disabled'
- lock: {
- kind: 'CanNotDelete'
- name: 'myCustomLockName'
- }
- privateEndpoints: [
- {
- subnetResourceId: nestedDependencies.outputs.subnetResourceId
- privateDnsZoneResourceIds: [
- nestedDependencies.outputs.privateDNSZoneResourceId
- ]
- tags: {
- 'hidden-title': 'This is visible in the resource name'
- Environment: 'Non-Prod'
- Role: 'DeploymentValidation'
- }
- }
- ]
- roleAssignments: [
- {
- roleDefinitionIdOrName: 'Reader'
- principalId: nestedDependencies.outputs.managedIdentityPrincipalId
- principalType: 'ServicePrincipal'
- }
- ]
- sku: 'Standard'
- stagingEnvironmentPolicy: 'Enabled'
- managedIdentities: {
- systemAssigned: true
- userAssignedResourcesIds: [
- nestedDependencies.outputs.managedIdentityResourceId
- ]
- }
- appSettings: {
- foo: 'bar'
- setting: 1
- }
- functionAppSettings: {
- foo: 'bar'
- setting: 1
- }
- linkedBackend: {
- resourceId: nestedDependencies.outputs.siteResourceId
- }
- tags: {
- 'hidden-title': 'This is visible in the resource name'
- Environment: 'Non-Prod'
- Role: 'DeploymentValidation'
- }
- }
-}
diff --git a/bicep-examples/dependencies/modules/webApp/static-site/version.json b/bicep-examples/dependencies/modules/webApp/static-site/version.json
deleted file mode 100644
index 9ed3662..0000000
--- a/bicep-examples/dependencies/modules/webApp/static-site/version.json
+++ /dev/null
@@ -1,7 +0,0 @@
-{
- "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
- "version": "0.6",
- "pathFilters": [
- "./main.json"
- ]
-}
From eedf90cba70a13ccd96321c0d6f4c5fae677e8e2 Mon Sep 17 00:00:00 2001
From: Dan Rios <36534747+riosengineer@users.noreply.github.com>
Date: Mon, 20 Nov 2023 15:01:49 +0000
Subject: [PATCH 06/13] Linting
removing unnecessary files from CARML modules preventing megalinter pass
---
.../modules/webApp/site/README.md | 1663 -------
.../main.json | 101 -
.../webApp/site/config--appsettings/main.json | 116 -
.../site/config--authsettingsv2/main.json | 94 -
.../relay/README.md | 84 -
.../relay/main.bicep | 66 -
.../relay/main.json | 103 -
.../relay/version.json | 7 -
.../modules/webApp/site/main.json | 4095 -----------------
.../site/slot/config--appsettings/main.json | 122 -
.../slot/config--authsettingsv2/main.json | 100 -
.../relay/main.json | 109 -
.../modules/webApp/site/slot/main.json | 1936 --------
13 files changed, 8596 deletions(-)
delete mode 100644 bicep-examples/dependencies/modules/webApp/site/README.md
delete mode 100644 bicep-examples/dependencies/modules/webApp/site/basic-publishing-credentials-policy/main.json
delete mode 100644 bicep-examples/dependencies/modules/webApp/site/config--appsettings/main.json
delete mode 100644 bicep-examples/dependencies/modules/webApp/site/config--authsettingsv2/main.json
delete mode 100644 bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/README.md
delete mode 100644 bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/main.bicep
delete mode 100644 bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/main.json
delete mode 100644 bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/version.json
delete mode 100644 bicep-examples/dependencies/modules/webApp/site/main.json
delete mode 100644 bicep-examples/dependencies/modules/webApp/site/slot/config--appsettings/main.json
delete mode 100644 bicep-examples/dependencies/modules/webApp/site/slot/config--authsettingsv2/main.json
delete mode 100644 bicep-examples/dependencies/modules/webApp/site/slot/hybrid-connection-namespace/relay/main.json
delete mode 100644 bicep-examples/dependencies/modules/webApp/site/slot/main.json
diff --git a/bicep-examples/dependencies/modules/webApp/site/README.md b/bicep-examples/dependencies/modules/webApp/site/README.md
deleted file mode 100644
index 2018620..0000000
--- a/bicep-examples/dependencies/modules/webApp/site/README.md
+++ /dev/null
@@ -1,1663 +0,0 @@
-# Web/Function Apps `[Microsoft.Web/sites]`
-
-This module deploys a Web or Function App.
-
-## Navigation
-
-- [Resource Types](#Resource-Types)
-- [Usage examples](#Usage-examples)
-- [Parameters](#Parameters)
-- [Outputs](#Outputs)
-- [Cross-referenced modules](#Cross-referenced-modules)
-- [Notes](#Notes)
-
-## Resource Types
-
-| Resource Type | API Version |
-| :-- | :-- |
-| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
-| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
-| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
-| `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) |
-| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) |
-| `Microsoft.Web/sites` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites) |
-| `Microsoft.Web/sites/basicPublishingCredentialsPolicies` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) |
-| `Microsoft.Web/sites/config` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) |
-| `Microsoft.Web/sites/hybridConnectionNamespaces/relays` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites/hybridConnectionNamespaces/relays) |
-| `Microsoft.Web/sites/slots` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites/slots) |
-| `Microsoft.Web/sites/slots/config` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) |
-| `Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites/slots/hybridConnectionNamespaces/relays) |
-
-## Usage examples
-
-The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
-
->**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
->**Note**: To reference the module, please use the following syntax `br:bicep/modules/web.site:1.0.0`.
-
-- [Functionappcommon](#example-1-functionappcommon)
-- [Functionappmin](#example-2-functionappmin)
-- [Webappcommon](#example-3-webappcommon)
-- [Webappmin](#example-4-webappmin)
-
-### Example 1: _Functionappcommon_
-
-via Bicep module
-
-```bicep
-module site 'br:bicep/modules/web.site:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-wsfacom'
- params: {
- // Required parameters
- kind: 'functionapp'
- name: 'wsfacom001'
- serverFarmResourceId: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "kind": {
- "value": "functionapp"
- },
- "name": {
- "value": "wsfacom001"
- },
- "serverFarmResourceId": {
- "value": "
-
-### Example 2: _Functionappmin_
-
-via Bicep module
-
-```bicep
-module site 'br:bicep/modules/web.site:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-wsfamin'
- params: {
- // Required parameters
- kind: 'functionapp'
- name: 'wsfamin001'
- serverFarmResourceId: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "kind": {
- "value": "functionapp"
- },
- "name": {
- "value": "wsfamin001"
- },
- "serverFarmResourceId": {
- "value": "
-
-### Example 3: _Webappcommon_
-
-via Bicep module
-
-```bicep
-module site 'br:bicep/modules/web.site:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-wswa'
- params: {
- // Required parameters
- kind: 'app'
- name: 'wswa001'
- serverFarmResourceId: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "kind": {
- "value": "app"
- },
- "name": {
- "value": "wswa001"
- },
- "serverFarmResourceId": {
- "value": "
-
-### Example 4: _Webappmin_
-
-via Bicep module
-
-```bicep
-module site 'br:bicep/modules/web.site:1.0.0' = {
- name: '${uniqueString(deployment().name, location)}-test-wswamin'
- params: {
- // Required parameters
- kind: 'app'
- name: 'wswamin001'
- serverFarmResourceId: '
-
-via JSON Parameter file
-
-```json
-{
- "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
- "contentVersion": "1.0.0.0",
- "parameters": {
- // Required parameters
- "kind": {
- "value": "app"
- },
- "name": {
- "value": "wswamin001"
- },
- "serverFarmResourceId": {
- "value": "
- - -## Parameters - -**Required parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`kind`](#parameter-kind) | string | Type of site to deploy. | -| [`name`](#parameter-name) | string | Name of the site. | -| [`serverFarmResourceId`](#parameter-serverfarmresourceid) | string | The resource ID of the app service plan to use for the site. | - -**Optional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`appInsightResourceId`](#parameter-appinsightresourceid) | string | Resource ID of the app insight to leverage for this resource. | -| [`appServiceEnvironmentResourceId`](#parameter-appserviceenvironmentresourceid) | string | The resource ID of the app service environment to use for this resource. | -| [`appSettingsKeyValuePairs`](#parameter-appsettingskeyvaluepairs) | object | The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. | -| [`authSettingV2Configuration`](#parameter-authsettingv2configuration) | object | The auth settings V2 configuration. | -| [`basicPublishingCredentialsPolicies`](#parameter-basicpublishingcredentialspolicies) | array | The site publishing credential policy names which are associated with the sites. | -| [`clientAffinityEnabled`](#parameter-clientaffinityenabled) | bool | If client affinity is enabled. | -| [`clientCertEnabled`](#parameter-clientcertenabled) | bool | To enable client certificate authentication (TLS mutual authentication). | -| [`clientCertExclusionPaths`](#parameter-clientcertexclusionpaths) | string | Client certificate authentication comma-separated exclusion paths. | -| [`clientCertMode`](#parameter-clientcertmode) | string | This composes with ClientCertEnabled setting.
- ClientCertEnabled: false means ClientCert is ignored.- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted. | -| [`cloningInfo`](#parameter-cloninginfo) | object | If specified during app creation, the app is cloned from a source app. | -| [`containerSize`](#parameter-containersize) | int | Size of the function container. | -| [`customDomainVerificationId`](#parameter-customdomainverificationid) | string | Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification. | -| [`dailyMemoryTimeQuota`](#parameter-dailymemorytimequota) | int | Maximum allowed daily memory-time quota (applicable on dynamic apps only). | -| [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. | -| [`enabled`](#parameter-enabled) | bool | Setting this value to false disables the app (takes the app offline). | -| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -| [`hostNameSslStates`](#parameter-hostnamesslstates) | array | Hostname SSL states are used to manage the SSL bindings for app's hostnames. | -| [`httpsOnly`](#parameter-httpsonly) | bool | Configures a site to accept only HTTPS requests. Issues redirect for HTTP requests. | -| [`hybridConnectionRelays`](#parameter-hybridconnectionrelays) | array | Names of hybrid connection relays to connect app with. | -| [`hyperV`](#parameter-hyperv) | bool | Hyper-V sandbox. | -| [`keyVaultAccessIdentityResourceId`](#parameter-keyvaultaccessidentityresourceid) | string | The resource ID of the assigned identity to be used to access a key vault with. | -| [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | object | The lock settings of the service. | -| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. | -| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| [`redundancyMode`](#parameter-redundancymode) | string | Site redundancy mode. | -| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| [`scmSiteAlsoStopped`](#parameter-scmsitealsostopped) | bool | Stop SCM (KUDU) site when the app is stopped. | -| [`setAzureWebJobsDashboard`](#parameter-setazurewebjobsdashboard) | bool | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. | -| [`siteConfig`](#parameter-siteconfig) | object | The site config object. | -| [`slots`](#parameter-slots) | array | Configuration for deployment slots for an app. | -| [`storageAccountRequired`](#parameter-storageaccountrequired) | bool | Checks if Customer provided storage account is required. | -| [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. | -| [`tags`](#parameter-tags) | object | Tags of the resource. | -| [`virtualNetworkSubnetId`](#parameter-virtualnetworksubnetid) | string | Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}. | -| [`vnetContentShareEnabled`](#parameter-vnetcontentshareenabled) | bool | To enable accessing content over virtual network. | -| [`vnetImagePullEnabled`](#parameter-vnetimagepullenabled) | bool | To enable pulling image over Virtual Network. | -| [`vnetRouteAllEnabled`](#parameter-vnetrouteallenabled) | bool | Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. | - -### Parameter: `appInsightResourceId` - -Resource ID of the app insight to leverage for this resource. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `appServiceEnvironmentResourceId` - -The resource ID of the app service environment to use for this resource. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `appSettingsKeyValuePairs` - -The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. -- Required: No -- Type: object -- Default: `{}` - -### Parameter: `authSettingV2Configuration` - -The auth settings V2 configuration. -- Required: No -- Type: object -- Default: `{}` - -### Parameter: `basicPublishingCredentialsPolicies` - -The site publishing credential policy names which are associated with the sites. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `clientAffinityEnabled` - -If client affinity is enabled. -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `clientCertEnabled` - -To enable client certificate authentication (TLS mutual authentication). -- Required: No -- Type: bool -- Default: `False` - -### Parameter: `clientCertExclusionPaths` - -Client certificate authentication comma-separated exclusion paths. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `clientCertMode` - -This composes with ClientCertEnabled setting.- ClientCertEnabled: false means ClientCert is ignored.- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted. -- Required: No -- Type: string -- Default: `'Optional'` -- Allowed: - ```Bicep - [ - 'Optional' - 'OptionalInteractiveUser' - 'Required' - ] - ``` - -### Parameter: `cloningInfo` - -If specified during app creation, the app is cloned from a source app. -- Required: No -- Type: object -- Default: `{}` - -### Parameter: `containerSize` - -Size of the function container. -- Required: No -- Type: int -- Default: `-1` - -### Parameter: `customDomainVerificationId` - -Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `dailyMemoryTimeQuota` - -Maximum allowed daily memory-time quota (applicable on dynamic apps only). -- Required: No -- Type: int -- Default: `-1` - -### Parameter: `diagnosticSettings` - -The diagnostic settings of the service. -- Required: No -- Type: array - - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | - -### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` - -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.eventHubName` - -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logAnalyticsDestinationType` - -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - -- Required: No -- Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` - -### Parameter: `diagnosticSettings.logCategoriesAndGroups` - -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - -- Required: No -- Type: array - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - -### Parameter: `diagnosticSettings.marketplacePartnerResourceId` - -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.metricCategories` - -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - -- Required: No -- Type: array - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - -### Parameter: `diagnosticSettings.name` - -Optional. The name of diagnostic setting. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.storageAccountResourceId` - -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.workspaceResourceId` - -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - -- Required: No -- Type: string - -### Parameter: `enabled` - -Setting this value to false disables the app (takes the app offline). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `hostNameSslStates` - -Hostname SSL states are used to manage the SSL bindings for app's hostnames. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `httpsOnly` - -Configures a site to accept only HTTPS requests. Issues redirect for HTTP requests. -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `hybridConnectionRelays` - -Names of hybrid connection relays to connect app with. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `hyperV` - -Hyper-V sandbox. -- Required: No -- Type: bool -- Default: `False` - -### Parameter: `keyVaultAccessIdentityResourceId` - -The resource ID of the assigned identity to be used to access a key vault with. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `kind` - -Type of site to deploy. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'app' - 'functionapp' - 'functionapplinux' - 'functionappworkflowapp' - 'functionappworkflowapplinux' - ] - ``` - -### Parameter: `location` - -Location for all Resources. -- Required: No -- Type: string -- Default: `[resourceGroup().location]` - -### Parameter: `lock` - -The lock settings of the service. -- Required: No -- Type: object - - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | - -### Parameter: `lock.kind` - -Optional. Specify the type of lock. - -- Required: No -- Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` - -### Parameter: `lock.name` - -Optional. Specify the name of lock. - -- Required: No -- Type: string - -### Parameter: `managedIdentities` - -The managed identity definition for this resource. -- Required: No -- Type: object - - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourcesIds`](#parameter-managedidentitiesuserassignedresourcesids) | No | array | Optional. The resource ID(s) to assign to the resource. | - -### Parameter: `managedIdentities.systemAssigned` - -Optional. Enables system assigned managed identity on the resource. - -- Required: No -- Type: bool - -### Parameter: `managedIdentities.userAssignedResourcesIds` - -Optional. The resource ID(s) to assign to the resource. - -- Required: No -- Type: array - -### Parameter: `name` - -Name of the site. -- Required: Yes -- Type: string - -### Parameter: `privateEndpoints` - -Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. -- Required: No -- Type: array - - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. - -- Required: No -- Type: array - -### Parameter: `privateEndpoints.customDnsConfigs` - -Optional. Custom DNS configurations. - -- Required: No -- Type: array - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | - -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` - -Required. Fqdn that resolves to private endpoint ip address. - -- Required: No -- Type: string - -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` - -Required. A list of private ip addresses of the private endpoint. - -- Required: Yes -- Type: array - - -### Parameter: `privateEndpoints.customNetworkInterfaceName` - -Optional. The custom name of the network interface attached to the private endpoint. - -- Required: No -- Type: string - -### Parameter: `privateEndpoints.enableTelemetry` - -Optional. Enable/Disable usage telemetry for module. - -- Required: No -- Type: bool - -### Parameter: `privateEndpoints.ipConfigurations` - -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - -- Required: No -- Type: array - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` - -Required. The name of the resource that is unique within a resource group. - -- Required: Yes -- Type: string - -### Parameter: `privateEndpoints.ipConfigurations.properties` - -Required. Properties of private endpoint IP configurations. - -- Required: Yes -- Type: object - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | - -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` - -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. - -- Required: Yes -- Type: string - -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` - -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. - -- Required: Yes -- Type: string - -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` - -Required. A private ip address obtained from the private endpoint's subnet. - -- Required: Yes -- Type: string - - - -### Parameter: `privateEndpoints.location` - -Optional. The location to deploy the private endpoint to. - -- Required: No -- Type: string - -### Parameter: `privateEndpoints.lock` - -Optional. Specify the type of lock. - -- Required: No -- Type: object - -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` - -Optional. Manual PrivateLink Service Connections. - -- Required: No -- Type: array - -### Parameter: `privateEndpoints.name` - -Optional. The name of the private endpoint. - -- Required: No -- Type: string - -### Parameter: `privateEndpoints.privateDnsZoneGroupName` - -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - -- Required: No -- Type: string - -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` - -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - -- Required: No -- Type: array - -### Parameter: `privateEndpoints.roleAssignments` - -Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. - -- Required: No -- Type: array - -### Parameter: `privateEndpoints.service` - -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - -- Required: No -- Type: string - -### Parameter: `privateEndpoints.subnetResourceId` - -Required. Resource ID of the subnet where the endpoint needs to be created. - -- Required: Yes -- Type: string - -### Parameter: `privateEndpoints.tags` - -Optional. Tags to be applied on all resources/resource groups in this deployment. - -- Required: No -- Type: object - -### Parameter: `publicNetworkAccess` - -Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. -- Required: No -- Type: string -- Default: `''` -- Allowed: - ```Bicep - [ - '' - 'Disabled' - 'Enabled' - ] - ``` - -### Parameter: `redundancyMode` - -Site redundancy mode. -- Required: No -- Type: string -- Default: `'None'` -- Allowed: - ```Bicep - [ - 'ActiveActive' - 'Failover' - 'GeoRedundant' - 'Manual' - 'None' - ] - ``` - -### Parameter: `roleAssignments` - -Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No -- Type: array - - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | - -### Parameter: `roleAssignments.condition` - -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - -- Required: No -- Type: string - -### Parameter: `roleAssignments.conditionVersion` - -Optional. Version of the condition. - -- Required: No -- Type: string -- Allowed: `[2.0]` - -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` - -Optional. The Resource Id of the delegated managed identity resource. - -- Required: No -- Type: string - -### Parameter: `roleAssignments.description` - -Optional. The description of the role assignment. - -- Required: No -- Type: string - -### Parameter: `roleAssignments.principalId` - -Required. The principal ID of the principal (user/group/identity) to assign the role to. - -- Required: Yes -- Type: string - -### Parameter: `roleAssignments.principalType` - -Optional. The principal type of the assigned principal ID. - -- Required: No -- Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` - -### Parameter: `roleAssignments.roleDefinitionIdOrName` - -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. - -- Required: Yes -- Type: string - -### Parameter: `scmSiteAlsoStopped` - -Stop SCM (KUDU) site when the app is stopped. -- Required: No -- Type: bool -- Default: `False` - -### Parameter: `serverFarmResourceId` - -The resource ID of the app service plan to use for the site. -- Required: Yes -- Type: string - -### Parameter: `setAzureWebJobsDashboard` - -For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. -- Required: No -- Type: bool -- Default: `[if(contains(parameters('kind'), 'functionapp'), true(), false())]` - -### Parameter: `siteConfig` - -The site config object. -- Required: No -- Type: object -- Default: `{}` - -### Parameter: `slots` - -Configuration for deployment slots for an app. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `storageAccountRequired` - -Checks if Customer provided storage account is required. -- Required: No -- Type: bool -- Default: `False` - -### Parameter: `storageAccountResourceId` - -Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `tags` - -Tags of the resource. -- Required: No -- Type: object - -### Parameter: `virtualNetworkSubnetId` - -Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `vnetContentShareEnabled` - -To enable accessing content over virtual network. -- Required: No -- Type: bool -- Default: `False` - -### Parameter: `vnetImagePullEnabled` - -To enable pulling image over Virtual Network. -- Required: No -- Type: bool -- Default: `False` - -### Parameter: `vnetRouteAllEnabled` - -Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. -- Required: No -- Type: bool -- Default: `False` - - -## Outputs - -| Output | Type | Description | -| :-- | :-- | :-- | -| `defaultHostname` | string | Default hostname of the app. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the site. | -| `resourceGroupName` | string | The resource group the site was deployed into. | -| `resourceId` | string | The resource ID of the site. | -| `slotResourceIds` | array | The list of the slot resource ids. | -| `slots` | array | The list of the slots. | -| `slotSystemAssignedPrincipalIds` | array | The principal ID of the system assigned identity of slots. | -| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `modules/network/private-endpoint` | Local reference | - -## Notes - -### Parameter Usage: `appSettingsKeyValuePairs` - -AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING are set separately (check parameters storageAccountId, setAzureWebJobsDashboard, appInsightId). -For all other app settings key-value pairs use this object. - -diff --git a/bicep-examples/dependencies/modules/webApp/site/basic-publishing-credentials-policy/main.json b/bicep-examples/dependencies/modules/webApp/site/basic-publishing-credentials-policy/main.json deleted file mode 100644 index fb7d1f7..0000000 --- a/bicep-examples/dependencies/modules/webApp/site/basic-publishing-credentials-policy/main.json +++ /dev/null @@ -1,101 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "5305729672150633375" - }, - "name": "Web Site Basic Publishing Credentials Policies", - "description": "This module deploys a Web Site Basic Publishing Credentials Policy.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "name": { - "type": "string", - "allowedValues": [ - "scm", - "ftp" - ], - "metadata": { - "description": "Required. The name of the resource." - } - }, - "webAppName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent web site. Required if the template is used in a standalone deployment." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all Resources." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Web/sites/basicPublishingCredentialsPolicies", - "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}', parameters('webAppName'), parameters('name'))]", - "location": "[parameters('location')]", - "properties": { - "allow": true - } - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the basic publishing credential policy." - }, - "value": "[parameters('name')]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the basic publishing credential policy." - }, - "value": "[resourceId('Microsoft.Web/sites/basicPublishingCredentialsPolicies', parameters('webAppName'), parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The name of the resource group the basic publishing credential policy was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference(resourceId('Microsoft.Web/sites/basicPublishingCredentialsPolicies', parameters('webAppName'), parameters('name')), '2022-09-01', 'full').location]" - } - } -} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/site/config--appsettings/main.json b/bicep-examples/dependencies/modules/webApp/site/config--appsettings/main.json deleted file mode 100644 index c5bb4f9..0000000 --- a/bicep-examples/dependencies/modules/webApp/site/config--appsettings/main.json +++ /dev/null @@ -1,116 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "12140652943143922490" - }, - "name": "Site App Settings", - "description": "This module deploys a Site App Setting.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "appName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." - } - }, - "kind": { - "type": "string", - "allowedValues": [ - "functionapp", - "functionapp,linux", - "functionapp,workflowapp", - "functionapp,workflowapp,linux", - "app" - ], - "metadata": { - "description": "Required. Type of site to deploy." - } - }, - "storageAccountResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions." - } - }, - "appInsightResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Resource ID of the app insight to leverage for this resource." - } - }, - "setAzureWebJobsDashboard": { - "type": "bool", - "defaultValue": "[if(contains(parameters('kind'), 'functionapp'), true(), false())]", - "metadata": { - "description": "Optional. For function apps. If true the app settings \"AzureWebJobsDashboard\" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons." - } - }, - "appSettingsKeyValuePairs": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Web/sites/config", - "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}', parameters('appName'), 'appsettings')]", - "kind": "[parameters('kind')]", - "properties": "[union(parameters('appSettingsKeyValuePairs'), if(not(empty(parameters('storageAccountResourceId'))), union(createObject('AzureWebJobsStorage', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};', last(split(parameters('storageAccountResourceId'), '/')), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountResourceId'), '/')[2], split(parameters('storageAccountResourceId'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2023-01-01').keys[0].value)), if(equals(parameters('setAzureWebJobsDashboard'), true()), createObject('AzureWebJobsDashboard', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};', last(split(parameters('storageAccountResourceId'), '/')), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountResourceId'), '/')[2], split(parameters('storageAccountResourceId'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2023-01-01').keys[0].value)), createObject())), createObject()), if(not(empty(parameters('appInsightResourceId'))), createObject('APPINSIGHTS_INSTRUMENTATIONKEY', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('appInsightResourceId'), '/')[2], split(parameters('appInsightResourceId'), '/')[4]), 'Microsoft.Insights/components', last(split(parameters('appInsightResourceId'), '/'))), '2020-02-02').InstrumentationKey, 'APPLICATIONINSIGHTS_CONNECTION_STRING', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('appInsightResourceId'), '/')[2], split(parameters('appInsightResourceId'), '/')[4]), 'Microsoft.Insights/components', last(split(parameters('appInsightResourceId'), '/'))), '2020-02-02').ConnectionString), createObject()))]" - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the site config." - }, - "value": "appsettings" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the site config." - }, - "value": "[resourceId('Microsoft.Web/sites/config', parameters('appName'), 'appsettings')]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the site config was deployed into." - }, - "value": "[resourceGroup().name]" - } - } -} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/site/config--authsettingsv2/main.json b/bicep-examples/dependencies/modules/webApp/site/config--authsettingsv2/main.json deleted file mode 100644 index 3ecec71..0000000 --- a/bicep-examples/dependencies/modules/webApp/site/config--authsettingsv2/main.json +++ /dev/null @@ -1,94 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "1120403064106188130" - }, - "name": "Site Auth Settings V2 Config", - "description": "This module deploys a Site Auth Settings V2 Configuration.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "appName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." - } - }, - "kind": { - "type": "string", - "allowedValues": [ - "functionapp", - "functionapp,linux", - "functionapp,workflowapp", - "functionapp,workflowapp,linux", - "app" - ], - "metadata": { - "description": "Required. Type of site to deploy." - } - }, - "authSettingV2Configuration": { - "type": "object", - "metadata": { - "description": "Required. The auth settings V2 configuration." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Web/sites/config", - "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}', parameters('appName'), 'authsettingsV2')]", - "kind": "[parameters('kind')]", - "properties": "[parameters('authSettingV2Configuration')]" - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the site config." - }, - "value": "authsettingsV2" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the site config." - }, - "value": "[resourceId('Microsoft.Web/sites/config', parameters('appName'), 'authsettingsV2')]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the site config was deployed into." - }, - "value": "[resourceGroup().name]" - } - } -} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/README.md b/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/README.md deleted file mode 100644 index 20be37a..0000000 --- a/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/README.md +++ /dev/null @@ -1,84 +0,0 @@ -# Web/Function Apps Hybrid Connection Relay `[Microsoft.Web/sites/hybridConnectionNamespaces/relays]` - -This module deploys a Site Hybrid Connection Namespace Relay. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Web/sites/hybridConnectionNamespaces/relays` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites/hybridConnectionNamespaces/relays) | - -## Parameters - -**Required parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`hybridConnectionResourceId`](#parameter-hybridconnectionresourceid) | string | The resource ID of the relay namespace hybrid connection. | - -**Conditional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`appName`](#parameter-appname) | string | The name of the parent web site. Required if the template is used in a standalone deployment. | - -**Optional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -| [`location`](#parameter-location) | string | Location for all Resources. | -| [`sendKeyName`](#parameter-sendkeyname) | string | Name of the authorization rule send key to use. | - -### Parameter: `appName` - -The name of the parent web site. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `hybridConnectionResourceId` - -The resource ID of the relay namespace hybrid connection. -- Required: Yes -- Type: string - -### Parameter: `location` - -Location for all Resources. -- Required: No -- Type: string -- Default: `[resourceGroup().location]` - -### Parameter: `sendKeyName` - -Name of the authorization rule send key to use. -- Required: No -- Type: string -- Default: `'defaultSender'` - - -## Outputs - -| Output | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the hybrid connection relay.. | -| `resourceGroupName` | string | The name of the resource group the resource was deployed into. | -| `resourceId` | string | The resource ID of the hybrid connection relay. | - -## Cross-referenced modules - -_None_ diff --git a/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/main.bicep b/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/main.bicep deleted file mode 100644 index f1972af..0000000 --- a/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/main.bicep +++ /dev/null @@ -1,66 +0,0 @@ -metadata name = 'Web/Function Apps Hybrid Connection Relay' -metadata description = 'This module deploys a Site Hybrid Connection Namespace Relay.' -metadata owner = 'Azure/module-maintainers' - -@description('Required. The resource ID of the relay namespace hybrid connection.') -param hybridConnectionResourceId string - -@description('Conditional. The name of the parent web site. Required if the template is used in a standalone deployment.') -param appName string - -@description('Optional. Name of the authorization rule send key to use.') -param sendKeyName string = 'defaultSender' - -@description('Optional. Location for all Resources.') -param location string = resourceGroup().location - -@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource namespace 'Microsoft.Relay/namespaces@2021-11-01' existing = { - name: split(hybridConnectionResourceId, '/')[8] - scope: resourceGroup(split(hybridConnectionResourceId, '/')[2], split(hybridConnectionResourceId, '/')[4]) - - resource hybridConnection 'hybridConnections@2021-11-01' existing = { - name: split(hybridConnectionResourceId, '/')[10] - - resource authorizationRule 'authorizationRules@2021-11-01' existing = { - name: sendKeyName - } - } -} - -resource hybridConnectionRelay 'Microsoft.Web/sites/hybridConnectionNamespaces/relays@2022-09-01' = { - name: '${appName}/${namespace.name}/${namespace::hybridConnection.name}' - properties: { - serviceBusNamespace: namespace.name - serviceBusSuffix: split(substring(namespace.properties.serviceBusEndpoint, indexOf(namespace.properties.serviceBusEndpoint, '.servicebus')), ':')[0] - relayName: namespace::hybridConnection.name - relayArmUri: namespace::hybridConnection.id - hostname: split(json(namespace::hybridConnection.properties.userMetadata)[0].value, ':')[0] - port: int(split(json(namespace::hybridConnection.properties.userMetadata)[0].value, ':')[1]) - sendKeyName: namespace::hybridConnection::authorizationRule.name - sendKeyValue: namespace::hybridConnection::authorizationRule.listKeys().primaryKey - } -} - -@description('The name of the hybrid connection relay..') -output name string = hybridConnectionRelay.name - -@description('The resource ID of the hybrid connection relay.') -output resourceId string = hybridConnectionRelay.id - -@description('The name of the resource group the resource was deployed into.') -output resourceGroupName string = resourceGroup().name diff --git a/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/main.json b/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/main.json deleted file mode 100644 index bc3ae19..0000000 --- a/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/main.json +++ /dev/null @@ -1,103 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "10458383238656360850" - }, - "name": "Web/Function Apps Hybrid Connection Relay", - "description": "This module deploys a Site Hybrid Connection Namespace Relay.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "hybridConnectionResourceId": { - "type": "string", - "metadata": { - "description": "Required. The resource ID of the relay namespace hybrid connection." - } - }, - "appName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent web site. Required if the template is used in a standalone deployment." - } - }, - "sendKeyName": { - "type": "string", - "defaultValue": "defaultSender", - "metadata": { - "description": "Optional. Name of the authorization rule send key to use." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all Resources." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Web/sites/hybridConnectionNamespaces/relays", - "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}/{2}', parameters('appName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]", - "properties": { - "serviceBusNamespace": "[split(parameters('hybridConnectionResourceId'), '/')[8]]", - "serviceBusSuffix": "[split(substring(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces', split(parameters('hybridConnectionResourceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, indexOf(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces', split(parameters('hybridConnectionResourceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, '.servicebus')), ':')[0]]", - "relayName": "[split(parameters('hybridConnectionResourceId'), '/')[10]]", - "relayArmUri": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]", - "hostname": "[split(json(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '2021-11-01').userMetadata)[0].value, ':')[0]]", - "port": "[int(split(json(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '2021-11-01').userMetadata)[0].value, ':')[1])]", - "sendKeyName": "[parameters('sendKeyName')]", - "sendKeyValue": "[listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections/authorizationRules', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10], parameters('sendKeyName')), '2021-11-01').primaryKey]" - } - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the hybrid connection relay.." - }, - "value": "[format('{0}/{1}/{2}', parameters('appName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the hybrid connection relay." - }, - "value": "[resourceId('Microsoft.Web/sites/hybridConnectionNamespaces/relays', split(format('{0}/{1}/{2}', parameters('appName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[0], split(format('{0}/{1}/{2}', parameters('appName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[1], split(format('{0}/{1}/{2}', parameters('appName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[2])]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The name of the resource group the resource was deployed into." - }, - "value": "[resourceGroup().name]" - } - } -} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/version.json b/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/version.json deleted file mode 100644 index 96236a6..0000000 --- a/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/version.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.4", - "pathFilters": [ - "./main.json" - ] -} diff --git a/bicep-examples/dependencies/modules/webApp/site/main.json b/bicep-examples/dependencies/modules/webApp/site/main.json deleted file mode 100644 index 72f1e89..0000000 --- a/bicep-examples/dependencies/modules/webApp/site/main.json +++ /dev/null @@ -1,4095 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "languageVersion": "2.0", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "3962832552855663187" - }, - "name": "Web/Function Apps", - "description": "This module deploys a Web or Function App.", - "owner": "Azure/module-maintainers" - }, - "definitions": { - "managedIdentitiesType": { - "type": "object", - "properties": { - "systemAssigned": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Enables system assigned managed identity on the resource." - } - }, - "userAssignedResourcesIds": { - "type": "array", - "items": { - "type": "string" - }, - "nullable": true, - "metadata": { - "description": "Optional. The resource ID(s) to assign to the resource." - } - } - }, - "nullable": true - }, - "lockType": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Specify the name of lock." - } - }, - "kind": { - "type": "string", - "allowedValues": [ - "CanNotDelete", - "None", - "ReadOnly" - ], - "nullable": true, - "metadata": { - "description": "Optional. Specify the type of lock." - } - } - }, - "nullable": true - }, - "roleAssignmentType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." - } - }, - "principalId": { - "type": "string", - "metadata": { - "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." - } - }, - "principalType": { - "type": "string", - "allowedValues": [ - "Device", - "ForeignGroup", - "Group", - "ServicePrincipal", - "User" - ], - "nullable": true, - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "description": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "condition": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" - } - }, - "conditionVersion": { - "type": "string", - "allowedValues": [ - "2.0" - ], - "nullable": true, - "metadata": { - "description": "Optional. Version of the condition." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The Resource Id of the delegated managed identity resource." - } - } - } - }, - "nullable": true - }, - "privateEndpointType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name of the private endpoint." - } - }, - "location": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The location to deploy the private endpoint to." - } - }, - "service": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." - } - }, - "subnetResourceId": { - "type": "string", - "metadata": { - "description": "Required. Resource ID of the subnet where the endpoint needs to be created." - } - }, - "privateDnsZoneGroupName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." - } - }, - "privateDnsZoneResourceIds": { - "type": "array", - "items": { - "type": "string" - }, - "nullable": true, - "metadata": { - "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." - } - }, - "customDnsConfigs": { - "type": "array", - "items": { - "type": "object", - "properties": { - "fqdn": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." - } - }, - "ipAddresses": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." - } - } - } - }, - "nullable": true, - "metadata": { - "description": "Optional. Custom DNS configurations." - } - }, - "ipConfigurations": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the resource that is unique within a resource group." - } - }, - "properties": { - "type": "object", - "properties": { - "groupId": { - "type": "string", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "memberName": { - "type": "string", - "metadata": { - "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateIPAddress": { - "type": "string", - "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." - } - } - }, - "metadata": { - "description": "Required. Properties of private endpoint IP configurations." - } - } - } - }, - "nullable": true, - "metadata": { - "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." - } - }, - "applicationSecurityGroupResourceIds": { - "type": "array", - "items": { - "type": "string" - }, - "nullable": true, - "metadata": { - "description": "Optional. Application security groups in which the private endpoint IP configuration is included." - } - }, - "customNetworkInterfaceName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The custom name of the network interface attached to the private endpoint." - } - }, - "lock": { - "$ref": "#/definitions/lockType", - "metadata": { - "description": "Optional. Specify the type of lock." - } - }, - "roleAssignments": { - "$ref": "#/definitions/roleAssignmentType", - "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "tags": { - "type": "object", - "nullable": true, - "metadata": { - "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." - } - }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, - "enableTelemetry": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Enable/Disable usage telemetry for module." - } - } - } - }, - "nullable": true - }, - "diagnosticSettingType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name of diagnostic setting." - } - }, - "logCategoriesAndGroups": { - "type": "array", - "items": { - "type": "object", - "properties": { - "category": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here." - } - }, - "categoryGroup": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs." - } - } - } - }, - "nullable": true, - "metadata": { - "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection." - } - }, - "metricCategories": { - "type": "array", - "items": { - "type": "object", - "properties": { - "category": { - "type": "string", - "metadata": { - "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics." - } - } - } - }, - "nullable": true, - "metadata": { - "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection." - } - }, - "logAnalyticsDestinationType": { - "type": "string", - "allowedValues": [ - "AzureDiagnostics", - "Dedicated" - ], - "nullable": true, - "metadata": { - "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type." - } - }, - "workspaceResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." - } - }, - "storageAccountResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." - } - }, - "eventHubAuthorizationRuleResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." - } - }, - "eventHubName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." - } - }, - "marketplacePartnerResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs." - } - } - } - }, - "nullable": true - } - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. Name of the site." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all Resources." - } - }, - "kind": { - "type": "string", - "allowedValues": [ - "functionapp", - "functionapp,linux", - "functionapp,workflowapp", - "functionapp,workflowapp,linux", - "app" - ], - "metadata": { - "description": "Required. Type of site to deploy." - } - }, - "serverFarmResourceId": { - "type": "string", - "metadata": { - "description": "Required. The resource ID of the app service plan to use for the site." - } - }, - "httpsOnly": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Configures a site to accept only HTTPS requests. Issues redirect for HTTP requests." - } - }, - "clientAffinityEnabled": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. If client affinity is enabled." - } - }, - "appServiceEnvironmentResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The resource ID of the app service environment to use for this resource." - } - }, - "managedIdentities": { - "$ref": "#/definitions/managedIdentitiesType", - "metadata": { - "description": "Optional. The managed identity definition for this resource." - } - }, - "keyVaultAccessIdentityResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The resource ID of the assigned identity to be used to access a key vault with." - } - }, - "storageAccountRequired": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. Checks if Customer provided storage account is required." - } - }, - "virtualNetworkSubnetId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}." - } - }, - "vnetContentShareEnabled": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. To enable accessing content over virtual network." - } - }, - "vnetImagePullEnabled": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. To enable pulling image over Virtual Network." - } - }, - "vnetRouteAllEnabled": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied." - } - }, - "scmSiteAlsoStopped": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. Stop SCM (KUDU) site when the app is stopped." - } - }, - "siteConfig": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The site config object." - } - }, - "storageAccountResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions." - } - }, - "appInsightResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Resource ID of the app insight to leverage for this resource." - } - }, - "setAzureWebJobsDashboard": { - "type": "bool", - "defaultValue": "[if(contains(parameters('kind'), 'functionapp'), true(), false())]", - "metadata": { - "description": "Optional. For function apps. If true the app settings \"AzureWebJobsDashboard\" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons." - } - }, - "appSettingsKeyValuePairs": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING." - } - }, - "authSettingV2Configuration": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The auth settings V2 configuration." - } - }, - "lock": { - "$ref": "#/definitions/lockType", - "metadata": { - "description": "Optional. The lock settings of the service." - } - }, - "privateEndpoints": { - "$ref": "#/definitions/privateEndpointType", - "metadata": { - "description": "Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible." - } - }, - "slots": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. Configuration for deployment slots for an app." - } - }, - "tags": { - "type": "object", - "nullable": true, - "metadata": { - "description": "Optional. Tags of the resource." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - }, - "roleAssignments": { - "$ref": "#/definitions/roleAssignmentType", - "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "diagnosticSettings": { - "$ref": "#/definitions/diagnosticSettingType", - "metadata": { - "description": "Optional. The diagnostic settings of the service." - } - }, - "clientCertEnabled": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. To enable client certificate authentication (TLS mutual authentication)." - } - }, - "clientCertExclusionPaths": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Client certificate authentication comma-separated exclusion paths." - } - }, - "clientCertMode": { - "type": "string", - "defaultValue": "Optional", - "allowedValues": [ - "Optional", - "OptionalInteractiveUser", - "Required" - ], - "metadata": { - "description": "Optional. This composes with ClientCertEnabled setting.
- ClientCertEnabled: false means ClientCert is ignored.- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted." - } - }, - "cloningInfo": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. If specified during app creation, the app is cloned from a source app." - } - }, - "containerSize": { - "type": "int", - "defaultValue": -1, - "metadata": { - "description": "Optional. Size of the function container." - } - }, - "customDomainVerificationId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification." - } - }, - "dailyMemoryTimeQuota": { - "type": "int", - "defaultValue": -1, - "metadata": { - "description": "Optional. Maximum allowed daily memory-time quota (applicable on dynamic apps only)." - } - }, - "enabled": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Setting this value to false disables the app (takes the app offline)." - } - }, - "hostNameSslStates": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. Hostname SSL states are used to manage the SSL bindings for app's hostnames." - } - }, - "hyperV": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. Hyper-V sandbox." - } - }, - "redundancyMode": { - "type": "string", - "defaultValue": "None", - "allowedValues": [ - "ActiveActive", - "Failover", - "GeoRedundant", - "Manual", - "None" - ], - "metadata": { - "description": "Optional. Site redundancy mode." - } - }, - "basicPublishingCredentialsPolicies": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. The site publishing credential policy names which are associated with the sites." - } - }, - "hybridConnectionRelays": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. Names of hybrid connection relays to connect app with." - } - }, - "publicNetworkAccess": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "Enabled", - "Disabled" - ], - "metadata": { - "description": "Optional. Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set." - } - } - }, - "variables": { - "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", - "enableReferencedModulesTelemetry": false, - "builtInRoleNames": { - "App Compliance Automation Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f37683f-2463-46b6-9ce7-9b788b988ba2')]", - "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", - "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", - "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", - "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", - "Web Plan Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b')]", - "Website Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772')]" - } - }, - "resources": { - "defaultTelemetry": { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - "app": { - "type": "Microsoft.Web/sites", - "apiVersion": "2022-09-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "kind": "[parameters('kind')]", - "tags": "[parameters('tags')]", - "identity": "[variables('identity')]", - "properties": { - "serverFarmId": "[parameters('serverFarmResourceId')]", - "clientAffinityEnabled": "[parameters('clientAffinityEnabled')]", - "httpsOnly": "[parameters('httpsOnly')]", - "hostingEnvironmentProfile": "[if(not(empty(parameters('appServiceEnvironmentResourceId'))), createObject('id', parameters('appServiceEnvironmentResourceId')), null())]", - "storageAccountRequired": "[parameters('storageAccountRequired')]", - "keyVaultReferenceIdentity": "[if(not(empty(parameters('keyVaultAccessIdentityResourceId'))), parameters('keyVaultAccessIdentityResourceId'), null())]", - "virtualNetworkSubnetId": "[if(not(empty(parameters('virtualNetworkSubnetId'))), parameters('virtualNetworkSubnetId'), null())]", - "siteConfig": "[parameters('siteConfig')]", - "clientCertEnabled": "[parameters('clientCertEnabled')]", - "clientCertExclusionPaths": "[if(not(empty(parameters('clientCertExclusionPaths'))), parameters('clientCertExclusionPaths'), null())]", - "clientCertMode": "[parameters('clientCertMode')]", - "cloningInfo": "[if(not(empty(parameters('cloningInfo'))), parameters('cloningInfo'), null())]", - "containerSize": "[if(not(equals(parameters('containerSize'), -1)), parameters('containerSize'), null())]", - "customDomainVerificationId": "[if(not(empty(parameters('customDomainVerificationId'))), parameters('customDomainVerificationId'), null())]", - "dailyMemoryTimeQuota": "[if(not(equals(parameters('dailyMemoryTimeQuota'), -1)), parameters('dailyMemoryTimeQuota'), null())]", - "enabled": "[parameters('enabled')]", - "hostNameSslStates": "[parameters('hostNameSslStates')]", - "hyperV": "[parameters('hyperV')]", - "redundancyMode": "[parameters('redundancyMode')]", - "publicNetworkAccess": "[if(not(empty(parameters('publicNetworkAccess'))), parameters('publicNetworkAccess'), if(not(empty(parameters('privateEndpoints'))), 'Disabled', 'Enabled'))]", - "vnetContentShareEnabled": "[parameters('vnetContentShareEnabled')]", - "vnetImagePullEnabled": "[parameters('vnetImagePullEnabled')]", - "vnetRouteAllEnabled": "[parameters('vnetRouteAllEnabled')]", - "scmSiteAlsoStopped": "[parameters('scmSiteAlsoStopped')]" - } - }, - "app_lock": { - "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Web/sites/{0}', parameters('name'))]", - "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", - "properties": { - "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" - }, - "dependsOn": [ - "app" - ] - }, - "app_diagnosticSettings": { - "copy": { - "name": "app_diagnosticSettings", - "count": "[length(coalesce(parameters('diagnosticSettings'), createArray()))]" - }, - "type": "Microsoft.Insights/diagnosticSettings", - "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.Web/sites/{0}', parameters('name'))]", - "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", - "properties": { - "storageAccountId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'storageAccountResourceId')]", - "workspaceId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'workspaceResourceId')]", - "eventHubAuthorizationRuleId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubAuthorizationRuleResourceId')]", - "eventHubName": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubName')]", - "metrics": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics', 'timeGrain', null(), 'enabled', true())))]", - "logs": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), createArray(createObject('categoryGroup', 'AllLogs', 'enabled', true())))]", - "marketplacePartnerId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'marketplacePartnerResourceId')]", - "logAnalyticsDestinationType": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logAnalyticsDestinationType')]" - }, - "dependsOn": [ - "app" - ] - }, - "app_roleAssignments": { - "copy": { - "name": "app_roleAssignments", - "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]" - }, - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Web/sites/{0}', parameters('name'))]", - "name": "[guid(resourceId('Microsoft.Web/sites', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", - "properties": { - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", - "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", - "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", - "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", - "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]", - "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", - "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" - }, - "dependsOn": [ - "app" - ] - }, - "app_appsettings": { - "condition": "[not(empty(parameters('appSettingsKeyValuePairs')))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-Site-Config-AppSettings', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "appName": { - "value": "[parameters('name')]" - }, - "kind": { - "value": "[parameters('kind')]" - }, - "storageAccountResourceId": { - "value": "[parameters('storageAccountResourceId')]" - }, - "appInsightResourceId": { - "value": "[parameters('appInsightResourceId')]" - }, - "setAzureWebJobsDashboard": { - "value": "[parameters('setAzureWebJobsDashboard')]" - }, - "appSettingsKeyValuePairs": { - "value": "[parameters('appSettingsKeyValuePairs')]" - }, - "enableDefaultTelemetry": { - "value": "[variables('enableReferencedModulesTelemetry')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "12140652943143922490" - }, - "name": "Site App Settings", - "description": "This module deploys a Site App Setting.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "appName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." - } - }, - "kind": { - "type": "string", - "allowedValues": [ - "functionapp", - "functionapp,linux", - "functionapp,workflowapp", - "functionapp,workflowapp,linux", - "app" - ], - "metadata": { - "description": "Required. Type of site to deploy." - } - }, - "storageAccountResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions." - } - }, - "appInsightResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Resource ID of the app insight to leverage for this resource." - } - }, - "setAzureWebJobsDashboard": { - "type": "bool", - "defaultValue": "[if(contains(parameters('kind'), 'functionapp'), true(), false())]", - "metadata": { - "description": "Optional. For function apps. If true the app settings \"AzureWebJobsDashboard\" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons." - } - }, - "appSettingsKeyValuePairs": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Web/sites/config", - "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}', parameters('appName'), 'appsettings')]", - "kind": "[parameters('kind')]", - "properties": "[union(parameters('appSettingsKeyValuePairs'), if(not(empty(parameters('storageAccountResourceId'))), union(createObject('AzureWebJobsStorage', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};', last(split(parameters('storageAccountResourceId'), '/')), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountResourceId'), '/')[2], split(parameters('storageAccountResourceId'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2023-01-01').keys[0].value)), if(equals(parameters('setAzureWebJobsDashboard'), true()), createObject('AzureWebJobsDashboard', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};', last(split(parameters('storageAccountResourceId'), '/')), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountResourceId'), '/')[2], split(parameters('storageAccountResourceId'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2023-01-01').keys[0].value)), createObject())), createObject()), if(not(empty(parameters('appInsightResourceId'))), createObject('APPINSIGHTS_INSTRUMENTATIONKEY', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('appInsightResourceId'), '/')[2], split(parameters('appInsightResourceId'), '/')[4]), 'Microsoft.Insights/components', last(split(parameters('appInsightResourceId'), '/'))), '2020-02-02').InstrumentationKey, 'APPLICATIONINSIGHTS_CONNECTION_STRING', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('appInsightResourceId'), '/')[2], split(parameters('appInsightResourceId'), '/')[4]), 'Microsoft.Insights/components', last(split(parameters('appInsightResourceId'), '/'))), '2020-02-02').ConnectionString), createObject()))]" - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the site config." - }, - "value": "appsettings" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the site config." - }, - "value": "[resourceId('Microsoft.Web/sites/config', parameters('appName'), 'appsettings')]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the site config was deployed into." - }, - "value": "[resourceGroup().name]" - } - } - } - }, - "dependsOn": [ - "app" - ] - }, - "app_authsettingsv2": { - "condition": "[not(empty(parameters('authSettingV2Configuration')))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-Site-Config-AuthSettingsV2', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "appName": { - "value": "[parameters('name')]" - }, - "kind": { - "value": "[parameters('kind')]" - }, - "authSettingV2Configuration": { - "value": "[parameters('authSettingV2Configuration')]" - }, - "enableDefaultTelemetry": { - "value": "[variables('enableReferencedModulesTelemetry')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "1120403064106188130" - }, - "name": "Site Auth Settings V2 Config", - "description": "This module deploys a Site Auth Settings V2 Configuration.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "appName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." - } - }, - "kind": { - "type": "string", - "allowedValues": [ - "functionapp", - "functionapp,linux", - "functionapp,workflowapp", - "functionapp,workflowapp,linux", - "app" - ], - "metadata": { - "description": "Required. Type of site to deploy." - } - }, - "authSettingV2Configuration": { - "type": "object", - "metadata": { - "description": "Required. The auth settings V2 configuration." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Web/sites/config", - "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}', parameters('appName'), 'authsettingsV2')]", - "kind": "[parameters('kind')]", - "properties": "[parameters('authSettingV2Configuration')]" - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the site config." - }, - "value": "authsettingsV2" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the site config." - }, - "value": "[resourceId('Microsoft.Web/sites/config', parameters('appName'), 'authsettingsV2')]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the site config was deployed into." - }, - "value": "[resourceGroup().name]" - } - } - } - }, - "dependsOn": [ - "app" - ] - }, - "app_slots": { - "copy": { - "name": "app_slots", - "count": "[length(parameters('slots'))]", - "mode": "serial", - "batchSize": 1 - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-Slot-{1}', uniqueString(deployment().name, parameters('location')), parameters('slots')[copyIndex()].name)]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[parameters('slots')[copyIndex()].name]" - }, - "appName": { - "value": "[parameters('name')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "kind": { - "value": "[parameters('kind')]" - }, - "serverFarmResourceId": { - "value": "[parameters('serverFarmResourceId')]" - }, - "httpsOnly": "[if(contains(parameters('slots')[copyIndex()], 'httpsOnly'), createObject('value', parameters('slots')[copyIndex()].httpsOnly), createObject('value', parameters('httpsOnly')))]", - "appServiceEnvironmentResourceId": "[if(not(empty(parameters('appServiceEnvironmentResourceId'))), createObject('value', parameters('appServiceEnvironmentResourceId')), createObject('value', ''))]", - "clientAffinityEnabled": "[if(contains(parameters('slots')[copyIndex()], 'clientAffinityEnabled'), createObject('value', parameters('slots')[copyIndex()].clientAffinityEnabled), createObject('value', parameters('clientAffinityEnabled')))]", - "managedIdentities": "[if(contains(parameters('slots')[copyIndex()], 'managedIdentities'), createObject('value', parameters('slots')[copyIndex()].managedIdentities), createObject('value', parameters('managedIdentities')))]", - "keyVaultAccessIdentityResourceId": "[if(contains(parameters('slots')[copyIndex()], 'keyVaultAccessIdentityResourceId'), createObject('value', parameters('slots')[copyIndex()].keyVaultAccessIdentityResourceId), createObject('value', parameters('keyVaultAccessIdentityResourceId')))]", - "storageAccountRequired": "[if(contains(parameters('slots')[copyIndex()], 'storageAccountRequired'), createObject('value', parameters('slots')[copyIndex()].storageAccountRequired), createObject('value', parameters('storageAccountRequired')))]", - "virtualNetworkSubnetId": "[if(contains(parameters('slots')[copyIndex()], 'virtualNetworkSubnetId'), createObject('value', parameters('slots')[copyIndex()].virtualNetworkSubnetId), createObject('value', parameters('virtualNetworkSubnetId')))]", - "siteConfig": "[if(contains(parameters('slots')[copyIndex()], 'siteConfig'), createObject('value', parameters('slots')[copyIndex()].siteConfig), createObject('value', parameters('siteConfig')))]", - "storageAccountResourceId": "[if(contains(parameters('slots')[copyIndex()], 'storageAccountResourceId'), createObject('value', parameters('slots')[copyIndex()].storageAccountResourceId), createObject('value', parameters('storageAccountResourceId')))]", - "appInsightResourceId": "[if(contains(parameters('slots')[copyIndex()], 'appInsightResourceId'), createObject('value', parameters('slots')[copyIndex()].appInsightResourceId), createObject('value', parameters('appInsightResourceId')))]", - "setAzureWebJobsDashboard": "[if(contains(parameters('slots')[copyIndex()], 'setAzureWebJobsDashboard'), createObject('value', parameters('slots')[copyIndex()].setAzureWebJobsDashboard), createObject('value', parameters('setAzureWebJobsDashboard')))]", - "authSettingV2Configuration": "[if(contains(parameters('slots')[copyIndex()], 'authSettingV2Configuration'), createObject('value', parameters('slots')[copyIndex()].authSettingV2Configuration), createObject('value', parameters('authSettingV2Configuration')))]", - "enableDefaultTelemetry": { - "value": "[variables('enableReferencedModulesTelemetry')]" - }, - "diagnosticSettings": { - "value": "[tryGet(parameters('slots')[copyIndex()], 'diagnosticSettings')]" - }, - "roleAssignments": "[if(contains(parameters('slots')[copyIndex()], 'roleAssignments'), createObject('value', parameters('slots')[copyIndex()].roleAssignments), createObject('value', parameters('roleAssignments')))]", - "appSettingsKeyValuePairs": "[if(contains(parameters('slots')[copyIndex()], 'appSettingsKeyValuePairs'), createObject('value', parameters('slots')[copyIndex()].appSettingsKeyValuePairs), createObject('value', parameters('appSettingsKeyValuePairs')))]", - "lock": { - "value": "[coalesce(tryGet(parameters('slots')[copyIndex()], 'lock'), parameters('lock'))]" - }, - "privateEndpoints": "[if(contains(parameters('slots')[copyIndex()], 'privateEndpoints'), createObject('value', parameters('slots')[copyIndex()].privateEndpoints), createObject('value', parameters('privateEndpoints')))]", - "tags": { - "value": "[coalesce(tryGet(parameters('slots')[copyIndex()], 'tags'), parameters('tags'))]" - }, - "clientCertEnabled": "[if(contains(parameters('slots')[copyIndex()], 'clientCertEnabled'), createObject('value', parameters('slots')[copyIndex()].clientCertEnabled), createObject('value', false()))]", - "clientCertExclusionPaths": "[if(contains(parameters('slots')[copyIndex()], 'clientCertExclusionPaths'), createObject('value', parameters('slots')[copyIndex()].clientCertExclusionPaths), createObject('value', ''))]", - "clientCertMode": "[if(contains(parameters('slots')[copyIndex()], 'clientCertMode'), createObject('value', parameters('slots')[copyIndex()].clientCertMode), createObject('value', 'Optional'))]", - "cloningInfo": "[if(contains(parameters('slots')[copyIndex()], 'cloningInfo'), createObject('value', parameters('slots')[copyIndex()].cloningInfo), createObject('value', createObject()))]", - "containerSize": "[if(contains(parameters('slots')[copyIndex()], 'containerSize'), createObject('value', parameters('slots')[copyIndex()].containerSize), createObject('value', -1))]", - "customDomainVerificationId": "[if(contains(parameters('slots')[copyIndex()], 'customDomainVerificationId'), createObject('value', parameters('slots')[copyIndex()].customDomainVerificationId), createObject('value', ''))]", - "dailyMemoryTimeQuota": "[if(contains(parameters('slots')[copyIndex()], 'dailyMemoryTimeQuota'), createObject('value', parameters('slots')[copyIndex()].dailyMemoryTimeQuota), createObject('value', -1))]", - "enabled": "[if(contains(parameters('slots')[copyIndex()], 'enabled'), createObject('value', parameters('slots')[copyIndex()].enabled), createObject('value', true()))]", - "hostNameSslStates": "[if(contains(parameters('slots')[copyIndex()], 'hostNameSslStates'), createObject('value', parameters('slots')[copyIndex()].hostNameSslStates), createObject('value', createArray()))]", - "hyperV": "[if(contains(parameters('slots')[copyIndex()], 'hyperV'), createObject('value', parameters('slots')[copyIndex()].hyperV), createObject('value', false()))]", - "publicNetworkAccess": "[if(contains(parameters('slots')[copyIndex()], 'publicNetworkAccess'), createObject('value', parameters('slots')[copyIndex()].publicNetworkAccess), createObject('value', ''))]", - "redundancyMode": "[if(contains(parameters('slots')[copyIndex()], 'redundancyMode'), createObject('value', parameters('slots')[copyIndex()].redundancyMode), createObject('value', 'None'))]", - "vnetContentShareEnabled": "[if(contains(parameters('slots')[copyIndex()], 'vnetContentShareEnabled'), createObject('value', parameters('slots')[copyIndex()].vnetContentShareEnabled), createObject('value', false()))]", - "vnetImagePullEnabled": "[if(contains(parameters('slots')[copyIndex()], 'vnetImagePullEnabled'), createObject('value', parameters('slots')[copyIndex()].vnetImagePullEnabled), createObject('value', false()))]", - "vnetRouteAllEnabled": "[if(contains(parameters('slots')[copyIndex()], 'vnetRouteAllEnabled'), createObject('value', parameters('slots')[copyIndex()].vnetRouteAllEnabled), createObject('value', false()))]", - "hybridConnectionRelays": "[if(contains(parameters('slots')[copyIndex()], 'hybridConnectionRelays'), createObject('value', parameters('slots')[copyIndex()].hybridConnectionRelays), createObject('value', createArray()))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "languageVersion": "2.0", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "842322474793993092" - }, - "name": "Web/Function App Deployment Slots", - "description": "This module deploys a Web or Function App Deployment Slot.", - "owner": "Azure/module-maintainers" - }, - "definitions": { - "managedIdentitiesType": { - "type": "object", - "properties": { - "systemAssigned": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Enables system assigned managed identity on the resource." - } - }, - "userAssignedResourcesIds": { - "type": "array", - "items": { - "type": "string" - }, - "nullable": true, - "metadata": { - "description": "Optional. The resource ID(s) to assign to the resource." - } - } - }, - "nullable": true - }, - "lockType": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Specify the name of lock." - } - }, - "kind": { - "type": "string", - "allowedValues": [ - "CanNotDelete", - "None", - "ReadOnly" - ], - "nullable": true, - "metadata": { - "description": "Optional. Specify the type of lock." - } - } - }, - "nullable": true - }, - "roleAssignmentType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." - } - }, - "principalId": { - "type": "string", - "metadata": { - "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." - } - }, - "principalType": { - "type": "string", - "allowedValues": [ - "Device", - "ForeignGroup", - "Group", - "ServicePrincipal", - "User" - ], - "nullable": true, - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "description": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "condition": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" - } - }, - "conditionVersion": { - "type": "string", - "allowedValues": [ - "2.0" - ], - "nullable": true, - "metadata": { - "description": "Optional. Version of the condition." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The Resource Id of the delegated managed identity resource." - } - } - } - }, - "nullable": true - }, - "privateEndpointType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name of the private endpoint." - } - }, - "location": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The location to deploy the private endpoint to." - } - }, - "service": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." - } - }, - "subnetResourceId": { - "type": "string", - "metadata": { - "description": "Required. Resource ID of the subnet where the endpoint needs to be created." - } - }, - "privateDnsZoneGroupName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." - } - }, - "privateDnsZoneResourceIds": { - "type": "array", - "items": { - "type": "string" - }, - "nullable": true, - "metadata": { - "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." - } - }, - "customDnsConfigs": { - "type": "array", - "items": { - "type": "object", - "properties": { - "fqdn": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." - } - }, - "ipAddresses": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." - } - } - } - }, - "nullable": true, - "metadata": { - "description": "Optional. Custom DNS configurations." - } - }, - "ipConfigurations": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the resource that is unique within a resource group." - } - }, - "properties": { - "type": "object", - "properties": { - "groupId": { - "type": "string", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "memberName": { - "type": "string", - "metadata": { - "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateIPAddress": { - "type": "string", - "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." - } - } - }, - "metadata": { - "description": "Required. Properties of private endpoint IP configurations." - } - } - } - }, - "nullable": true, - "metadata": { - "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." - } - }, - "applicationSecurityGroupResourceIds": { - "type": "array", - "items": { - "type": "string" - }, - "nullable": true, - "metadata": { - "description": "Optional. Application security groups in which the private endpoint IP configuration is included." - } - }, - "customNetworkInterfaceName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The custom name of the network interface attached to the private endpoint." - } - }, - "lock": { - "$ref": "#/definitions/lockType", - "metadata": { - "description": "Optional. Specify the type of lock." - } - }, - "roleAssignments": { - "$ref": "#/definitions/roleAssignmentType", - "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "tags": { - "type": "object", - "nullable": true, - "metadata": { - "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." - } - }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, - "enableTelemetry": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Enable/Disable usage telemetry for module." - } - } - } - }, - "nullable": true - }, - "diagnosticSettingType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name of diagnostic setting." - } - }, - "logCategoriesAndGroups": { - "type": "array", - "items": { - "type": "object", - "properties": { - "category": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here." - } - }, - "categoryGroup": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs." - } - } - } - }, - "nullable": true, - "metadata": { - "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection." - } - }, - "metricCategories": { - "type": "array", - "items": { - "type": "object", - "properties": { - "category": { - "type": "string", - "metadata": { - "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics." - } - } - } - }, - "nullable": true, - "metadata": { - "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection." - } - }, - "logAnalyticsDestinationType": { - "type": "string", - "allowedValues": [ - "AzureDiagnostics", - "Dedicated" - ], - "nullable": true, - "metadata": { - "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type." - } - }, - "workspaceResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." - } - }, - "storageAccountResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." - } - }, - "eventHubAuthorizationRuleResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." - } - }, - "eventHubName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." - } - }, - "marketplacePartnerResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs." - } - } - } - }, - "nullable": true - } - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. Name of the slot." - } - }, - "appName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all Resources." - } - }, - "kind": { - "type": "string", - "allowedValues": [ - "functionapp", - "functionapp,linux", - "functionapp,workflowapp", - "functionapp,workflowapp,linux", - "app" - ], - "metadata": { - "description": "Required. Type of slot to deploy." - } - }, - "serverFarmResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The resource ID of the app service plan to use for the slot." - } - }, - "httpsOnly": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Configures a slot to accept only HTTPS requests. Issues redirect for HTTP requests." - } - }, - "clientAffinityEnabled": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. If client affinity is enabled." - } - }, - "appServiceEnvironmentResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The resource ID of the app service environment to use for this resource." - } - }, - "managedIdentities": { - "$ref": "#/definitions/managedIdentitiesType", - "metadata": { - "description": "Optional. The managed identity definition for this resource." - } - }, - "keyVaultAccessIdentityResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The resource ID of the assigned identity to be used to access a key vault with." - } - }, - "storageAccountRequired": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. Checks if Customer provided storage account is required." - } - }, - "virtualNetworkSubnetId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}." - } - }, - "siteConfig": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The site config object." - } - }, - "storageAccountResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions." - } - }, - "appInsightResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Resource ID of the app insight to leverage for this resource." - } - }, - "setAzureWebJobsDashboard": { - "type": "bool", - "defaultValue": "[if(contains(parameters('kind'), 'functionapp'), true(), false())]", - "metadata": { - "description": "Optional. For function apps. If true the app settings \"AzureWebJobsDashboard\" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons." - } - }, - "appSettingsKeyValuePairs": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING." - } - }, - "authSettingV2Configuration": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The auth settings V2 configuration." - } - }, - "lock": { - "$ref": "#/definitions/lockType", - "metadata": { - "description": "Optional. The lock settings of the service." - } - }, - "privateEndpoints": { - "$ref": "#/definitions/privateEndpointType", - "metadata": { - "description": "Optional. Configuration details for private endpoints." - } - }, - "tags": { - "type": "object", - "nullable": true, - "metadata": { - "description": "Optional. Tags of the resource." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)." - } - }, - "roleAssignments": { - "$ref": "#/definitions/roleAssignmentType", - "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "diagnosticSettings": { - "$ref": "#/definitions/diagnosticSettingType", - "metadata": { - "description": "Optional. The diagnostic settings of the service." - } - }, - "clientCertEnabled": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. To enable client certificate authentication (TLS mutual authentication)." - } - }, - "clientCertExclusionPaths": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Client certificate authentication comma-separated exclusion paths." - } - }, - "clientCertMode": { - "type": "string", - "defaultValue": "Optional", - "allowedValues": [ - "Optional", - "OptionalInteractiveUser", - "Required" - ], - "metadata": { - "description": "Optional. This composes with ClientCertEnabled setting.- ClientCertEnabled: false means ClientCert is ignored.- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted." - } - }, - "cloningInfo": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. If specified during app creation, the app is cloned from a source app." - } - }, - "containerSize": { - "type": "int", - "defaultValue": -1, - "metadata": { - "description": "Optional. Size of the function container." - } - }, - "customDomainVerificationId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification." - } - }, - "dailyMemoryTimeQuota": { - "type": "int", - "defaultValue": -1, - "metadata": { - "description": "Optional. Maximum allowed daily memory-time quota (applicable on dynamic apps only)." - } - }, - "enabled": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Setting this value to false disables the app (takes the app offline)." - } - }, - "hostNameSslStates": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. Hostname SSL states are used to manage the SSL bindings for app's hostnames." - } - }, - "hyperV": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. Hyper-V sandbox." - } - }, - "publicNetworkAccess": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "Enabled", - "Disabled", - "" - ], - "metadata": { - "description": "Optional. Allow or block all public traffic." - } - }, - "redundancyMode": { - "type": "string", - "defaultValue": "None", - "allowedValues": [ - "ActiveActive", - "Failover", - "GeoRedundant", - "Manual", - "None" - ], - "metadata": { - "description": "Optional. Site redundancy mode." - } - }, - "vnetContentShareEnabled": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. To enable accessing content over virtual network." - } - }, - "vnetImagePullEnabled": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. To enable pulling image over Virtual Network." - } - }, - "vnetRouteAllEnabled": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied." - } - }, - "hybridConnectionRelays": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. Names of hybrid connection relays to connect app with." - } - } - }, - "variables": { - "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", - "enableReferencedModulesTelemetry": false, - "builtInRoleNames": { - "App Compliance Automation Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f37683f-2463-46b6-9ce7-9b788b988ba2')]", - "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", - "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", - "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", - "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", - "Web Plan Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b')]", - "Website Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772')]" - } - }, - "resources": { - "app": { - "existing": true, - "type": "Microsoft.Web/sites", - "apiVersion": "2021-03-01", - "name": "[parameters('appName')]" - }, - "defaultTelemetry": { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - "slot": { - "type": "Microsoft.Web/sites/slots", - "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}', parameters('appName'), parameters('name'))]", - "location": "[parameters('location')]", - "kind": "[parameters('kind')]", - "tags": "[parameters('tags')]", - "identity": "[variables('identity')]", - "properties": { - "serverFarmId": "[parameters('serverFarmResourceId')]", - "clientAffinityEnabled": "[parameters('clientAffinityEnabled')]", - "httpsOnly": "[parameters('httpsOnly')]", - "hostingEnvironmentProfile": "[if(not(empty(parameters('appServiceEnvironmentResourceId'))), createObject('id', parameters('appServiceEnvironmentResourceId')), null())]", - "storageAccountRequired": "[parameters('storageAccountRequired')]", - "keyVaultReferenceIdentity": "[if(not(empty(parameters('keyVaultAccessIdentityResourceId'))), parameters('keyVaultAccessIdentityResourceId'), null())]", - "virtualNetworkSubnetId": "[if(not(empty(parameters('virtualNetworkSubnetId'))), parameters('virtualNetworkSubnetId'), null())]", - "siteConfig": "[parameters('siteConfig')]", - "clientCertEnabled": "[parameters('clientCertEnabled')]", - "clientCertExclusionPaths": "[if(not(empty(parameters('clientCertExclusionPaths'))), parameters('clientCertExclusionPaths'), null())]", - "clientCertMode": "[parameters('clientCertMode')]", - "cloningInfo": "[if(not(empty(parameters('cloningInfo'))), parameters('cloningInfo'), null())]", - "containerSize": "[if(not(equals(parameters('containerSize'), -1)), parameters('containerSize'), null())]", - "customDomainVerificationId": "[if(not(empty(parameters('customDomainVerificationId'))), parameters('customDomainVerificationId'), null())]", - "dailyMemoryTimeQuota": "[if(not(equals(parameters('dailyMemoryTimeQuota'), -1)), parameters('dailyMemoryTimeQuota'), null())]", - "enabled": "[parameters('enabled')]", - "hostNameSslStates": "[parameters('hostNameSslStates')]", - "hyperV": "[parameters('hyperV')]", - "publicNetworkAccess": "[parameters('publicNetworkAccess')]", - "redundancyMode": "[parameters('redundancyMode')]", - "vnetContentShareEnabled": "[parameters('vnetContentShareEnabled')]", - "vnetImagePullEnabled": "[parameters('vnetImagePullEnabled')]", - "vnetRouteAllEnabled": "[parameters('vnetRouteAllEnabled')]" - }, - "dependsOn": [ - "app" - ] - }, - "slot_lock": { - "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Web/sites/{0}/slots/{1}', parameters('appName'), parameters('name'))]", - "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", - "properties": { - "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" - }, - "dependsOn": [ - "slot" - ] - }, - "slot_diagnosticSettings": { - "copy": { - "name": "slot_diagnosticSettings", - "count": "[length(coalesce(parameters('diagnosticSettings'), createArray()))]" - }, - "type": "Microsoft.Insights/diagnosticSettings", - "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.Web/sites/{0}/slots/{1}', parameters('appName'), parameters('name'))]", - "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", - "properties": { - "storageAccountId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'storageAccountResourceId')]", - "workspaceId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'workspaceResourceId')]", - "eventHubAuthorizationRuleId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubAuthorizationRuleResourceId')]", - "eventHubName": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubName')]", - "metrics": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics', 'timeGrain', null(), 'enabled', true())))]", - "logs": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), createArray(createObject('categoryGroup', 'AllLogs', 'enabled', true())))]", - "marketplacePartnerId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'marketplacePartnerResourceId')]", - "logAnalyticsDestinationType": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logAnalyticsDestinationType')]" - }, - "dependsOn": [ - "slot" - ] - }, - "slot_roleAssignments": { - "copy": { - "name": "slot_roleAssignments", - "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]" - }, - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Web/sites/{0}/slots/{1}', parameters('appName'), parameters('name'))]", - "name": "[guid(resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", - "properties": { - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", - "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", - "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", - "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", - "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]", - "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", - "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" - }, - "dependsOn": [ - "slot" - ] - }, - "slot_appsettings": { - "condition": "[not(empty(parameters('appSettingsKeyValuePairs')))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-Slot-{1}-Config-AppSettings', uniqueString(deployment().name, parameters('location')), parameters('name'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "slotName": { - "value": "[parameters('name')]" - }, - "appName": { - "value": "[parameters('appName')]" - }, - "kind": { - "value": "[parameters('kind')]" - }, - "storageAccountResourceId": { - "value": "[parameters('storageAccountResourceId')]" - }, - "appInsightResourceId": { - "value": "[parameters('appInsightResourceId')]" - }, - "setAzureWebJobsDashboard": { - "value": "[parameters('setAzureWebJobsDashboard')]" - }, - "appSettingsKeyValuePairs": { - "value": "[parameters('appSettingsKeyValuePairs')]" - }, - "enableDefaultTelemetry": { - "value": "[variables('enableReferencedModulesTelemetry')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "13223616826795830599" - }, - "name": "Site Slot App Settings", - "description": "This module deploys a Site Slot App Setting.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "slotName": { - "type": "string", - "metadata": { - "description": "Required. Slot name to be configured." - } - }, - "appName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." - } - }, - "kind": { - "type": "string", - "allowedValues": [ - "functionapp", - "functionapp,linux", - "functionapp,workflowapp", - "functionapp,workflowapp,linux", - "app" - ], - "metadata": { - "description": "Required. Type of slot to deploy." - } - }, - "storageAccountResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions." - } - }, - "appInsightResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Resource ID of the app insight to leverage for this resource." - } - }, - "setAzureWebJobsDashboard": { - "type": "bool", - "defaultValue": "[if(contains(parameters('kind'), 'functionapp'), true(), false())]", - "metadata": { - "description": "Optional. For function apps. If true the app settings \"AzureWebJobsDashboard\" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons." - } - }, - "appSettingsKeyValuePairs": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Web/sites/slots/config", - "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}/{2}', parameters('appName'), parameters('slotName'), 'appsettings')]", - "kind": "[parameters('kind')]", - "properties": "[union(parameters('appSettingsKeyValuePairs'), if(not(empty(parameters('storageAccountResourceId'))), union(createObject('AzureWebJobsStorage', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};', last(split(parameters('storageAccountResourceId'), '/')), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountResourceId'), '/')[2], split(parameters('storageAccountResourceId'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2023-01-01').keys[0].value)), if(equals(parameters('setAzureWebJobsDashboard'), true()), createObject('AzureWebJobsDashboard', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};', last(split(parameters('storageAccountResourceId'), '/')), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountResourceId'), '/')[2], split(parameters('storageAccountResourceId'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2023-01-01').keys[0].value)), createObject())), createObject()), if(not(empty(parameters('appInsightResourceId'))), createObject('APPINSIGHTS_INSTRUMENTATIONKEY', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('appInsightResourceId'), '/')[2], split(parameters('appInsightResourceId'), '/')[4]), 'Microsoft.Insights/components', last(split(parameters('appInsightResourceId'), '/'))), '2020-02-02').InstrumentationKey, 'APPLICATIONINSIGHTS_CONNECTION_STRING', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('appInsightResourceId'), '/')[2], split(parameters('appInsightResourceId'), '/')[4]), 'Microsoft.Insights/components', last(split(parameters('appInsightResourceId'), '/'))), '2020-02-02').ConnectionString), createObject()))]" - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the slot config." - }, - "value": "appsettings" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the slot config." - }, - "value": "[resourceId('Microsoft.Web/sites/slots/config', parameters('appName'), parameters('slotName'), 'appsettings')]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the slot config was deployed into." - }, - "value": "[resourceGroup().name]" - } - } - } - }, - "dependsOn": [ - "app", - "slot" - ] - }, - "slot_authsettingsv2": { - "condition": "[not(empty(parameters('authSettingV2Configuration')))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-Slot-{1}-Config-AuthSettingsV2', uniqueString(deployment().name, parameters('location')), parameters('name'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "slotName": { - "value": "[parameters('name')]" - }, - "appName": { - "value": "[parameters('appName')]" - }, - "kind": { - "value": "[parameters('kind')]" - }, - "authSettingV2Configuration": { - "value": "[parameters('authSettingV2Configuration')]" - }, - "enableDefaultTelemetry": { - "value": "[variables('enableReferencedModulesTelemetry')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "16157844933162881953" - }, - "name": "Site Slot Auth Settings V2 Config", - "description": "This module deploys a Site Auth Settings V2 Configuration.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "appName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." - } - }, - "slotName": { - "type": "string", - "metadata": { - "description": "Required. Slot name to be configured." - } - }, - "kind": { - "type": "string", - "allowedValues": [ - "functionapp", - "functionapp,linux", - "functionapp,workflowapp", - "functionapp,workflowapp,linux", - "app" - ], - "metadata": { - "description": "Required. Type of slot to deploy." - } - }, - "authSettingV2Configuration": { - "type": "object", - "metadata": { - "description": "Required. The auth settings V2 configuration." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Web/sites/slots/config", - "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}/{2}', parameters('appName'), parameters('slotName'), 'authsettingsV2')]", - "kind": "[parameters('kind')]", - "properties": "[parameters('authSettingV2Configuration')]" - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the slot config." - }, - "value": "authsettingsV2" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the slot config." - }, - "value": "[resourceId('Microsoft.Web/sites/slots/config', parameters('appName'), parameters('slotName'), 'authsettingsV2')]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the slot config was deployed into." - }, - "value": "[resourceGroup().name]" - } - } - } - }, - "dependsOn": [ - "app", - "slot" - ] - }, - "slot_hybridConnectionRelays": { - "copy": { - "name": "slot_hybridConnectionRelays", - "count": "[length(parameters('hybridConnectionRelays'))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-Slot-HybridConnectionRelay-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "hybridConnectionResourceId": { - "value": "[parameters('hybridConnectionRelays')[copyIndex()].resourceId]" - }, - "appName": { - "value": "[parameters('appName')]" - }, - "slotName": { - "value": "[parameters('name')]" - }, - "sendKeyName": "[if(contains(parameters('hybridConnectionRelays')[copyIndex()], 'sendKeyName'), createObject('value', parameters('hybridConnectionRelays')[copyIndex()].sendKeyName), createObject('value', null()))]", - "enableDefaultTelemetry": { - "value": "[variables('enableReferencedModulesTelemetry')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "11888981629758921842" - }, - "name": "Web/Function Apps Slot Hybrid Connection Relay", - "description": "This module deploys a Site Slot Hybrid Connection Namespace Relay.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "hybridConnectionResourceId": { - "type": "string", - "metadata": { - "description": "Required. The resource ID of the relay namespace hybrid connection." - } - }, - "slotName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the site slot. Required if the template is used in a standalone deployment." - } - }, - "appName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent web site. Required if the template is used in a standalone deployment." - } - }, - "sendKeyName": { - "type": "string", - "defaultValue": "defaultSender", - "metadata": { - "description": "Optional. Name of the authorization rule send key to use." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all Resources." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays", - "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]", - "properties": { - "serviceBusNamespace": "[split(parameters('hybridConnectionResourceId'), '/')[8]]", - "serviceBusSuffix": "[split(substring(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces', split(parameters('hybridConnectionResourceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, indexOf(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces', split(parameters('hybridConnectionResourceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, '.servicebus')), ':')[0]]", - "relayName": "[split(parameters('hybridConnectionResourceId'), '/')[10]]", - "relayArmUri": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]", - "hostname": "[split(json(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '2021-11-01').userMetadata)[0].value, ':')[0]]", - "port": "[int(split(json(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '2021-11-01').userMetadata)[0].value, ':')[1])]", - "sendKeyName": "[parameters('sendKeyName')]", - "sendKeyValue": "[listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections/authorizationRules', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10], parameters('sendKeyName')), '2021-11-01').primaryKey]" - } - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the hybrid connection relay.." - }, - "value": "[format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the hybrid connection relay." - }, - "value": "[resourceId('Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays', split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[0], split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[1], split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[2], split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[3])]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The name of the resource group the resource was deployed into." - }, - "value": "[resourceGroup().name]" - } - } - } - }, - "dependsOn": [ - "app", - "slot" - ] - }, - "slot_privateEndpoints": { - "copy": { - "name": "slot_privateEndpoints", - "count": "[length(coalesce(parameters('privateEndpoints'), createArray()))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-app-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "groupIds": { - "value": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites')]" - ] - }, - "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites'), copyIndex()))]" - }, - "serviceResourceId": { - "value": "[resourceId('Microsoft.Web/sites', parameters('appName'))]" - }, - "subnetResourceId": { - "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" - }, - "enableDefaultTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableDefaultTelemetry'), variables('enableReferencedModulesTelemetry'))]" - }, - "location": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" - }, - "lock": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'lock'), parameters('lock'))]" - }, - "privateDnsZoneGroupName": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroupName')]" - }, - "privateDnsZoneResourceIds": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneResourceIds')]" - }, - "roleAssignments": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'roleAssignments')]" - }, - "tags": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" - }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, - "customDnsConfigs": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" - }, - "ipConfigurations": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'ipConfigurations')]" - }, - "applicationSecurityGroupResourceIds": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'applicationSecurityGroupResourceIds')]" - }, - "customNetworkInterfaceName": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "languageVersion": "2.0", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "12078057657290521609" - }, - "name": "Private Endpoints", - "description": "This module deploys a Private Endpoint.", - "owner": "Azure/module-maintainers" - }, - "definitions": { - "roleAssignmentType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." - } - }, - "principalId": { - "type": "string", - "metadata": { - "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." - } - }, - "principalType": { - "type": "string", - "allowedValues": [ - "Device", - "ForeignGroup", - "Group", - "ServicePrincipal", - "User" - ], - "nullable": true, - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "description": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "condition": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" - } - }, - "conditionVersion": { - "type": "string", - "allowedValues": [ - "2.0" - ], - "nullable": true, - "metadata": { - "description": "Optional. Version of the condition." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The Resource Id of the delegated managed identity resource." - } - } - } - }, - "nullable": true - }, - "lockType": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Specify the name of lock." - } - }, - "kind": { - "type": "string", - "allowedValues": [ - "CanNotDelete", - "None", - "ReadOnly" - ], - "nullable": true, - "metadata": { - "description": "Optional. Specify the type of lock." - } - } - }, - "nullable": true - }, - "ipConfigurationsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the resource that is unique within a resource group." - } - }, - "properties": { - "type": "object", - "properties": { - "groupId": { - "type": "string", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "memberName": { - "type": "string", - "metadata": { - "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateIPAddress": { - "type": "string", - "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." - } - } - }, - "metadata": { - "description": "Required. Properties of private endpoint IP configurations." - } - } - } - }, - "nullable": true - }, - "customDnsConfigType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "fqdn": { - "type": "string", - "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." - } - }, - "ipAddresses": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." - } - } - } - }, - "nullable": true - } - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. Name of the private endpoint resource to create." - } - }, - "subnetResourceId": { - "type": "string", - "metadata": { - "description": "Required. Resource ID of the subnet where the endpoint needs to be created." - } - }, - "serviceResourceId": { - "type": "string", - "metadata": { - "description": "Required. Resource ID of the resource that needs to be connected to the network." - } - }, - "applicationSecurityGroupResourceIds": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Application security groups in which the private endpoint IP configuration is included." - } - }, - "customNetworkInterfaceName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The custom name of the network interface attached to the private endpoint." - } - }, - "ipConfigurations": { - "$ref": "#/definitions/ipConfigurationsType", - "nullable": true, - "metadata": { - "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." - } - }, - "groupIds": { - "type": "array", - "metadata": { - "description": "Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to." - } - }, - "privateDnsZoneGroupName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." - } - }, - "privateDnsZoneResourceIds": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all Resources." - } - }, - "lock": { - "$ref": "#/definitions/lockType", - "metadata": { - "description": "Optional. The lock settings of the service." - } - }, - "roleAssignments": { - "$ref": "#/definitions/roleAssignmentType", - "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "tags": { - "type": "object", - "nullable": true, - "metadata": { - "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." - } - }, - "customDnsConfigs": { - "$ref": "#/definitions/customDnsConfigType", - "nullable": true, - "metadata": { - "description": "Optional. Custom DNS configurations." - } - }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable/Disable usage telemetry for module." - } - } - }, - "variables": { - "enableReferencedModulesTelemetry": false, - "builtInRoleNames": { - "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", - "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", - "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", - "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", - "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", - "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", - "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", - "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", - "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]" - } - }, - "resources": { - "defaultTelemetry": { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - "privateEndpoint": { - "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2023-04-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "copy": [ - { - "name": "applicationSecurityGroups", - "count": "[length(coalesce(parameters('applicationSecurityGroupResourceIds'), createArray()))]", - "input": { - "id": "[coalesce(parameters('applicationSecurityGroupResourceIds'), createArray())[copyIndex('applicationSecurityGroups')]]" - } - } - ], - "customDnsConfigs": "[parameters('customDnsConfigs')]", - "customNetworkInterfaceName": "[coalesce(parameters('customNetworkInterfaceName'), '')]", - "ipConfigurations": "[coalesce(parameters('ipConfigurations'), createArray())]", - "manualPrivateLinkServiceConnections": "[coalesce(parameters('manualPrivateLinkServiceConnections'), createArray())]", - "privateLinkServiceConnections": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[parameters('serviceResourceId')]", - "groupIds": "[parameters('groupIds')]" - } - } - ], - "subnet": { - "id": "[parameters('subnetResourceId')]" - } - } - }, - "privateEndpoint_lock": { - "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", - "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", - "properties": { - "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" - }, - "dependsOn": [ - "privateEndpoint" - ] - }, - "privateEndpoint_roleAssignments": { - "copy": { - "name": "privateEndpoint_roleAssignments", - "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]" - }, - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", - "name": "[guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", - "properties": { - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", - "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", - "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", - "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", - "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]", - "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", - "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" - }, - "dependsOn": [ - "privateEndpoint" - ] - }, - "privateEndpoint_privateDnsZoneGroup": { - "condition": "[not(empty(parameters('privateDnsZoneResourceIds')))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-PrivateEndpoint-PrivateDnsZoneGroup', uniqueString(deployment().name))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[coalesce(parameters('privateDnsZoneGroupName'), 'default')]" - }, - "privateDNSResourceIds": { - "value": "[coalesce(parameters('privateDnsZoneResourceIds'), createArray())]" - }, - "privateEndpointName": { - "value": "[parameters('name')]" - }, - "enableDefaultTelemetry": { - "value": "[variables('enableReferencedModulesTelemetry')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "16391702514342252839" - }, - "name": "Private Endpoint Private DNS Zone Groups", - "description": "This module deploys a Private Endpoint Private DNS Zone Group.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "privateEndpointName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent private endpoint. Required if the template is used in a standalone deployment." - } - }, - "privateDNSResourceIds": { - "type": "array", - "minLength": 1, - "maxLength": 5, - "metadata": { - "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." - } - }, - "name": { - "type": "string", - "defaultValue": "default", - "metadata": { - "description": "Optional. The name of the private DNS zone group." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable/Disable usage telemetry for module." - } - } - }, - "variables": { - "copy": [ - { - "name": "privateDnsZoneConfigs", - "count": "[length(parameters('privateDNSResourceIds'))]", - "input": { - "name": "[last(split(parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')], '/'))]", - "properties": { - "privateDnsZoneId": "[parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')]]" - } - } - } - ] - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2023-04-01", - "name": "[format('{0}/{1}', parameters('privateEndpointName'), parameters('name'))]", - "properties": { - "privateDnsZoneConfigs": "[variables('privateDnsZoneConfigs')]" - } - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the private endpoint DNS zone group." - }, - "value": "[parameters('name')]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the private endpoint DNS zone group." - }, - "value": "[resourceId('Microsoft.Network/privateEndpoints/privateDnsZoneGroups', parameters('privateEndpointName'), parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the private endpoint DNS zone group was deployed into." - }, - "value": "[resourceGroup().name]" - } - } - } - }, - "dependsOn": [ - "privateEndpoint" - ] - } - }, - "outputs": { - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the private endpoint was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the private endpoint." - }, - "value": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]" - }, - "name": { - "type": "string", - "metadata": { - "description": "The name of the private endpoint." - }, - "value": "[parameters('name')]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - } - } - } - }, - "dependsOn": [ - "app" - ] - } - }, - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the slot." - }, - "value": "[parameters('name')]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the slot." - }, - "value": "[resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the slot was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "systemAssignedMIPrincipalId": { - "type": "string", - "metadata": { - "description": "The principal ID of the system assigned identity." - }, - "value": "[if(and(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), contains(reference('slot', '2022-09-01', 'full').identity, 'principalId')), reference('slot', '2022-09-01', 'full').identity.principalId, '')]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference('slot', '2022-09-01', 'full').location]" - } - } - } - }, - "dependsOn": [ - "app" - ] - }, - "app_basicPublishingCredentialsPolicies": { - "copy": { - "name": "app_basicPublishingCredentialsPolicies", - "count": "[length(parameters('basicPublishingCredentialsPolicies'))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-Site-Publis-Cred-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "webAppName": { - "value": "[parameters('name')]" - }, - "name": { - "value": "[parameters('basicPublishingCredentialsPolicies')[copyIndex()].name]" - }, - "enableDefaultTelemetry": { - "value": "[variables('enableReferencedModulesTelemetry')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "5305729672150633375" - }, - "name": "Web Site Basic Publishing Credentials Policies", - "description": "This module deploys a Web Site Basic Publishing Credentials Policy.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "name": { - "type": "string", - "allowedValues": [ - "scm", - "ftp" - ], - "metadata": { - "description": "Required. The name of the resource." - } - }, - "webAppName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent web site. Required if the template is used in a standalone deployment." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all Resources." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Web/sites/basicPublishingCredentialsPolicies", - "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}', parameters('webAppName'), parameters('name'))]", - "location": "[parameters('location')]", - "properties": { - "allow": true - } - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the basic publishing credential policy." - }, - "value": "[parameters('name')]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the basic publishing credential policy." - }, - "value": "[resourceId('Microsoft.Web/sites/basicPublishingCredentialsPolicies', parameters('webAppName'), parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The name of the resource group the basic publishing credential policy was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference(resourceId('Microsoft.Web/sites/basicPublishingCredentialsPolicies', parameters('webAppName'), parameters('name')), '2022-09-01', 'full').location]" - } - } - } - }, - "dependsOn": [ - "app" - ] - }, - "app_hybridConnectionRelays": { - "copy": { - "name": "app_hybridConnectionRelays", - "count": "[length(parameters('hybridConnectionRelays'))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-HybridConnectionRelay-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "hybridConnectionResourceId": { - "value": "[parameters('hybridConnectionRelays')[copyIndex()].resourceId]" - }, - "appName": { - "value": "[parameters('name')]" - }, - "sendKeyName": "[if(contains(parameters('hybridConnectionRelays')[copyIndex()], 'sendKeyName'), createObject('value', parameters('hybridConnectionRelays')[copyIndex()].sendKeyName), createObject('value', null()))]", - "enableDefaultTelemetry": { - "value": "[variables('enableReferencedModulesTelemetry')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "10458383238656360850" - }, - "name": "Web/Function Apps Hybrid Connection Relay", - "description": "This module deploys a Site Hybrid Connection Namespace Relay.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "hybridConnectionResourceId": { - "type": "string", - "metadata": { - "description": "Required. The resource ID of the relay namespace hybrid connection." - } - }, - "appName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent web site. Required if the template is used in a standalone deployment." - } - }, - "sendKeyName": { - "type": "string", - "defaultValue": "defaultSender", - "metadata": { - "description": "Optional. Name of the authorization rule send key to use." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all Resources." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Web/sites/hybridConnectionNamespaces/relays", - "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}/{2}', parameters('appName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]", - "properties": { - "serviceBusNamespace": "[split(parameters('hybridConnectionResourceId'), '/')[8]]", - "serviceBusSuffix": "[split(substring(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces', split(parameters('hybridConnectionResourceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, indexOf(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces', split(parameters('hybridConnectionResourceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, '.servicebus')), ':')[0]]", - "relayName": "[split(parameters('hybridConnectionResourceId'), '/')[10]]", - "relayArmUri": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]", - "hostname": "[split(json(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '2021-11-01').userMetadata)[0].value, ':')[0]]", - "port": "[int(split(json(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '2021-11-01').userMetadata)[0].value, ':')[1])]", - "sendKeyName": "[parameters('sendKeyName')]", - "sendKeyValue": "[listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections/authorizationRules', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10], parameters('sendKeyName')), '2021-11-01').primaryKey]" - } - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the hybrid connection relay.." - }, - "value": "[format('{0}/{1}/{2}', parameters('appName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the hybrid connection relay." - }, - "value": "[resourceId('Microsoft.Web/sites/hybridConnectionNamespaces/relays', split(format('{0}/{1}/{2}', parameters('appName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[0], split(format('{0}/{1}/{2}', parameters('appName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[1], split(format('{0}/{1}/{2}', parameters('appName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[2])]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The name of the resource group the resource was deployed into." - }, - "value": "[resourceGroup().name]" - } - } - } - }, - "dependsOn": [ - "app" - ] - }, - "app_privateEndpoints": { - "copy": { - "name": "app_privateEndpoints", - "count": "[length(coalesce(parameters('privateEndpoints'), createArray()))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-app-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "groupIds": { - "value": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites')]" - ] - }, - "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('name')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites'), copyIndex()))]" - }, - "serviceResourceId": { - "value": "[resourceId('Microsoft.Web/sites', parameters('name'))]" - }, - "subnetResourceId": { - "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" - }, - "enableDefaultTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableDefaultTelemetry'), variables('enableReferencedModulesTelemetry'))]" - }, - "location": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" - }, - "lock": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'lock'), parameters('lock'))]" - }, - "privateDnsZoneGroupName": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroupName')]" - }, - "privateDnsZoneResourceIds": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneResourceIds')]" - }, - "roleAssignments": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'roleAssignments')]" - }, - "tags": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" - }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, - "customDnsConfigs": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" - }, - "ipConfigurations": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'ipConfigurations')]" - }, - "applicationSecurityGroupResourceIds": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'applicationSecurityGroupResourceIds')]" - }, - "customNetworkInterfaceName": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "languageVersion": "2.0", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "12078057657290521609" - }, - "name": "Private Endpoints", - "description": "This module deploys a Private Endpoint.", - "owner": "Azure/module-maintainers" - }, - "definitions": { - "roleAssignmentType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." - } - }, - "principalId": { - "type": "string", - "metadata": { - "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." - } - }, - "principalType": { - "type": "string", - "allowedValues": [ - "Device", - "ForeignGroup", - "Group", - "ServicePrincipal", - "User" - ], - "nullable": true, - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "description": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "condition": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" - } - }, - "conditionVersion": { - "type": "string", - "allowedValues": [ - "2.0" - ], - "nullable": true, - "metadata": { - "description": "Optional. Version of the condition." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The Resource Id of the delegated managed identity resource." - } - } - } - }, - "nullable": true - }, - "lockType": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Specify the name of lock." - } - }, - "kind": { - "type": "string", - "allowedValues": [ - "CanNotDelete", - "None", - "ReadOnly" - ], - "nullable": true, - "metadata": { - "description": "Optional. Specify the type of lock." - } - } - }, - "nullable": true - }, - "ipConfigurationsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the resource that is unique within a resource group." - } - }, - "properties": { - "type": "object", - "properties": { - "groupId": { - "type": "string", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "memberName": { - "type": "string", - "metadata": { - "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateIPAddress": { - "type": "string", - "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." - } - } - }, - "metadata": { - "description": "Required. Properties of private endpoint IP configurations." - } - } - } - }, - "nullable": true - }, - "customDnsConfigType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "fqdn": { - "type": "string", - "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." - } - }, - "ipAddresses": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." - } - } - } - }, - "nullable": true - } - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. Name of the private endpoint resource to create." - } - }, - "subnetResourceId": { - "type": "string", - "metadata": { - "description": "Required. Resource ID of the subnet where the endpoint needs to be created." - } - }, - "serviceResourceId": { - "type": "string", - "metadata": { - "description": "Required. Resource ID of the resource that needs to be connected to the network." - } - }, - "applicationSecurityGroupResourceIds": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Application security groups in which the private endpoint IP configuration is included." - } - }, - "customNetworkInterfaceName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The custom name of the network interface attached to the private endpoint." - } - }, - "ipConfigurations": { - "$ref": "#/definitions/ipConfigurationsType", - "nullable": true, - "metadata": { - "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." - } - }, - "groupIds": { - "type": "array", - "metadata": { - "description": "Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to." - } - }, - "privateDnsZoneGroupName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." - } - }, - "privateDnsZoneResourceIds": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all Resources." - } - }, - "lock": { - "$ref": "#/definitions/lockType", - "metadata": { - "description": "Optional. The lock settings of the service." - } - }, - "roleAssignments": { - "$ref": "#/definitions/roleAssignmentType", - "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "tags": { - "type": "object", - "nullable": true, - "metadata": { - "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." - } - }, - "customDnsConfigs": { - "$ref": "#/definitions/customDnsConfigType", - "nullable": true, - "metadata": { - "description": "Optional. Custom DNS configurations." - } - }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable/Disable usage telemetry for module." - } - } - }, - "variables": { - "enableReferencedModulesTelemetry": false, - "builtInRoleNames": { - "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", - "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", - "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", - "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", - "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", - "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", - "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", - "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", - "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]" - } - }, - "resources": { - "defaultTelemetry": { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - "privateEndpoint": { - "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2023-04-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "copy": [ - { - "name": "applicationSecurityGroups", - "count": "[length(coalesce(parameters('applicationSecurityGroupResourceIds'), createArray()))]", - "input": { - "id": "[coalesce(parameters('applicationSecurityGroupResourceIds'), createArray())[copyIndex('applicationSecurityGroups')]]" - } - } - ], - "customDnsConfigs": "[parameters('customDnsConfigs')]", - "customNetworkInterfaceName": "[coalesce(parameters('customNetworkInterfaceName'), '')]", - "ipConfigurations": "[coalesce(parameters('ipConfigurations'), createArray())]", - "manualPrivateLinkServiceConnections": "[coalesce(parameters('manualPrivateLinkServiceConnections'), createArray())]", - "privateLinkServiceConnections": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[parameters('serviceResourceId')]", - "groupIds": "[parameters('groupIds')]" - } - } - ], - "subnet": { - "id": "[parameters('subnetResourceId')]" - } - } - }, - "privateEndpoint_lock": { - "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", - "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", - "properties": { - "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" - }, - "dependsOn": [ - "privateEndpoint" - ] - }, - "privateEndpoint_roleAssignments": { - "copy": { - "name": "privateEndpoint_roleAssignments", - "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]" - }, - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", - "name": "[guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", - "properties": { - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", - "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", - "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", - "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", - "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]", - "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", - "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" - }, - "dependsOn": [ - "privateEndpoint" - ] - }, - "privateEndpoint_privateDnsZoneGroup": { - "condition": "[not(empty(parameters('privateDnsZoneResourceIds')))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-PrivateEndpoint-PrivateDnsZoneGroup', uniqueString(deployment().name))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[coalesce(parameters('privateDnsZoneGroupName'), 'default')]" - }, - "privateDNSResourceIds": { - "value": "[coalesce(parameters('privateDnsZoneResourceIds'), createArray())]" - }, - "privateEndpointName": { - "value": "[parameters('name')]" - }, - "enableDefaultTelemetry": { - "value": "[variables('enableReferencedModulesTelemetry')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "16391702514342252839" - }, - "name": "Private Endpoint Private DNS Zone Groups", - "description": "This module deploys a Private Endpoint Private DNS Zone Group.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "privateEndpointName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent private endpoint. Required if the template is used in a standalone deployment." - } - }, - "privateDNSResourceIds": { - "type": "array", - "minLength": 1, - "maxLength": 5, - "metadata": { - "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." - } - }, - "name": { - "type": "string", - "defaultValue": "default", - "metadata": { - "description": "Optional. The name of the private DNS zone group." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable/Disable usage telemetry for module." - } - } - }, - "variables": { - "copy": [ - { - "name": "privateDnsZoneConfigs", - "count": "[length(parameters('privateDNSResourceIds'))]", - "input": { - "name": "[last(split(parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')], '/'))]", - "properties": { - "privateDnsZoneId": "[parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')]]" - } - } - } - ] - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2023-04-01", - "name": "[format('{0}/{1}', parameters('privateEndpointName'), parameters('name'))]", - "properties": { - "privateDnsZoneConfigs": "[variables('privateDnsZoneConfigs')]" - } - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the private endpoint DNS zone group." - }, - "value": "[parameters('name')]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the private endpoint DNS zone group." - }, - "value": "[resourceId('Microsoft.Network/privateEndpoints/privateDnsZoneGroups', parameters('privateEndpointName'), parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the private endpoint DNS zone group was deployed into." - }, - "value": "[resourceGroup().name]" - } - } - } - }, - "dependsOn": [ - "privateEndpoint" - ] - } - }, - "outputs": { - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the private endpoint was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the private endpoint." - }, - "value": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]" - }, - "name": { - "type": "string", - "metadata": { - "description": "The name of the private endpoint." - }, - "value": "[parameters('name')]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - } - } - } - }, - "dependsOn": [ - "app" - ] - } - }, - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the site." - }, - "value": "[parameters('name')]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the site." - }, - "value": "[resourceId('Microsoft.Web/sites', parameters('name'))]" - }, - "slots": { - "type": "array", - "metadata": { - "description": "The list of the slots." - }, - "copy": { - "count": "[length(parameters('slots'))]", - "input": "[format('{0}-Slot-{1}', uniqueString(deployment().name, parameters('location')), parameters('slots')[copyIndex()].name)]" - } - }, - "slotResourceIds": { - "type": "array", - "metadata": { - "description": "The list of the slot resource ids." - }, - "copy": { - "count": "[length(parameters('slots'))]", - "input": "[reference(format('app_slots[{0}]', copyIndex())).outputs.resourceId.value]" - } - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the site was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "systemAssignedMIPrincipalId": { - "type": "string", - "metadata": { - "description": "The principal ID of the system assigned identity." - }, - "value": "[if(and(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), contains(reference('app', '2022-09-01', 'full').identity, 'principalId')), reference('app', '2022-09-01', 'full').identity.principalId, '')]" - }, - "slotSystemAssignedPrincipalIds": { - "type": "array", - "metadata": { - "description": "The principal ID of the system assigned identity of slots." - }, - "copy": { - "count": "[length(parameters('slots'))]", - "input": "[reference(format('app_slots[{0}]', copyIndex())).outputs.systemAssignedMIPrincipalId.value]" - } - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference('app', '2022-09-01', 'full').location]" - }, - "defaultHostname": { - "type": "string", - "metadata": { - "description": "Default hostname of the app." - }, - "value": "[reference('app').defaultHostName]" - } - } -} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/config--appsettings/main.json b/bicep-examples/dependencies/modules/webApp/site/slot/config--appsettings/main.json deleted file mode 100644 index c4220e1..0000000 --- a/bicep-examples/dependencies/modules/webApp/site/slot/config--appsettings/main.json +++ /dev/null @@ -1,122 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "13223616826795830599" - }, - "name": "Site Slot App Settings", - "description": "This module deploys a Site Slot App Setting.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "slotName": { - "type": "string", - "metadata": { - "description": "Required. Slot name to be configured." - } - }, - "appName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." - } - }, - "kind": { - "type": "string", - "allowedValues": [ - "functionapp", - "functionapp,linux", - "functionapp,workflowapp", - "functionapp,workflowapp,linux", - "app" - ], - "metadata": { - "description": "Required. Type of slot to deploy." - } - }, - "storageAccountResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions." - } - }, - "appInsightResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Resource ID of the app insight to leverage for this resource." - } - }, - "setAzureWebJobsDashboard": { - "type": "bool", - "defaultValue": "[if(contains(parameters('kind'), 'functionapp'), true(), false())]", - "metadata": { - "description": "Optional. For function apps. If true the app settings \"AzureWebJobsDashboard\" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons." - } - }, - "appSettingsKeyValuePairs": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Web/sites/slots/config", - "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}/{2}', parameters('appName'), parameters('slotName'), 'appsettings')]", - "kind": "[parameters('kind')]", - "properties": "[union(parameters('appSettingsKeyValuePairs'), if(not(empty(parameters('storageAccountResourceId'))), union(createObject('AzureWebJobsStorage', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};', last(split(parameters('storageAccountResourceId'), '/')), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountResourceId'), '/')[2], split(parameters('storageAccountResourceId'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2023-01-01').keys[0].value)), if(equals(parameters('setAzureWebJobsDashboard'), true()), createObject('AzureWebJobsDashboard', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};', last(split(parameters('storageAccountResourceId'), '/')), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountResourceId'), '/')[2], split(parameters('storageAccountResourceId'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2023-01-01').keys[0].value)), createObject())), createObject()), if(not(empty(parameters('appInsightResourceId'))), createObject('APPINSIGHTS_INSTRUMENTATIONKEY', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('appInsightResourceId'), '/')[2], split(parameters('appInsightResourceId'), '/')[4]), 'Microsoft.Insights/components', last(split(parameters('appInsightResourceId'), '/'))), '2020-02-02').InstrumentationKey, 'APPLICATIONINSIGHTS_CONNECTION_STRING', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('appInsightResourceId'), '/')[2], split(parameters('appInsightResourceId'), '/')[4]), 'Microsoft.Insights/components', last(split(parameters('appInsightResourceId'), '/'))), '2020-02-02').ConnectionString), createObject()))]" - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the slot config." - }, - "value": "appsettings" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the slot config." - }, - "value": "[resourceId('Microsoft.Web/sites/slots/config', parameters('appName'), parameters('slotName'), 'appsettings')]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the slot config was deployed into." - }, - "value": "[resourceGroup().name]" - } - } -} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/config--authsettingsv2/main.json b/bicep-examples/dependencies/modules/webApp/site/slot/config--authsettingsv2/main.json deleted file mode 100644 index bfdb1d3..0000000 --- a/bicep-examples/dependencies/modules/webApp/site/slot/config--authsettingsv2/main.json +++ /dev/null @@ -1,100 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "16157844933162881953" - }, - "name": "Site Slot Auth Settings V2 Config", - "description": "This module deploys a Site Auth Settings V2 Configuration.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "appName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." - } - }, - "slotName": { - "type": "string", - "metadata": { - "description": "Required. Slot name to be configured." - } - }, - "kind": { - "type": "string", - "allowedValues": [ - "functionapp", - "functionapp,linux", - "functionapp,workflowapp", - "functionapp,workflowapp,linux", - "app" - ], - "metadata": { - "description": "Required. Type of slot to deploy." - } - }, - "authSettingV2Configuration": { - "type": "object", - "metadata": { - "description": "Required. The auth settings V2 configuration." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Web/sites/slots/config", - "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}/{2}', parameters('appName'), parameters('slotName'), 'authsettingsV2')]", - "kind": "[parameters('kind')]", - "properties": "[parameters('authSettingV2Configuration')]" - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the slot config." - }, - "value": "authsettingsV2" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the slot config." - }, - "value": "[resourceId('Microsoft.Web/sites/slots/config', parameters('appName'), parameters('slotName'), 'authsettingsV2')]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the slot config was deployed into." - }, - "value": "[resourceGroup().name]" - } - } -} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/hybrid-connection-namespace/relay/main.json b/bicep-examples/dependencies/modules/webApp/site/slot/hybrid-connection-namespace/relay/main.json deleted file mode 100644 index 5381c32..0000000 --- a/bicep-examples/dependencies/modules/webApp/site/slot/hybrid-connection-namespace/relay/main.json +++ /dev/null @@ -1,109 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "11888981629758921842" - }, - "name": "Web/Function Apps Slot Hybrid Connection Relay", - "description": "This module deploys a Site Slot Hybrid Connection Namespace Relay.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "hybridConnectionResourceId": { - "type": "string", - "metadata": { - "description": "Required. The resource ID of the relay namespace hybrid connection." - } - }, - "slotName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the site slot. Required if the template is used in a standalone deployment." - } - }, - "appName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent web site. Required if the template is used in a standalone deployment." - } - }, - "sendKeyName": { - "type": "string", - "defaultValue": "defaultSender", - "metadata": { - "description": "Optional. Name of the authorization rule send key to use." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all Resources." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays", - "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]", - "properties": { - "serviceBusNamespace": "[split(parameters('hybridConnectionResourceId'), '/')[8]]", - "serviceBusSuffix": "[split(substring(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces', split(parameters('hybridConnectionResourceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, indexOf(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces', split(parameters('hybridConnectionResourceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, '.servicebus')), ':')[0]]", - "relayName": "[split(parameters('hybridConnectionResourceId'), '/')[10]]", - "relayArmUri": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]", - "hostname": "[split(json(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '2021-11-01').userMetadata)[0].value, ':')[0]]", - "port": "[int(split(json(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '2021-11-01').userMetadata)[0].value, ':')[1])]", - "sendKeyName": "[parameters('sendKeyName')]", - "sendKeyValue": "[listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections/authorizationRules', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10], parameters('sendKeyName')), '2021-11-01').primaryKey]" - } - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the hybrid connection relay.." - }, - "value": "[format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the hybrid connection relay." - }, - "value": "[resourceId('Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays', split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[0], split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[1], split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[2], split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[3])]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The name of the resource group the resource was deployed into." - }, - "value": "[resourceGroup().name]" - } - } -} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/main.json b/bicep-examples/dependencies/modules/webApp/site/slot/main.json deleted file mode 100644 index 8a83959..0000000 --- a/bicep-examples/dependencies/modules/webApp/site/slot/main.json +++ /dev/null @@ -1,1936 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "languageVersion": "2.0", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "842322474793993092" - }, - "name": "Web/Function App Deployment Slots", - "description": "This module deploys a Web or Function App Deployment Slot.", - "owner": "Azure/module-maintainers" - }, - "definitions": { - "managedIdentitiesType": { - "type": "object", - "properties": { - "systemAssigned": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Enables system assigned managed identity on the resource." - } - }, - "userAssignedResourcesIds": { - "type": "array", - "items": { - "type": "string" - }, - "nullable": true, - "metadata": { - "description": "Optional. The resource ID(s) to assign to the resource." - } - } - }, - "nullable": true - }, - "lockType": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Specify the name of lock." - } - }, - "kind": { - "type": "string", - "allowedValues": [ - "CanNotDelete", - "None", - "ReadOnly" - ], - "nullable": true, - "metadata": { - "description": "Optional. Specify the type of lock." - } - } - }, - "nullable": true - }, - "roleAssignmentType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." - } - }, - "principalId": { - "type": "string", - "metadata": { - "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." - } - }, - "principalType": { - "type": "string", - "allowedValues": [ - "Device", - "ForeignGroup", - "Group", - "ServicePrincipal", - "User" - ], - "nullable": true, - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "description": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "condition": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" - } - }, - "conditionVersion": { - "type": "string", - "allowedValues": [ - "2.0" - ], - "nullable": true, - "metadata": { - "description": "Optional. Version of the condition." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The Resource Id of the delegated managed identity resource." - } - } - } - }, - "nullable": true - }, - "privateEndpointType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name of the private endpoint." - } - }, - "location": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The location to deploy the private endpoint to." - } - }, - "service": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The service (sub-) type to deploy the private endpoint for. For example \"vault\" or \"blob\"." - } - }, - "subnetResourceId": { - "type": "string", - "metadata": { - "description": "Required. Resource ID of the subnet where the endpoint needs to be created." - } - }, - "privateDnsZoneGroupName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided." - } - }, - "privateDnsZoneResourceIds": { - "type": "array", - "items": { - "type": "string" - }, - "nullable": true, - "metadata": { - "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." - } - }, - "customDnsConfigs": { - "type": "array", - "items": { - "type": "object", - "properties": { - "fqdn": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." - } - }, - "ipAddresses": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." - } - } - } - }, - "nullable": true, - "metadata": { - "description": "Optional. Custom DNS configurations." - } - }, - "ipConfigurations": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the resource that is unique within a resource group." - } - }, - "properties": { - "type": "object", - "properties": { - "groupId": { - "type": "string", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "memberName": { - "type": "string", - "metadata": { - "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateIPAddress": { - "type": "string", - "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." - } - } - }, - "metadata": { - "description": "Required. Properties of private endpoint IP configurations." - } - } - } - }, - "nullable": true, - "metadata": { - "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." - } - }, - "applicationSecurityGroupResourceIds": { - "type": "array", - "items": { - "type": "string" - }, - "nullable": true, - "metadata": { - "description": "Optional. Application security groups in which the private endpoint IP configuration is included." - } - }, - "customNetworkInterfaceName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The custom name of the network interface attached to the private endpoint." - } - }, - "lock": { - "$ref": "#/definitions/lockType", - "metadata": { - "description": "Optional. Specify the type of lock." - } - }, - "roleAssignments": { - "$ref": "#/definitions/roleAssignmentType", - "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "tags": { - "type": "object", - "nullable": true, - "metadata": { - "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." - } - }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, - "enableTelemetry": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Enable/Disable usage telemetry for module." - } - } - } - }, - "nullable": true - }, - "diagnosticSettingType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name of diagnostic setting." - } - }, - "logCategoriesAndGroups": { - "type": "array", - "items": { - "type": "object", - "properties": { - "category": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here." - } - }, - "categoryGroup": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs." - } - } - } - }, - "nullable": true, - "metadata": { - "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection." - } - }, - "metricCategories": { - "type": "array", - "items": { - "type": "object", - "properties": { - "category": { - "type": "string", - "metadata": { - "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics." - } - } - } - }, - "nullable": true, - "metadata": { - "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection." - } - }, - "logAnalyticsDestinationType": { - "type": "string", - "allowedValues": [ - "AzureDiagnostics", - "Dedicated" - ], - "nullable": true, - "metadata": { - "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type." - } - }, - "workspaceResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." - } - }, - "storageAccountResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." - } - }, - "eventHubAuthorizationRuleResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." - } - }, - "eventHubName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." - } - }, - "marketplacePartnerResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs." - } - } - } - }, - "nullable": true - } - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. Name of the slot." - } - }, - "appName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all Resources." - } - }, - "kind": { - "type": "string", - "allowedValues": [ - "functionapp", - "functionapp,linux", - "functionapp,workflowapp", - "functionapp,workflowapp,linux", - "app" - ], - "metadata": { - "description": "Required. Type of slot to deploy." - } - }, - "serverFarmResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The resource ID of the app service plan to use for the slot." - } - }, - "httpsOnly": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Configures a slot to accept only HTTPS requests. Issues redirect for HTTP requests." - } - }, - "clientAffinityEnabled": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. If client affinity is enabled." - } - }, - "appServiceEnvironmentResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The resource ID of the app service environment to use for this resource." - } - }, - "managedIdentities": { - "$ref": "#/definitions/managedIdentitiesType", - "metadata": { - "description": "Optional. The managed identity definition for this resource." - } - }, - "keyVaultAccessIdentityResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The resource ID of the assigned identity to be used to access a key vault with." - } - }, - "storageAccountRequired": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. Checks if Customer provided storage account is required." - } - }, - "virtualNetworkSubnetId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}." - } - }, - "siteConfig": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The site config object." - } - }, - "storageAccountResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions." - } - }, - "appInsightResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Resource ID of the app insight to leverage for this resource." - } - }, - "setAzureWebJobsDashboard": { - "type": "bool", - "defaultValue": "[if(contains(parameters('kind'), 'functionapp'), true(), false())]", - "metadata": { - "description": "Optional. For function apps. If true the app settings \"AzureWebJobsDashboard\" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons." - } - }, - "appSettingsKeyValuePairs": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING." - } - }, - "authSettingV2Configuration": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The auth settings V2 configuration." - } - }, - "lock": { - "$ref": "#/definitions/lockType", - "metadata": { - "description": "Optional. The lock settings of the service." - } - }, - "privateEndpoints": { - "$ref": "#/definitions/privateEndpointType", - "metadata": { - "description": "Optional. Configuration details for private endpoints." - } - }, - "tags": { - "type": "object", - "nullable": true, - "metadata": { - "description": "Optional. Tags of the resource." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)." - } - }, - "roleAssignments": { - "$ref": "#/definitions/roleAssignmentType", - "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "diagnosticSettings": { - "$ref": "#/definitions/diagnosticSettingType", - "metadata": { - "description": "Optional. The diagnostic settings of the service." - } - }, - "clientCertEnabled": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. To enable client certificate authentication (TLS mutual authentication)." - } - }, - "clientCertExclusionPaths": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Client certificate authentication comma-separated exclusion paths." - } - }, - "clientCertMode": { - "type": "string", - "defaultValue": "Optional", - "allowedValues": [ - "Optional", - "OptionalInteractiveUser", - "Required" - ], - "metadata": { - "description": "Optional. This composes with ClientCertEnabled setting.- ClientCertEnabled: false means ClientCert is ignored.- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted." - } - }, - "cloningInfo": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. If specified during app creation, the app is cloned from a source app." - } - }, - "containerSize": { - "type": "int", - "defaultValue": -1, - "metadata": { - "description": "Optional. Size of the function container." - } - }, - "customDomainVerificationId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification." - } - }, - "dailyMemoryTimeQuota": { - "type": "int", - "defaultValue": -1, - "metadata": { - "description": "Optional. Maximum allowed daily memory-time quota (applicable on dynamic apps only)." - } - }, - "enabled": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Setting this value to false disables the app (takes the app offline)." - } - }, - "hostNameSslStates": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. Hostname SSL states are used to manage the SSL bindings for app's hostnames." - } - }, - "hyperV": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. Hyper-V sandbox." - } - }, - "publicNetworkAccess": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "Enabled", - "Disabled", - "" - ], - "metadata": { - "description": "Optional. Allow or block all public traffic." - } - }, - "redundancyMode": { - "type": "string", - "defaultValue": "None", - "allowedValues": [ - "ActiveActive", - "Failover", - "GeoRedundant", - "Manual", - "None" - ], - "metadata": { - "description": "Optional. Site redundancy mode." - } - }, - "vnetContentShareEnabled": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. To enable accessing content over virtual network." - } - }, - "vnetImagePullEnabled": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. To enable pulling image over Virtual Network." - } - }, - "vnetRouteAllEnabled": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied." - } - }, - "hybridConnectionRelays": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. Names of hybrid connection relays to connect app with." - } - } - }, - "variables": { - "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourcesIds'), createObject()))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", - "enableReferencedModulesTelemetry": false, - "builtInRoleNames": { - "App Compliance Automation Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f37683f-2463-46b6-9ce7-9b788b988ba2')]", - "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", - "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", - "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", - "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", - "Web Plan Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b')]", - "Website Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'de139f84-1756-47ae-9be6-808fbbe84772')]" - } - }, - "resources": { - "app": { - "existing": true, - "type": "Microsoft.Web/sites", - "apiVersion": "2021-03-01", - "name": "[parameters('appName')]" - }, - "defaultTelemetry": { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - "slot": { - "type": "Microsoft.Web/sites/slots", - "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}', parameters('appName'), parameters('name'))]", - "location": "[parameters('location')]", - "kind": "[parameters('kind')]", - "tags": "[parameters('tags')]", - "identity": "[variables('identity')]", - "properties": { - "serverFarmId": "[parameters('serverFarmResourceId')]", - "clientAffinityEnabled": "[parameters('clientAffinityEnabled')]", - "httpsOnly": "[parameters('httpsOnly')]", - "hostingEnvironmentProfile": "[if(not(empty(parameters('appServiceEnvironmentResourceId'))), createObject('id', parameters('appServiceEnvironmentResourceId')), null())]", - "storageAccountRequired": "[parameters('storageAccountRequired')]", - "keyVaultReferenceIdentity": "[if(not(empty(parameters('keyVaultAccessIdentityResourceId'))), parameters('keyVaultAccessIdentityResourceId'), null())]", - "virtualNetworkSubnetId": "[if(not(empty(parameters('virtualNetworkSubnetId'))), parameters('virtualNetworkSubnetId'), null())]", - "siteConfig": "[parameters('siteConfig')]", - "clientCertEnabled": "[parameters('clientCertEnabled')]", - "clientCertExclusionPaths": "[if(not(empty(parameters('clientCertExclusionPaths'))), parameters('clientCertExclusionPaths'), null())]", - "clientCertMode": "[parameters('clientCertMode')]", - "cloningInfo": "[if(not(empty(parameters('cloningInfo'))), parameters('cloningInfo'), null())]", - "containerSize": "[if(not(equals(parameters('containerSize'), -1)), parameters('containerSize'), null())]", - "customDomainVerificationId": "[if(not(empty(parameters('customDomainVerificationId'))), parameters('customDomainVerificationId'), null())]", - "dailyMemoryTimeQuota": "[if(not(equals(parameters('dailyMemoryTimeQuota'), -1)), parameters('dailyMemoryTimeQuota'), null())]", - "enabled": "[parameters('enabled')]", - "hostNameSslStates": "[parameters('hostNameSslStates')]", - "hyperV": "[parameters('hyperV')]", - "publicNetworkAccess": "[parameters('publicNetworkAccess')]", - "redundancyMode": "[parameters('redundancyMode')]", - "vnetContentShareEnabled": "[parameters('vnetContentShareEnabled')]", - "vnetImagePullEnabled": "[parameters('vnetImagePullEnabled')]", - "vnetRouteAllEnabled": "[parameters('vnetRouteAllEnabled')]" - }, - "dependsOn": [ - "app" - ] - }, - "slot_lock": { - "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Web/sites/{0}/slots/{1}', parameters('appName'), parameters('name'))]", - "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", - "properties": { - "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" - }, - "dependsOn": [ - "slot" - ] - }, - "slot_diagnosticSettings": { - "copy": { - "name": "slot_diagnosticSettings", - "count": "[length(coalesce(parameters('diagnosticSettings'), createArray()))]" - }, - "type": "Microsoft.Insights/diagnosticSettings", - "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.Web/sites/{0}/slots/{1}', parameters('appName'), parameters('name'))]", - "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", - "properties": { - "storageAccountId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'storageAccountResourceId')]", - "workspaceId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'workspaceResourceId')]", - "eventHubAuthorizationRuleId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubAuthorizationRuleResourceId')]", - "eventHubName": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'eventHubName')]", - "metrics": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics', 'timeGrain', null(), 'enabled', true())))]", - "logs": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), createArray(createObject('categoryGroup', 'AllLogs', 'enabled', true())))]", - "marketplacePartnerId": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'marketplacePartnerResourceId')]", - "logAnalyticsDestinationType": "[tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logAnalyticsDestinationType')]" - }, - "dependsOn": [ - "slot" - ] - }, - "slot_roleAssignments": { - "copy": { - "name": "slot_roleAssignments", - "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]" - }, - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Web/sites/{0}/slots/{1}', parameters('appName'), parameters('name'))]", - "name": "[guid(resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", - "properties": { - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", - "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", - "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", - "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", - "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]", - "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", - "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" - }, - "dependsOn": [ - "slot" - ] - }, - "slot_appsettings": { - "condition": "[not(empty(parameters('appSettingsKeyValuePairs')))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-Slot-{1}-Config-AppSettings', uniqueString(deployment().name, parameters('location')), parameters('name'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "slotName": { - "value": "[parameters('name')]" - }, - "appName": { - "value": "[parameters('appName')]" - }, - "kind": { - "value": "[parameters('kind')]" - }, - "storageAccountResourceId": { - "value": "[parameters('storageAccountResourceId')]" - }, - "appInsightResourceId": { - "value": "[parameters('appInsightResourceId')]" - }, - "setAzureWebJobsDashboard": { - "value": "[parameters('setAzureWebJobsDashboard')]" - }, - "appSettingsKeyValuePairs": { - "value": "[parameters('appSettingsKeyValuePairs')]" - }, - "enableDefaultTelemetry": { - "value": "[variables('enableReferencedModulesTelemetry')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "13223616826795830599" - }, - "name": "Site Slot App Settings", - "description": "This module deploys a Site Slot App Setting.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "slotName": { - "type": "string", - "metadata": { - "description": "Required. Slot name to be configured." - } - }, - "appName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." - } - }, - "kind": { - "type": "string", - "allowedValues": [ - "functionapp", - "functionapp,linux", - "functionapp,workflowapp", - "functionapp,workflowapp,linux", - "app" - ], - "metadata": { - "description": "Required. Type of slot to deploy." - } - }, - "storageAccountResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions." - } - }, - "appInsightResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Resource ID of the app insight to leverage for this resource." - } - }, - "setAzureWebJobsDashboard": { - "type": "bool", - "defaultValue": "[if(contains(parameters('kind'), 'functionapp'), true(), false())]", - "metadata": { - "description": "Optional. For function apps. If true the app settings \"AzureWebJobsDashboard\" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons." - } - }, - "appSettingsKeyValuePairs": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Web/sites/slots/config", - "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}/{2}', parameters('appName'), parameters('slotName'), 'appsettings')]", - "kind": "[parameters('kind')]", - "properties": "[union(parameters('appSettingsKeyValuePairs'), if(not(empty(parameters('storageAccountResourceId'))), union(createObject('AzureWebJobsStorage', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};', last(split(parameters('storageAccountResourceId'), '/')), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountResourceId'), '/')[2], split(parameters('storageAccountResourceId'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2023-01-01').keys[0].value)), if(equals(parameters('setAzureWebJobsDashboard'), true()), createObject('AzureWebJobsDashboard', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};', last(split(parameters('storageAccountResourceId'), '/')), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('storageAccountResourceId'), '/')[2], split(parameters('storageAccountResourceId'), '/')[4]), 'Microsoft.Storage/storageAccounts', last(split(parameters('storageAccountResourceId'), '/'))), '2023-01-01').keys[0].value)), createObject())), createObject()), if(not(empty(parameters('appInsightResourceId'))), createObject('APPINSIGHTS_INSTRUMENTATIONKEY', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('appInsightResourceId'), '/')[2], split(parameters('appInsightResourceId'), '/')[4]), 'Microsoft.Insights/components', last(split(parameters('appInsightResourceId'), '/'))), '2020-02-02').InstrumentationKey, 'APPLICATIONINSIGHTS_CONNECTION_STRING', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('appInsightResourceId'), '/')[2], split(parameters('appInsightResourceId'), '/')[4]), 'Microsoft.Insights/components', last(split(parameters('appInsightResourceId'), '/'))), '2020-02-02').ConnectionString), createObject()))]" - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the slot config." - }, - "value": "appsettings" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the slot config." - }, - "value": "[resourceId('Microsoft.Web/sites/slots/config', parameters('appName'), parameters('slotName'), 'appsettings')]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the slot config was deployed into." - }, - "value": "[resourceGroup().name]" - } - } - } - }, - "dependsOn": [ - "app", - "slot" - ] - }, - "slot_authsettingsv2": { - "condition": "[not(empty(parameters('authSettingV2Configuration')))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-Slot-{1}-Config-AuthSettingsV2', uniqueString(deployment().name, parameters('location')), parameters('name'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "slotName": { - "value": "[parameters('name')]" - }, - "appName": { - "value": "[parameters('appName')]" - }, - "kind": { - "value": "[parameters('kind')]" - }, - "authSettingV2Configuration": { - "value": "[parameters('authSettingV2Configuration')]" - }, - "enableDefaultTelemetry": { - "value": "[variables('enableReferencedModulesTelemetry')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "16157844933162881953" - }, - "name": "Site Slot Auth Settings V2 Config", - "description": "This module deploys a Site Auth Settings V2 Configuration.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "appName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent site resource. Required if the template is used in a standalone deployment." - } - }, - "slotName": { - "type": "string", - "metadata": { - "description": "Required. Slot name to be configured." - } - }, - "kind": { - "type": "string", - "allowedValues": [ - "functionapp", - "functionapp,linux", - "functionapp,workflowapp", - "functionapp,workflowapp,linux", - "app" - ], - "metadata": { - "description": "Required. Type of slot to deploy." - } - }, - "authSettingV2Configuration": { - "type": "object", - "metadata": { - "description": "Required. The auth settings V2 configuration." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via the Customer Usage Attribution ID (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Web/sites/slots/config", - "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}/{2}', parameters('appName'), parameters('slotName'), 'authsettingsV2')]", - "kind": "[parameters('kind')]", - "properties": "[parameters('authSettingV2Configuration')]" - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the slot config." - }, - "value": "authsettingsV2" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the slot config." - }, - "value": "[resourceId('Microsoft.Web/sites/slots/config', parameters('appName'), parameters('slotName'), 'authsettingsV2')]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the slot config was deployed into." - }, - "value": "[resourceGroup().name]" - } - } - } - }, - "dependsOn": [ - "app", - "slot" - ] - }, - "slot_hybridConnectionRelays": { - "copy": { - "name": "slot_hybridConnectionRelays", - "count": "[length(parameters('hybridConnectionRelays'))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-Slot-HybridConnectionRelay-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "hybridConnectionResourceId": { - "value": "[parameters('hybridConnectionRelays')[copyIndex()].resourceId]" - }, - "appName": { - "value": "[parameters('appName')]" - }, - "slotName": { - "value": "[parameters('name')]" - }, - "sendKeyName": "[if(contains(parameters('hybridConnectionRelays')[copyIndex()], 'sendKeyName'), createObject('value', parameters('hybridConnectionRelays')[copyIndex()].sendKeyName), createObject('value', null()))]", - "enableDefaultTelemetry": { - "value": "[variables('enableReferencedModulesTelemetry')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "11888981629758921842" - }, - "name": "Web/Function Apps Slot Hybrid Connection Relay", - "description": "This module deploys a Site Slot Hybrid Connection Namespace Relay.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "hybridConnectionResourceId": { - "type": "string", - "metadata": { - "description": "Required. The resource ID of the relay namespace hybrid connection." - } - }, - "slotName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the site slot. Required if the template is used in a standalone deployment." - } - }, - "appName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent web site. Required if the template is used in a standalone deployment." - } - }, - "sendKeyName": { - "type": "string", - "defaultValue": "defaultSender", - "metadata": { - "description": "Optional. Name of the authorization rule send key to use." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all Resources." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays", - "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]", - "properties": { - "serviceBusNamespace": "[split(parameters('hybridConnectionResourceId'), '/')[8]]", - "serviceBusSuffix": "[split(substring(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces', split(parameters('hybridConnectionResourceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, indexOf(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces', split(parameters('hybridConnectionResourceId'), '/')[8]), '2021-11-01').serviceBusEndpoint, '.servicebus')), ':')[0]]", - "relayName": "[split(parameters('hybridConnectionResourceId'), '/')[10]]", - "relayArmUri": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]", - "hostname": "[split(json(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '2021-11-01').userMetadata)[0].value, ':')[0]]", - "port": "[int(split(json(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '2021-11-01').userMetadata)[0].value, ':')[1])]", - "sendKeyName": "[parameters('sendKeyName')]", - "sendKeyValue": "[listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('hybridConnectionResourceId'), '/')[2], split(parameters('hybridConnectionResourceId'), '/')[4]), 'Microsoft.Relay/namespaces/hybridConnections/authorizationRules', split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10], parameters('sendKeyName')), '2021-11-01').primaryKey]" - } - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the hybrid connection relay.." - }, - "value": "[format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10])]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the hybrid connection relay." - }, - "value": "[resourceId('Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays', split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[0], split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[1], split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[2], split(format('{0}/{1}/{2}/{3}', parameters('appName'), parameters('slotName'), split(parameters('hybridConnectionResourceId'), '/')[8], split(parameters('hybridConnectionResourceId'), '/')[10]), '/')[3])]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The name of the resource group the resource was deployed into." - }, - "value": "[resourceGroup().name]" - } - } - } - }, - "dependsOn": [ - "app", - "slot" - ] - }, - "slot_privateEndpoints": { - "copy": { - "name": "slot_privateEndpoints", - "count": "[length(coalesce(parameters('privateEndpoints'), createArray()))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-app-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "groupIds": { - "value": [ - "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites')]" - ] - }, - "name": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'name'), format('pep-{0}-{1}-{2}', last(split(resourceId('Microsoft.Web/sites', parameters('appName')), '/')), coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'service'), 'sites'), copyIndex()))]" - }, - "serviceResourceId": { - "value": "[resourceId('Microsoft.Web/sites', parameters('appName'))]" - }, - "subnetResourceId": { - "value": "[coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId]" - }, - "enableDefaultTelemetry": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'enableDefaultTelemetry'), variables('enableReferencedModulesTelemetry'))]" - }, - "location": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'location'), reference(split(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()].subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location)]" - }, - "lock": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'lock'), parameters('lock'))]" - }, - "privateDnsZoneGroupName": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroupName')]" - }, - "privateDnsZoneResourceIds": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneResourceIds')]" - }, - "roleAssignments": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'roleAssignments')]" - }, - "tags": { - "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" - }, - "manualPrivateLinkServiceConnections": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'manualPrivateLinkServiceConnections')]" - }, - "customDnsConfigs": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customDnsConfigs')]" - }, - "ipConfigurations": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'ipConfigurations')]" - }, - "applicationSecurityGroupResourceIds": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'applicationSecurityGroupResourceIds')]" - }, - "customNetworkInterfaceName": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'customNetworkInterfaceName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "languageVersion": "2.0", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "12078057657290521609" - }, - "name": "Private Endpoints", - "description": "This module deploys a Private Endpoint.", - "owner": "Azure/module-maintainers" - }, - "definitions": { - "roleAssignmentType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." - } - }, - "principalId": { - "type": "string", - "metadata": { - "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." - } - }, - "principalType": { - "type": "string", - "allowedValues": [ - "Device", - "ForeignGroup", - "Group", - "ServicePrincipal", - "User" - ], - "nullable": true, - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "description": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "condition": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" - } - }, - "conditionVersion": { - "type": "string", - "allowedValues": [ - "2.0" - ], - "nullable": true, - "metadata": { - "description": "Optional. Version of the condition." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The Resource Id of the delegated managed identity resource." - } - } - } - }, - "nullable": true - }, - "lockType": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Specify the name of lock." - } - }, - "kind": { - "type": "string", - "allowedValues": [ - "CanNotDelete", - "None", - "ReadOnly" - ], - "nullable": true, - "metadata": { - "description": "Optional. Specify the type of lock." - } - } - }, - "nullable": true - }, - "ipConfigurationsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the resource that is unique within a resource group." - } - }, - "properties": { - "type": "object", - "properties": { - "groupId": { - "type": "string", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "memberName": { - "type": "string", - "metadata": { - "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateIPAddress": { - "type": "string", - "metadata": { - "description": "Required. A private ip address obtained from the private endpoint's subnet." - } - } - }, - "metadata": { - "description": "Required. Properties of private endpoint IP configurations." - } - } - } - }, - "nullable": true - }, - "customDnsConfigType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "fqdn": { - "type": "string", - "metadata": { - "description": "Required. Fqdn that resolves to private endpoint ip address." - } - }, - "ipAddresses": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. A list of private ip addresses of the private endpoint." - } - } - } - }, - "nullable": true - } - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. Name of the private endpoint resource to create." - } - }, - "subnetResourceId": { - "type": "string", - "metadata": { - "description": "Required. Resource ID of the subnet where the endpoint needs to be created." - } - }, - "serviceResourceId": { - "type": "string", - "metadata": { - "description": "Required. Resource ID of the resource that needs to be connected to the network." - } - }, - "applicationSecurityGroupResourceIds": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Application security groups in which the private endpoint IP configuration is included." - } - }, - "customNetworkInterfaceName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The custom name of the network interface attached to the private endpoint." - } - }, - "ipConfigurations": { - "$ref": "#/definitions/ipConfigurationsType", - "nullable": true, - "metadata": { - "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." - } - }, - "groupIds": { - "type": "array", - "metadata": { - "description": "Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to." - } - }, - "privateDnsZoneGroupName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." - } - }, - "privateDnsZoneResourceIds": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all Resources." - } - }, - "lock": { - "$ref": "#/definitions/lockType", - "metadata": { - "description": "Optional. The lock settings of the service." - } - }, - "roleAssignments": { - "$ref": "#/definitions/roleAssignmentType", - "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "tags": { - "type": "object", - "nullable": true, - "metadata": { - "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." - } - }, - "customDnsConfigs": { - "$ref": "#/definitions/customDnsConfigType", - "nullable": true, - "metadata": { - "description": "Optional. Custom DNS configurations." - } - }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable/Disable usage telemetry for module." - } - } - }, - "variables": { - "enableReferencedModulesTelemetry": false, - "builtInRoleNames": { - "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", - "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", - "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", - "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", - "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", - "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", - "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", - "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", - "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]" - } - }, - "resources": { - "defaultTelemetry": { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - "privateEndpoint": { - "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2023-04-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "copy": [ - { - "name": "applicationSecurityGroups", - "count": "[length(coalesce(parameters('applicationSecurityGroupResourceIds'), createArray()))]", - "input": { - "id": "[coalesce(parameters('applicationSecurityGroupResourceIds'), createArray())[copyIndex('applicationSecurityGroups')]]" - } - } - ], - "customDnsConfigs": "[parameters('customDnsConfigs')]", - "customNetworkInterfaceName": "[coalesce(parameters('customNetworkInterfaceName'), '')]", - "ipConfigurations": "[coalesce(parameters('ipConfigurations'), createArray())]", - "manualPrivateLinkServiceConnections": "[coalesce(parameters('manualPrivateLinkServiceConnections'), createArray())]", - "privateLinkServiceConnections": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[parameters('serviceResourceId')]", - "groupIds": "[parameters('groupIds')]" - } - } - ], - "subnet": { - "id": "[parameters('subnetResourceId')]" - } - } - }, - "privateEndpoint_lock": { - "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", - "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", - "properties": { - "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" - }, - "dependsOn": [ - "privateEndpoint" - ] - }, - "privateEndpoint_roleAssignments": { - "copy": { - "name": "privateEndpoint_roleAssignments", - "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]" - }, - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", - "name": "[guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", - "properties": { - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", - "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", - "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", - "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", - "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]", - "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", - "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" - }, - "dependsOn": [ - "privateEndpoint" - ] - }, - "privateEndpoint_privateDnsZoneGroup": { - "condition": "[not(empty(parameters('privateDnsZoneResourceIds')))]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-PrivateEndpoint-PrivateDnsZoneGroup', uniqueString(deployment().name))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[coalesce(parameters('privateDnsZoneGroupName'), 'default')]" - }, - "privateDNSResourceIds": { - "value": "[coalesce(parameters('privateDnsZoneResourceIds'), createArray())]" - }, - "privateEndpointName": { - "value": "[parameters('name')]" - }, - "enableDefaultTelemetry": { - "value": "[variables('enableReferencedModulesTelemetry')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "16391702514342252839" - }, - "name": "Private Endpoint Private DNS Zone Groups", - "description": "This module deploys a Private Endpoint Private DNS Zone Group.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "privateEndpointName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent private endpoint. Required if the template is used in a standalone deployment." - } - }, - "privateDNSResourceIds": { - "type": "array", - "minLength": 1, - "maxLength": 5, - "metadata": { - "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." - } - }, - "name": { - "type": "string", - "defaultValue": "default", - "metadata": { - "description": "Optional. The name of the private DNS zone group." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable/Disable usage telemetry for module." - } - } - }, - "variables": { - "copy": [ - { - "name": "privateDnsZoneConfigs", - "count": "[length(parameters('privateDNSResourceIds'))]", - "input": { - "name": "[last(split(parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')], '/'))]", - "properties": { - "privateDnsZoneId": "[parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')]]" - } - } - } - ] - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2023-04-01", - "name": "[format('{0}/{1}', parameters('privateEndpointName'), parameters('name'))]", - "properties": { - "privateDnsZoneConfigs": "[variables('privateDnsZoneConfigs')]" - } - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the private endpoint DNS zone group." - }, - "value": "[parameters('name')]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the private endpoint DNS zone group." - }, - "value": "[resourceId('Microsoft.Network/privateEndpoints/privateDnsZoneGroups', parameters('privateEndpointName'), parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the private endpoint DNS zone group was deployed into." - }, - "value": "[resourceGroup().name]" - } - } - } - }, - "dependsOn": [ - "privateEndpoint" - ] - } - }, - "outputs": { - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the private endpoint was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the private endpoint." - }, - "value": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]" - }, - "name": { - "type": "string", - "metadata": { - "description": "The name of the private endpoint." - }, - "value": "[parameters('name')]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" - } - } - } - }, - "dependsOn": [ - "app" - ] - } - }, - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the slot." - }, - "value": "[parameters('name')]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the slot." - }, - "value": "[resourceId('Microsoft.Web/sites/slots', parameters('appName'), parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the slot was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "systemAssignedMIPrincipalId": { - "type": "string", - "metadata": { - "description": "The principal ID of the system assigned identity." - }, - "value": "[if(and(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), contains(reference('slot', '2022-09-01', 'full').identity, 'principalId')), reference('slot', '2022-09-01', 'full').identity.principalId, '')]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference('slot', '2022-09-01', 'full').location]" - } - } -} \ No newline at end of file From f042aa00b43cd35b329260e82eb3282a6063d44c Mon Sep 17 00:00:00 2001 From: Dan Rios <36534747+riosengineer@users.noreply.github.com> Date: Mon, 20 Nov 2023 15:10:32 +0000 Subject: [PATCH 07/13] linting removing readmes --- .../private-dns-zone-group/main.json | 105 --- .../README.md | 84 -- .../webApp/site/config--appsettings/README.md | 159 ---- .../site/config--authsettingsv2/README.md | 85 -- .../modules/webApp/site/slot/README.md | 851 ------------------ .../site/slot/config--appsettings/README.md | 161 ---- .../slot/config--authsettingsv2/README.md | 92 -- .../relay/README.md | 91 -- 8 files changed, 1628 deletions(-) delete mode 100644 bicep-examples/dependencies/modules/privateEndpoint/private-dns-zone-group/main.json delete mode 100644 bicep-examples/dependencies/modules/webApp/site/basic-publishing-credentials-policy/README.md delete mode 100644 bicep-examples/dependencies/modules/webApp/site/config--appsettings/README.md delete mode 100644 bicep-examples/dependencies/modules/webApp/site/config--authsettingsv2/README.md delete mode 100644 bicep-examples/dependencies/modules/webApp/site/slot/README.md delete mode 100644 bicep-examples/dependencies/modules/webApp/site/slot/config--appsettings/README.md delete mode 100644 bicep-examples/dependencies/modules/webApp/site/slot/config--authsettingsv2/README.md delete mode 100644 bicep-examples/dependencies/modules/webApp/site/slot/hybrid-connection-namespace/relay/README.md diff --git a/bicep-examples/dependencies/modules/privateEndpoint/private-dns-zone-group/main.json b/bicep-examples/dependencies/modules/privateEndpoint/private-dns-zone-group/main.json deleted file mode 100644 index 4216fc2..0000000 --- a/bicep-examples/dependencies/modules/privateEndpoint/private-dns-zone-group/main.json +++ /dev/null @@ -1,105 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "16391702514342252839" - }, - "name": "Private Endpoint Private DNS Zone Groups", - "description": "This module deploys a Private Endpoint Private DNS Zone Group.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "privateEndpointName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent private endpoint. Required if the template is used in a standalone deployment." - } - }, - "privateDNSResourceIds": { - "type": "array", - "minLength": 1, - "maxLength": 5, - "metadata": { - "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." - } - }, - "name": { - "type": "string", - "defaultValue": "default", - "metadata": { - "description": "Optional. The name of the private DNS zone group." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable/Disable usage telemetry for module." - } - } - }, - "variables": { - "copy": [ - { - "name": "privateDnsZoneConfigs", - "count": "[length(parameters('privateDNSResourceIds'))]", - "input": { - "name": "[last(split(parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')], '/'))]", - "properties": { - "privateDnsZoneId": "[parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')]]" - } - } - } - ] - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2023-04-01", - "name": "[format('{0}/{1}', parameters('privateEndpointName'), parameters('name'))]", - "properties": { - "privateDnsZoneConfigs": "[variables('privateDnsZoneConfigs')]" - } - } - ], - "outputs": { - "name": { - "type": "string", - "metadata": { - "description": "The name of the private endpoint DNS zone group." - }, - "value": "[parameters('name')]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the private endpoint DNS zone group." - }, - "value": "[resourceId('Microsoft.Network/privateEndpoints/privateDnsZoneGroups', parameters('privateEndpointName'), parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the private endpoint DNS zone group was deployed into." - }, - "value": "[resourceGroup().name]" - } - } -} \ No newline at end of file diff --git a/bicep-examples/dependencies/modules/webApp/site/basic-publishing-credentials-policy/README.md b/bicep-examples/dependencies/modules/webApp/site/basic-publishing-credentials-policy/README.md deleted file mode 100644 index 59fe521..0000000 --- a/bicep-examples/dependencies/modules/webApp/site/basic-publishing-credentials-policy/README.md +++ /dev/null @@ -1,84 +0,0 @@ -# Web Site Basic Publishing Credentials Policies `[Microsoft.Web/sites/basicPublishingCredentialsPolicies]` - -This module deploys a Web Site Basic Publishing Credentials Policy. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Web/sites/basicPublishingCredentialsPolicies` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) | - -## Parameters - -**Required parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`name`](#parameter-name) | string | The name of the resource. | - -**Conditional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`webAppName`](#parameter-webappname) | string | The name of the parent web site. Required if the template is used in a standalone deployment. | - -**Optional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -| [`location`](#parameter-location) | string | Location for all Resources. | - -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `location` - -Location for all Resources. -- Required: No -- Type: string -- Default: `[resourceGroup().location]` - -### Parameter: `name` - -The name of the resource. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'ftp' - 'scm' - ] - ``` - -### Parameter: `webAppName` - -The name of the parent web site. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - - -## Outputs - -| Output | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the basic publishing credential policy. | -| `resourceGroupName` | string | The name of the resource group the basic publishing credential policy was deployed into. | -| `resourceId` | string | The resource ID of the basic publishing credential policy. | - -## Cross-referenced modules - -_None_ diff --git a/bicep-examples/dependencies/modules/webApp/site/config--appsettings/README.md b/bicep-examples/dependencies/modules/webApp/site/config--appsettings/README.md deleted file mode 100644 index 3b93bb0..0000000 --- a/bicep-examples/dependencies/modules/webApp/site/config--appsettings/README.md +++ /dev/null @@ -1,159 +0,0 @@ -# Site App Settings `[Microsoft.Web/sites/config]` - -This module deploys a Site App Setting. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) -- [Notes](#Notes) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Web/sites/config` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) | - -## Parameters - -**Required parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`kind`](#parameter-kind) | string | Type of site to deploy. | - -**Conditional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`appName`](#parameter-appname) | string | The name of the parent site resource. Required if the template is used in a standalone deployment. | - -**Optional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`appInsightResourceId`](#parameter-appinsightresourceid) | string | Resource ID of the app insight to leverage for this resource. | -| [`appSettingsKeyValuePairs`](#parameter-appsettingskeyvaluepairs) | object | The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. | -| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -| [`setAzureWebJobsDashboard`](#parameter-setazurewebjobsdashboard) | bool | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. | -| [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. | - -### Parameter: `appInsightResourceId` - -Resource ID of the app insight to leverage for this resource. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `appName` - -The name of the parent site resource. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `appSettingsKeyValuePairs` - -The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. -- Required: No -- Type: object -- Default: `{}` - -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `kind` - -Type of site to deploy. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'app' - 'functionapp' - 'functionapplinux' - 'functionappworkflowapp' - 'functionappworkflowapplinux' - ] - ``` - -### Parameter: `setAzureWebJobsDashboard` - -For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. -- Required: No -- Type: bool -- Default: `[if(contains(parameters('kind'), 'functionapp'), true(), false())]` - -### Parameter: `storageAccountResourceId` - -Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. -- Required: No -- Type: string -- Default: `''` - - -## Outputs - -| Output | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the site config. | -| `resourceGroupName` | string | The resource group the site config was deployed into. | -| `resourceId` | string | The resource ID of the site config. | - -## Cross-referenced modules - -_None_ - -## Notes - -### Parameter Usage: `appSettingsKeyValuePairs` - -AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING are set separately (check parameters storageAccountId, setAzureWebJobsDashboard, appInsightId). -For all other app settings key-value pairs use this object. - -diff --git a/bicep-examples/dependencies/modules/webApp/site/config--authsettingsv2/README.md b/bicep-examples/dependencies/modules/webApp/site/config--authsettingsv2/README.md deleted file mode 100644 index da797e6..0000000 --- a/bicep-examples/dependencies/modules/webApp/site/config--authsettingsv2/README.md +++ /dev/null @@ -1,85 +0,0 @@ -# Site Auth Settings V2 Config `[Microsoft.Web/sites/config]` - -This module deploys a Site Auth Settings V2 Configuration. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Web/sites/config` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) | - -## Parameters - -**Required parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`authSettingV2Configuration`](#parameter-authsettingv2configuration) | object | The auth settings V2 configuration. | -| [`kind`](#parameter-kind) | string | Type of site to deploy. | - -**Conditional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`appName`](#parameter-appname) | string | The name of the parent site resource. Required if the template is used in a standalone deployment. | - -**Optional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | - -### Parameter: `appName` - -The name of the parent site resource. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `authSettingV2Configuration` - -The auth settings V2 configuration. -- Required: Yes -- Type: object - -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `kind` - -Type of site to deploy. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'app' - 'functionapp' - 'functionapplinux' - 'functionappworkflowapp' - 'functionappworkflowapplinux' - ] - ``` - - -## Outputs - -| Output | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the site config. | -| `resourceGroupName` | string | The resource group the site config was deployed into. | -| `resourceId` | string | The resource ID of the site config. | - -## Cross-referenced modules - -_None_ diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/README.md b/bicep-examples/dependencies/modules/webApp/site/slot/README.md deleted file mode 100644 index e929296..0000000 --- a/bicep-examples/dependencies/modules/webApp/site/slot/README.md +++ /dev/null @@ -1,851 +0,0 @@ -# Web/Function App Deployment Slots `[Microsoft.Web/sites/slots]` - -This module deploys a Web or Function App Deployment Slot. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) -- [Notes](#Notes) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -| `Microsoft.Web/sites/slots` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites/slots) | -| `Microsoft.Web/sites/slots/config` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) | -| `Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites/slots/hybridConnectionNamespaces/relays) | - -## Parameters - -**Required parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`kind`](#parameter-kind) | string | Type of slot to deploy. | -| [`name`](#parameter-name) | string | Name of the slot. | - -**Conditional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`appName`](#parameter-appname) | string | The name of the parent site resource. Required if the template is used in a standalone deployment. | - -**Optional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`appInsightResourceId`](#parameter-appinsightresourceid) | string | Resource ID of the app insight to leverage for this resource. | -| [`appServiceEnvironmentResourceId`](#parameter-appserviceenvironmentresourceid) | string | The resource ID of the app service environment to use for this resource. | -| [`appSettingsKeyValuePairs`](#parameter-appsettingskeyvaluepairs) | object | The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. | -| [`authSettingV2Configuration`](#parameter-authsettingv2configuration) | object | The auth settings V2 configuration. | -| [`clientAffinityEnabled`](#parameter-clientaffinityenabled) | bool | If client affinity is enabled. | -| [`clientCertEnabled`](#parameter-clientcertenabled) | bool | To enable client certificate authentication (TLS mutual authentication). | -| [`clientCertExclusionPaths`](#parameter-clientcertexclusionpaths) | string | Client certificate authentication comma-separated exclusion paths. | -| [`clientCertMode`](#parameter-clientcertmode) | string | This composes with ClientCertEnabled setting.
- ClientCertEnabled: false means ClientCert is ignored.- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted. | -| [`cloningInfo`](#parameter-cloninginfo) | object | If specified during app creation, the app is cloned from a source app. | -| [`containerSize`](#parameter-containersize) | int | Size of the function container. | -| [`customDomainVerificationId`](#parameter-customdomainverificationid) | string | Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification. | -| [`dailyMemoryTimeQuota`](#parameter-dailymemorytimequota) | int | Maximum allowed daily memory-time quota (applicable on dynamic apps only). | -| [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. | -| [`enabled`](#parameter-enabled) | bool | Setting this value to false disables the app (takes the app offline). | -| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| [`hostNameSslStates`](#parameter-hostnamesslstates) | array | Hostname SSL states are used to manage the SSL bindings for app's hostnames. | -| [`httpsOnly`](#parameter-httpsonly) | bool | Configures a slot to accept only HTTPS requests. Issues redirect for HTTP requests. | -| [`hybridConnectionRelays`](#parameter-hybridconnectionrelays) | array | Names of hybrid connection relays to connect app with. | -| [`hyperV`](#parameter-hyperv) | bool | Hyper-V sandbox. | -| [`keyVaultAccessIdentityResourceId`](#parameter-keyvaultaccessidentityresourceid) | string | The resource ID of the assigned identity to be used to access a key vault with. | -| [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | object | The lock settings of the service. | -| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. | -| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. | -| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Allow or block all public traffic. | -| [`redundancyMode`](#parameter-redundancymode) | string | Site redundancy mode. | -| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| [`serverFarmResourceId`](#parameter-serverfarmresourceid) | string | The resource ID of the app service plan to use for the slot. | -| [`setAzureWebJobsDashboard`](#parameter-setazurewebjobsdashboard) | bool | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. | -| [`siteConfig`](#parameter-siteconfig) | object | The site config object. | -| [`storageAccountRequired`](#parameter-storageaccountrequired) | bool | Checks if Customer provided storage account is required. | -| [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. | -| [`tags`](#parameter-tags) | object | Tags of the resource. | -| [`virtualNetworkSubnetId`](#parameter-virtualnetworksubnetid) | string | Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}. | -| [`vnetContentShareEnabled`](#parameter-vnetcontentshareenabled) | bool | To enable accessing content over virtual network. | -| [`vnetImagePullEnabled`](#parameter-vnetimagepullenabled) | bool | To enable pulling image over Virtual Network. | -| [`vnetRouteAllEnabled`](#parameter-vnetrouteallenabled) | bool | Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. | - -### Parameter: `appInsightResourceId` - -Resource ID of the app insight to leverage for this resource. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `appName` - -The name of the parent site resource. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `appServiceEnvironmentResourceId` - -The resource ID of the app service environment to use for this resource. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `appSettingsKeyValuePairs` - -The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. -- Required: No -- Type: object -- Default: `{}` - -### Parameter: `authSettingV2Configuration` - -The auth settings V2 configuration. -- Required: No -- Type: object -- Default: `{}` - -### Parameter: `clientAffinityEnabled` - -If client affinity is enabled. -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `clientCertEnabled` - -To enable client certificate authentication (TLS mutual authentication). -- Required: No -- Type: bool -- Default: `False` - -### Parameter: `clientCertExclusionPaths` - -Client certificate authentication comma-separated exclusion paths. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `clientCertMode` - -This composes with ClientCertEnabled setting.- ClientCertEnabled: false means ClientCert is ignored.- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted. -- Required: No -- Type: string -- Default: `'Optional'` -- Allowed: - ```Bicep - [ - 'Optional' - 'OptionalInteractiveUser' - 'Required' - ] - ``` - -### Parameter: `cloningInfo` - -If specified during app creation, the app is cloned from a source app. -- Required: No -- Type: object -- Default: `{}` - -### Parameter: `containerSize` - -Size of the function container. -- Required: No -- Type: int -- Default: `-1` - -### Parameter: `customDomainVerificationId` - -Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `dailyMemoryTimeQuota` - -Maximum allowed daily memory-time quota (applicable on dynamic apps only). -- Required: No -- Type: int -- Default: `-1` - -### Parameter: `diagnosticSettings` - -The diagnostic settings of the service. -- Required: No -- Type: array - - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | - -### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` - -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.eventHubName` - -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logAnalyticsDestinationType` - -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - -- Required: No -- Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` - -### Parameter: `diagnosticSettings.logCategoriesAndGroups` - -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - -- Required: No -- Type: array - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - -### Parameter: `diagnosticSettings.marketplacePartnerResourceId` - -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.metricCategories` - -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - -- Required: No -- Type: array - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - -### Parameter: `diagnosticSettings.name` - -Optional. The name of diagnostic setting. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.storageAccountResourceId` - -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.workspaceResourceId` - -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - -- Required: No -- Type: string - -### Parameter: `enabled` - -Setting this value to false disables the app (takes the app offline). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via the Customer Usage Attribution ID (GUID). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `hostNameSslStates` - -Hostname SSL states are used to manage the SSL bindings for app's hostnames. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `httpsOnly` - -Configures a slot to accept only HTTPS requests. Issues redirect for HTTP requests. -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `hybridConnectionRelays` - -Names of hybrid connection relays to connect app with. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `hyperV` - -Hyper-V sandbox. -- Required: No -- Type: bool -- Default: `False` - -### Parameter: `keyVaultAccessIdentityResourceId` - -The resource ID of the assigned identity to be used to access a key vault with. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `kind` - -Type of slot to deploy. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'app' - 'functionapp' - 'functionapplinux' - 'functionappworkflowapp' - 'functionappworkflowapplinux' - ] - ``` - -### Parameter: `location` - -Location for all Resources. -- Required: No -- Type: string -- Default: `[resourceGroup().location]` - -### Parameter: `lock` - -The lock settings of the service. -- Required: No -- Type: object - - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | - -### Parameter: `lock.kind` - -Optional. Specify the type of lock. - -- Required: No -- Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` - -### Parameter: `lock.name` - -Optional. Specify the name of lock. - -- Required: No -- Type: string - -### Parameter: `managedIdentities` - -The managed identity definition for this resource. -- Required: No -- Type: object - - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourcesIds`](#parameter-managedidentitiesuserassignedresourcesids) | No | array | Optional. The resource ID(s) to assign to the resource. | - -### Parameter: `managedIdentities.systemAssigned` - -Optional. Enables system assigned managed identity on the resource. - -- Required: No -- Type: bool - -### Parameter: `managedIdentities.userAssignedResourcesIds` - -Optional. The resource ID(s) to assign to the resource. - -- Required: No -- Type: array - -### Parameter: `name` - -Name of the slot. -- Required: Yes -- Type: string - -### Parameter: `privateEndpoints` - -Configuration details for private endpoints. -- Required: No -- Type: array - - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. - -- Required: No -- Type: array - -### Parameter: `privateEndpoints.customDnsConfigs` - -Optional. Custom DNS configurations. - -- Required: No -- Type: array - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | - -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` - -Required. Fqdn that resolves to private endpoint ip address. - -- Required: No -- Type: string - -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` - -Required. A list of private ip addresses of the private endpoint. - -- Required: Yes -- Type: array - - -### Parameter: `privateEndpoints.customNetworkInterfaceName` - -Optional. The custom name of the network interface attached to the private endpoint. - -- Required: No -- Type: string - -### Parameter: `privateEndpoints.enableTelemetry` - -Optional. Enable/Disable usage telemetry for module. - -- Required: No -- Type: bool - -### Parameter: `privateEndpoints.ipConfigurations` - -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - -- Required: No -- Type: array - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` - -Required. The name of the resource that is unique within a resource group. - -- Required: Yes -- Type: string - -### Parameter: `privateEndpoints.ipConfigurations.properties` - -Required. Properties of private endpoint IP configurations. - -- Required: Yes -- Type: object - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | - -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` - -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. - -- Required: Yes -- Type: string - -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` - -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. - -- Required: Yes -- Type: string - -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` - -Required. A private ip address obtained from the private endpoint's subnet. - -- Required: Yes -- Type: string - - - -### Parameter: `privateEndpoints.location` - -Optional. The location to deploy the private endpoint to. - -- Required: No -- Type: string - -### Parameter: `privateEndpoints.lock` - -Optional. Specify the type of lock. - -- Required: No -- Type: object - -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` - -Optional. Manual PrivateLink Service Connections. - -- Required: No -- Type: array - -### Parameter: `privateEndpoints.name` - -Optional. The name of the private endpoint. - -- Required: No -- Type: string - -### Parameter: `privateEndpoints.privateDnsZoneGroupName` - -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - -- Required: No -- Type: string - -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` - -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - -- Required: No -- Type: array - -### Parameter: `privateEndpoints.roleAssignments` - -Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. - -- Required: No -- Type: array - -### Parameter: `privateEndpoints.service` - -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". - -- Required: No -- Type: string - -### Parameter: `privateEndpoints.subnetResourceId` - -Required. Resource ID of the subnet where the endpoint needs to be created. - -- Required: Yes -- Type: string - -### Parameter: `privateEndpoints.tags` - -Optional. Tags to be applied on all resources/resource groups in this deployment. - -- Required: No -- Type: object - -### Parameter: `publicNetworkAccess` - -Allow or block all public traffic. -- Required: No -- Type: string -- Default: `''` -- Allowed: - ```Bicep - [ - '' - 'Disabled' - 'Enabled' - ] - ``` - -### Parameter: `redundancyMode` - -Site redundancy mode. -- Required: No -- Type: string -- Default: `'None'` -- Allowed: - ```Bicep - [ - 'ActiveActive' - 'Failover' - 'GeoRedundant' - 'Manual' - 'None' - ] - ``` - -### Parameter: `roleAssignments` - -Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No -- Type: array - - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | - -### Parameter: `roleAssignments.condition` - -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - -- Required: No -- Type: string - -### Parameter: `roleAssignments.conditionVersion` - -Optional. Version of the condition. - -- Required: No -- Type: string -- Allowed: `[2.0]` - -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` - -Optional. The Resource Id of the delegated managed identity resource. - -- Required: No -- Type: string - -### Parameter: `roleAssignments.description` - -Optional. The description of the role assignment. - -- Required: No -- Type: string - -### Parameter: `roleAssignments.principalId` - -Required. The principal ID of the principal (user/group/identity) to assign the role to. - -- Required: Yes -- Type: string - -### Parameter: `roleAssignments.principalType` - -Optional. The principal type of the assigned principal ID. - -- Required: No -- Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` - -### Parameter: `roleAssignments.roleDefinitionIdOrName` - -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. - -- Required: Yes -- Type: string - -### Parameter: `serverFarmResourceId` - -The resource ID of the app service plan to use for the slot. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `setAzureWebJobsDashboard` - -For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. -- Required: No -- Type: bool -- Default: `[if(contains(parameters('kind'), 'functionapp'), true(), false())]` - -### Parameter: `siteConfig` - -The site config object. -- Required: No -- Type: object -- Default: `{}` - -### Parameter: `storageAccountRequired` - -Checks if Customer provided storage account is required. -- Required: No -- Type: bool -- Default: `False` - -### Parameter: `storageAccountResourceId` - -Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `tags` - -Tags of the resource. -- Required: No -- Type: object - -### Parameter: `virtualNetworkSubnetId` - -Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `vnetContentShareEnabled` - -To enable accessing content over virtual network. -- Required: No -- Type: bool -- Default: `False` - -### Parameter: `vnetImagePullEnabled` - -To enable pulling image over Virtual Network. -- Required: No -- Type: bool -- Default: `False` - -### Parameter: `vnetRouteAllEnabled` - -Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. -- Required: No -- Type: bool -- Default: `False` - - -## Outputs - -| Output | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the slot. | -| `resourceGroupName` | string | The resource group the slot was deployed into. | -| `resourceId` | string | The resource ID of the slot. | -| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `modules/network/private-endpoint` | Local reference | - -## Notes - -### Parameter Usage: `appSettingsKeyValuePairs` - -AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING are set separately (check parameters storageAccountId, setAzureWebJobsDashboard, appInsightId). -For all other app settings key-value pairs use this object. - -
diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/config--appsettings/README.md b/bicep-examples/dependencies/modules/webApp/site/slot/config--appsettings/README.md
deleted file mode 100644
index ffdebce..0000000
--- a/bicep-examples/dependencies/modules/webApp/site/slot/config--appsettings/README.md
+++ /dev/null
@@ -1,161 +0,0 @@
-# Site Slot App Settings `[Microsoft.Web/sites/slots/config]`
-
-This module deploys a Site Slot App Setting.
-
-## Navigation
-
-- [Resource Types](#Resource-Types)
-- [Parameters](#Parameters)
-- [Outputs](#Outputs)
-- [Cross-referenced modules](#Cross-referenced-modules)
-- [Notes](#Notes)
-
-## Resource Types
-
-| Resource Type | API Version |
-| :-- | :-- |
-| `Microsoft.Web/sites/slots/config` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) |
-
-## Parameters
-
-**Required parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`kind`](#parameter-kind) | string | Type of slot to deploy. |
-| [`slotName`](#parameter-slotname) | string | Slot name to be configured. |
-
-**Conditional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`appName`](#parameter-appname) | string | The name of the parent site resource. Required if the template is used in a standalone deployment. |
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`appInsightResourceId`](#parameter-appinsightresourceid) | string | Resource ID of the app insight to leverage for this resource. |
-| [`appSettingsKeyValuePairs`](#parameter-appsettingskeyvaluepairs) | object | The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. |
-| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). |
-| [`setAzureWebJobsDashboard`](#parameter-setazurewebjobsdashboard) | bool | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. |
-| [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. |
-
-### Parameter: `appInsightResourceId`
-
-Resource ID of the app insight to leverage for this resource.
-- Required: No
-- Type: string
-- Default: `''`
-
-### Parameter: `appName`
-
-The name of the parent site resource. Required if the template is used in a standalone deployment.
-- Required: Yes
-- Type: string
-
-### Parameter: `appSettingsKeyValuePairs`
-
-The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING.
-- Required: No
-- Type: object
-- Default: `{}`
-
-### Parameter: `enableDefaultTelemetry`
-
-Enable telemetry via the Customer Usage Attribution ID (GUID).
-- Required: No
-- Type: bool
-- Default: `True`
-
-### Parameter: `kind`
-
-Type of slot to deploy.
-- Required: Yes
-- Type: string
-- Allowed:
- ```Bicep
- [
- 'app'
- 'functionapp'
- 'functionapplinux'
- 'functionappworkflowapp'
- 'functionappworkflowapplinux'
- ]
- ```
-
-### Parameter: `setAzureWebJobsDashboard`
-
-For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons.
-- Required: No
-- Type: bool
-- Default: `[if(contains(parameters('kind'), 'functionapp'), true(), false())]`
-
-### Parameter: `slotName`
-
-Slot name to be configured.
-- Required: Yes
-- Type: string
-
-### Parameter: `storageAccountResourceId`
-
-Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions.
-- Required: No
-- Type: string
-- Default: `''`
-
-
-## Outputs
-
-| Output | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the slot config. |
-| `resourceGroupName` | string | The resource group the slot config was deployed into. |
-| `resourceId` | string | The resource ID of the slot config. |
-
-## Cross-referenced modules
-
-_None_
-
-## Notes
-
-### Parameter Usage: `appSettingsKeyValuePairs`
-
-AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING are set separately (check parameters storageAccountId, setAzureWebJobsDashboard, appInsightId).
-For all other app settings key-value pairs use this object.
-
-Parameter JSON format
-
-```json
-"appSettingsKeyValuePairs": {
- "value": {
- "AzureFunctionsJobHost__logging__logLevel__default": "Trace",
- "EASYAUTH_SECRET": "https://adp-[[namePrefix]]-az-kv-x-001.vault.azure.net/secrets/Modules-Test-SP-Password",
- "FUNCTIONS_EXTENSION_VERSION": "~4",
- "FUNCTIONS_WORKER_RUNTIME": "dotnet"
- }
-}
-```
-
-Bicep format
-
-```bicep
-appSettingsKeyValuePairs: {
- AzureFunctionsJobHost__logging__logLevel__default: 'Trace'
- EASYAUTH_SECRET: 'https://adp-[[namePrefix]]-az-kv-x-001.vault.azure.net/secrets/Modules-Test-SP-Password'
- FUNCTIONS_EXTENSION_VERSION: '~4'
- FUNCTIONS_WORKER_RUNTIME: 'dotnet'
-}
-```
-
-
- - -
diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/config--authsettingsv2/README.md b/bicep-examples/dependencies/modules/webApp/site/slot/config--authsettingsv2/README.md deleted file mode 100644 index 2d99aea..0000000 --- a/bicep-examples/dependencies/modules/webApp/site/slot/config--authsettingsv2/README.md +++ /dev/null @@ -1,92 +0,0 @@ -# Site Slot Auth Settings V2 Config `[Microsoft.Web/sites/slots/config]` - -This module deploys a Site Auth Settings V2 Configuration. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Web/sites/slots/config` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/sites) | - -## Parameters - -**Required parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`authSettingV2Configuration`](#parameter-authsettingv2configuration) | object | The auth settings V2 configuration. | -| [`kind`](#parameter-kind) | string | Type of slot to deploy. | -| [`slotName`](#parameter-slotname) | string | Slot name to be configured. | - -**Conditional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`appName`](#parameter-appname) | string | The name of the parent site resource. Required if the template is used in a standalone deployment. | - -**Optional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | - -### Parameter: `appName` - -The name of the parent site resource. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `authSettingV2Configuration` - -The auth settings V2 configuration. -- Required: Yes -- Type: object - -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via the Customer Usage Attribution ID (GUID). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `kind` - -Type of slot to deploy. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'app' - 'functionapp' - 'functionapplinux' - 'functionappworkflowapp' - 'functionappworkflowapplinux' - ] - ``` - -### Parameter: `slotName` - -Slot name to be configured. -- Required: Yes -- Type: string - - -## Outputs - -| Output | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the slot config. | -| `resourceGroupName` | string | The resource group the slot config was deployed into. | -| `resourceId` | string | The resource ID of the slot config. | - -## Cross-referenced modules - -_None_ diff --git a/bicep-examples/dependencies/modules/webApp/site/slot/hybrid-connection-namespace/relay/README.md b/bicep-examples/dependencies/modules/webApp/site/slot/hybrid-connection-namespace/relay/README.md deleted file mode 100644 index 33b7318..0000000 --- a/bicep-examples/dependencies/modules/webApp/site/slot/hybrid-connection-namespace/relay/README.md +++ /dev/null @@ -1,91 +0,0 @@ -# Web/Function Apps Slot Hybrid Connection Relay `[Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays]` - -This module deploys a Site Slot Hybrid Connection Namespace Relay. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Web/sites/slots/hybridConnectionNamespaces/relays` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Web/2022-09-01/sites/slots/hybridConnectionNamespaces/relays) | - -## Parameters - -**Required parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`hybridConnectionResourceId`](#parameter-hybridconnectionresourceid) | string | The resource ID of the relay namespace hybrid connection. | - -**Conditional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`appName`](#parameter-appname) | string | The name of the parent web site. Required if the template is used in a standalone deployment. | -| [`slotName`](#parameter-slotname) | string | The name of the site slot. Required if the template is used in a standalone deployment. | - -**Optional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -| [`location`](#parameter-location) | string | Location for all Resources. | -| [`sendKeyName`](#parameter-sendkeyname) | string | Name of the authorization rule send key to use. | - -### Parameter: `appName` - -The name of the parent web site. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `hybridConnectionResourceId` - -The resource ID of the relay namespace hybrid connection. -- Required: Yes -- Type: string - -### Parameter: `location` - -Location for all Resources. -- Required: No -- Type: string -- Default: `[resourceGroup().location]` - -### Parameter: `sendKeyName` - -Name of the authorization rule send key to use. -- Required: No -- Type: string -- Default: `'defaultSender'` - -### Parameter: `slotName` - -The name of the site slot. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - - -## Outputs - -| Output | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the hybrid connection relay.. | -| `resourceGroupName` | string | The name of the resource group the resource was deployed into. | -| `resourceId` | string | The resource ID of the hybrid connection relay. | - -## Cross-referenced modules - -_None_ From 2cb76b5fef1f479bd4fa7f38ca5d9b26ba6bcc8d Mon Sep 17 00:00:00 2001 From: Dan Rios <36534747+riosengineer@users.noreply.github.com> Date: Mon, 20 Nov 2023 15:16:25 +0000 Subject: [PATCH 08/13] Delete README.md --- .../private-dns-zone-group/README.md | 76 ------------------- 1 file changed, 76 deletions(-) delete mode 100644 bicep-examples/dependencies/modules/privateEndpoint/private-dns-zone-group/README.md diff --git a/bicep-examples/dependencies/modules/privateEndpoint/private-dns-zone-group/README.md b/bicep-examples/dependencies/modules/privateEndpoint/private-dns-zone-group/README.md deleted file mode 100644 index d6c0e0b..0000000 --- a/bicep-examples/dependencies/modules/privateEndpoint/private-dns-zone-group/README.md +++ /dev/null @@ -1,76 +0,0 @@ -# Private Endpoint Private DNS Zone Groups `[Microsoft.Network/privateEndpoints/privateDnsZoneGroups]` - -This module deploys a Private Endpoint Private DNS Zone Group. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | - -## Parameters - -**Required parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`privateDNSResourceIds`](#parameter-privatednsresourceids) | array | Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones. | - -**Conditional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`privateEndpointName`](#parameter-privateendpointname) | string | The name of the parent private endpoint. Required if the template is used in a standalone deployment. | - -**Optional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable/Disable usage telemetry for module. | -| [`name`](#parameter-name) | string | The name of the private DNS zone group. | - -### Parameter: `enableDefaultTelemetry` - -Enable/Disable usage telemetry for module. -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `name` - -The name of the private DNS zone group. -- Required: No -- Type: string -- Default: `'default'` - -### Parameter: `privateDNSResourceIds` - -Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones. -- Required: Yes -- Type: array - -### Parameter: `privateEndpointName` - -The name of the parent private endpoint. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - - -## Outputs - -| Output | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the private endpoint DNS zone group. | -| `resourceGroupName` | string | The resource group the private endpoint DNS zone group was deployed into. | -| `resourceId` | string | The resource ID of the private endpoint DNS zone group. | - -## Cross-referenced modules - -_None_ From 35d84b41a4c50c8e14d5c8e3b414b2d2cc4e3ed6 Mon Sep 17 00:00:00 2001 From: Dan Rios <36534747+riosengineer@users.noreply.github.com> Date: Mon, 20 Nov 2023 15:53:49 +0000 Subject: [PATCH 09/13] linting linting --- .../relay/main.bicep | 66 +++++++++++++++++++ .../relay/version.json | 7 ++ .../dependencies/modules/webApp/webApp.bicep | 1 + 3 files changed, 74 insertions(+) create mode 100644 bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/main.bicep create mode 100644 bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/version.json diff --git a/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/main.bicep b/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/main.bicep new file mode 100644 index 0000000..f1972af --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/main.bicep @@ -0,0 +1,66 @@ +metadata name = 'Web/Function Apps Hybrid Connection Relay' +metadata description = 'This module deploys a Site Hybrid Connection Namespace Relay.' +metadata owner = 'Azure/module-maintainers' + +@description('Required. The resource ID of the relay namespace hybrid connection.') +param hybridConnectionResourceId string + +@description('Conditional. The name of the parent web site. Required if the template is used in a standalone deployment.') +param appName string + +@description('Optional. Name of the authorization rule send key to use.') +param sendKeyName string = 'defaultSender' + +@description('Optional. Location for all Resources.') +param location string = resourceGroup().location + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource namespace 'Microsoft.Relay/namespaces@2021-11-01' existing = { + name: split(hybridConnectionResourceId, '/')[8] + scope: resourceGroup(split(hybridConnectionResourceId, '/')[2], split(hybridConnectionResourceId, '/')[4]) + + resource hybridConnection 'hybridConnections@2021-11-01' existing = { + name: split(hybridConnectionResourceId, '/')[10] + + resource authorizationRule 'authorizationRules@2021-11-01' existing = { + name: sendKeyName + } + } +} + +resource hybridConnectionRelay 'Microsoft.Web/sites/hybridConnectionNamespaces/relays@2022-09-01' = { + name: '${appName}/${namespace.name}/${namespace::hybridConnection.name}' + properties: { + serviceBusNamespace: namespace.name + serviceBusSuffix: split(substring(namespace.properties.serviceBusEndpoint, indexOf(namespace.properties.serviceBusEndpoint, '.servicebus')), ':')[0] + relayName: namespace::hybridConnection.name + relayArmUri: namespace::hybridConnection.id + hostname: split(json(namespace::hybridConnection.properties.userMetadata)[0].value, ':')[0] + port: int(split(json(namespace::hybridConnection.properties.userMetadata)[0].value, ':')[1]) + sendKeyName: namespace::hybridConnection::authorizationRule.name + sendKeyValue: namespace::hybridConnection::authorizationRule.listKeys().primaryKey + } +} + +@description('The name of the hybrid connection relay..') +output name string = hybridConnectionRelay.name + +@description('The resource ID of the hybrid connection relay.') +output resourceId string = hybridConnectionRelay.id + +@description('The name of the resource group the resource was deployed into.') +output resourceGroupName string = resourceGroup().name diff --git a/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/version.json b/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/version.json new file mode 100644 index 0000000..96236a6 --- /dev/null +++ b/bicep-examples/dependencies/modules/webApp/site/hybrid-connection-namespace/relay/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.4", + "pathFilters": [ + "./main.json" + ] +} diff --git a/bicep-examples/dependencies/modules/webApp/webApp.bicep b/bicep-examples/dependencies/modules/webApp/webApp.bicep index 756d373..593c38e 100644 --- a/bicep-examples/dependencies/modules/webApp/webApp.bicep +++ b/bicep-examples/dependencies/modules/webApp/webApp.bicep @@ -293,6 +293,7 @@ module app_slots './site/slot/main.bicep' = [for (slot, index) in slots: { module app_basicPublishingCredentialsPolicies './site/basic-publishing-credentials-policy/main.bicep' = [for (basicPublishingCredentialsPolicy, index) in basicPublishingCredentialsPolicies: { name: '${uniqueString(deployment().name, location)}-Site-Publis-Cred-${index}' params: { + location: location webAppName: app.name name: basicPublishingCredentialsPolicy.name enableDefaultTelemetry: enableReferencedModulesTelemetry From 58bcbee5479c753c8bfa60e4bffd782d2b919dae Mon Sep 17 00:00:00 2001 From: Dan Rios <36534747+riosengineer@users.noreply.github.com> Date: Mon, 20 Nov 2023 16:00:52 +0000 Subject: [PATCH 10/13] Update mega-linter.yml --- .github/workflows/mega-linter.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index 82f9549..f79b4d1 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -50,6 +50,7 @@ jobs: # ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY DISABLE: COPYPASTE,SPELL # Uncomment to disable copy-paste and spell checks DISABLE_LINTERS: YAML_V8R,YAML_YAMLLINT,YAML_PRETTIER,REPOSITORY_CHECKOV,POWERSHELL_POWERSHELL + REPOSITORY_GITLEAKS_PR_COMMITS_SCAN: true # Upload MegaLinter artifacts - name: Archive production artifacts From 369171913204a95472bb4573992f773fe287d30b Mon Sep 17 00:00:00 2001 From: Dan Rios <36534747+riosengineer@users.noreply.github.com> Date: Mon, 20 Nov 2023 16:05:54 +0000 Subject: [PATCH 11/13] Update mega-linter.yml --- .github/workflows/mega-linter.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index f79b4d1..82f9549 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -50,7 +50,6 @@ jobs: # ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY DISABLE: COPYPASTE,SPELL # Uncomment to disable copy-paste and spell checks DISABLE_LINTERS: YAML_V8R,YAML_YAMLLINT,YAML_PRETTIER,REPOSITORY_CHECKOV,POWERSHELL_POWERSHELL - REPOSITORY_GITLEAKS_PR_COMMITS_SCAN: true # Upload MegaLinter artifacts - name: Archive production artifacts From 3a5a9794c20f6f37e366c4af48177dde7ee1569b Mon Sep 17 00:00:00 2001 From: Dan Rios <36534747+riosengineer@users.noreply.github.com> Date: Mon, 20 Nov 2023 16:06:12 +0000 Subject: [PATCH 12/13] scoped deployments (#9) (#11) BICEP Scoped deployment examples with explanation documentation. --- .github/workflows/mega-linter.yml | 3 +- README.md | 2 +- bicep-examples/scoped-deployments/README.md | 89 +++++++++++++++++++ .../scoped-deployments/management-scope.bicep | 20 +++++ .../subscription-scope.bicep | 34 +++++++ 5 files changed, 146 insertions(+), 2 deletions(-) create mode 100644 bicep-examples/scoped-deployments/README.md create mode 100644 bicep-examples/scoped-deployments/management-scope.bicep create mode 100644 bicep-examples/scoped-deployments/subscription-scope.bicep diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index 82f9549..e3090ff 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -49,7 +49,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY DISABLE: COPYPASTE,SPELL # Uncomment to disable copy-paste and spell checks - DISABLE_LINTERS: YAML_V8R,YAML_YAMLLINT,YAML_PRETTIER,REPOSITORY_CHECKOV,POWERSHELL_POWERSHELL + DISABLE_LINTERS: YAML_V8R,YAML_YAMLLINT,YAML_PRETTIER,REPOSITORY_CHECKOV,POWERSHELL_POWERSHELL,ACTION_ACTIONLINT + REPOSITORY_KICS_DISABLE_ERRORS: true # Upload MegaLinter artifacts - name: Archive production artifacts diff --git a/README.md b/README.md index 3572ad3..b20e8d3 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ If you find this repository useful, please save the repository by hitting the 2. Install the [Bicep extension](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-bicep) 3. To test, deploy (resources to Azure) and debug Bicep files: - - Install [AzureCLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-windows?tabs=azure-cli) or + - Install [AzureCLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-windows?tabs=azure-cli) **[recommended method]** or - [Azure PowerShell](https://learn.microsoft.com/en-us/powershell/azure/install-azure-powershell?view=azps-10.3.0) (must install [Bicep manually](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/install#install-manually) if you want to use with PowerShell) 4. [Fork](https://github.com/riosengineer/Bicepify/fork) this repository so you have a copy to lab with our examples diff --git a/bicep-examples/scoped-deployments/README.md b/bicep-examples/scoped-deployments/README.md new file mode 100644 index 0000000..131e64c --- /dev/null +++ b/bicep-examples/scoped-deployments/README.md @@ -0,0 +1,89 @@ +# Bicep Scoped Deployments + +## Introduction + +One of the potential drawbacks seen with Bicep vs other declarative languages like Terraform is that we have scoped deployments. This refers to different target scopes for the resources which consists of: + +- resourceGroup (Default target) +- subscription +- managementGroup +- tenant + +Whereas the likes of Terraform does not have this concept so it is not a concern when building our code. + +In Bicep, we have to declare our `targetScope` in the file for deployment of the resources. We can't deploy a management group in a Bicep file that has a resource group code due to the differences in target scopes. + +This can potentially be slightly confusing when starting out. + +For example, do you have separate files for each scope or is there other ways to structure our Bicep file to accommodate multiple deployment scopes under one roof? Lets take a look. + +## Benefits of using combined scopes + +With the above in mind, we may think we have to split out our files to target different scopes and deploy these independently. However, there are some ways around this which can be leveraged. + +For example, we can use a subscription `targetScope` to also deploy resourceGroup scope deployments within the same file. This has some major benefits: + +1. Streamlines deployments: can now combine subscription and resourceGroup Bicep code in one file for example + +2. Simplifies CI/CD pipeline logic because we can use the `az deployment sub` command to deploy multiple files that otherwise may have had to have logic deciding if they need to be subscription or resourceGroup cmdlets. + +3. Helps reduce the need for additional Bicep files for better house keeping. + +Using this concept, we can also do a similar approach with managementGroup scope and using `scope: subscription(subId, rg)` for an existing subscription id and resource group name and corresponding Azure CLI cmdlets. + +## Subscription scope example + +In the example `subscription-scope.bicep` we're able to use the `scope: rg_deploy` to specify a resource block name to associate it with where we want to deploy the Storage Account. + +```javascript +// Deploy new resource group for later use in same bicep deployment +resource rg_deploy 'Microsoft.Resources/resourceGroups@2022-09-01' = { +name: rg +location: location +} + +// Deploy storage account to newly created resource group +module st_deploy 'br/public:storage/storage-account:3.0.1' = { + scope: rg_deploy + name: 'storageDeployment' + params:{ + name: 'stbicepifydemo001' + } +} +``` + +## Multi-scope example + +Within the `subscription-scope.bicep` file we're using `targetScope = 'subscription'` but using the `scope:` switch we can specify a resource group scope in the file without the need to change the targetScope. + +```javascript +module st_deploy2 'br/public:storage/storage-account:3.0.1' = { + scope: resourceGroup('subscription-guid-here', 'rg-name-here') + name: 'storageDeployment' + params:{ + name: 'stbicepifydemo002' + } +} +``` + +Similarly, the same concept applies to the other target scopes. Take a look at the `management-scope.bicep` file for a further example. + +## Deployment + +In VisualStudio Code open a terminal and run: + +CLI + +```bash +az login +az set --subscription 'our subscription name' +az deployment sub create --confirm-with-what-if -l 'uksouth' -f .\file.bicep +``` + +or PowerShell + +```powershell +Connect-AzAccount +Set-AzContext -Subscription "our subscription name" +New-AzDeployment -Confirm -Location "UKSouth" -TemplateFile "file.bicep" +``` diff --git a/bicep-examples/scoped-deployments/management-scope.bicep b/bicep-examples/scoped-deployments/management-scope.bicep new file mode 100644 index 0000000..5c1622a --- /dev/null +++ b/bicep-examples/scoped-deployments/management-scope.bicep @@ -0,0 +1,20 @@ +targetScope = 'managementGroup' + +@description('Resource Group name.') +param rg string = 'rg-bicepify-dev' + +@description('Deployment location for resources.') +param location string = 'uksouth' + +@description('Subscription Id.') +param subId string = 'subscription-guid-here' + +// Deploy Storage Account to existing resource group in a subscription from management scope +module st_deploy 'br/public:storage/storage-account:3.0.1' = { + scope: resourceGroup(subId, rg) + name: 'st_deploy' + params:{ + kind: 'StorageV2' + location: location + } +} diff --git a/bicep-examples/scoped-deployments/subscription-scope.bicep b/bicep-examples/scoped-deployments/subscription-scope.bicep new file mode 100644 index 0000000..da61117 --- /dev/null +++ b/bicep-examples/scoped-deployments/subscription-scope.bicep @@ -0,0 +1,34 @@ +targetScope = 'subscription' + +@description('Resource Group name.') +param rg string = 'rg-bicepify-dev' + +@description('Deployment location for resources.') +param location string = 'uksouth' + + +// Deploy new resource group for later use in same bicep deployment +resource rg_deploy 'Microsoft.Resources/resourceGroups@2022-09-01' = { +name: rg +location: location +} + +// Deploy storage account to newly created resource group + +module st_deploy 'br/public:storage/storage-account:3.0.1' = { + scope: rg_deploy + name: 'storageDeployment' + params:{ + name: 'stbicepifydemo001' + } +} + +// Deploy storage account to existing resource group in a subscription, without changing target scope + +module st_deploy2 'br/public:storage/storage-account:3.0.1' = { + scope: resourceGroup('subscription-guid-here', 'rg-name-here') + name: 'storageDeployment' + params:{ + name: 'stbicepifydemo002' + } +} From 91b4e5953294cad70f295d2ea153e59d1549a6df Mon Sep 17 00:00:00 2001 From: Dan Rios <36534747+riosengineer@users.noreply.github.com> Date: Mon, 20 Nov 2023 16:06:48 +0000 Subject: [PATCH 13/13] Update mega-linter.yml --- .github/workflows/mega-linter.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml index e3090ff..5642e83 100644 --- a/.github/workflows/mega-linter.yml +++ b/.github/workflows/mega-linter.yml @@ -51,6 +51,7 @@ jobs: DISABLE: COPYPASTE,SPELL # Uncomment to disable copy-paste and spell checks DISABLE_LINTERS: YAML_V8R,YAML_YAMLLINT,YAML_PRETTIER,REPOSITORY_CHECKOV,POWERSHELL_POWERSHELL,ACTION_ACTIONLINT REPOSITORY_KICS_DISABLE_ERRORS: true + REPOSITORY_GITLEAKS_PR_COMMITS_SCAN: true # Upload MegaLinter artifacts - name: Archive production artifacts