Enhancement: Update api versions for policy defs and subscription res…

…ources and add clarity for resource lock param desc. (#730) * Update policy def API versions * Update subscription resource api * Test change * Generate Parameter Markdowns [oZakari/9a4a7a11] * Test change * Generate Parameter Markdowns [oZakari/9a4a7a11] * Update parameter descriptions for resource locks. * Generate Parameter Markdowns [oZakari/9a4a7a11] * Update param descriptions for hubnetworking locks * Generate Parameter Markdowns [oZakari/9a4a7a11] * Update parameter descriptions for resource locks * Generate Parameter Markdowns [oZakari/9a4a7a11] --------- Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Azure · Feb 23, 2024 · 8bef23f · 8bef23f
1 parent 9a4a7a1
commit 8bef23f
Show file tree

Hide file tree

Showing 23 changed files with 408 additions and 88 deletions.
diff --git a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md
@@ -9,11 +9,11 @@ Parameter name | Required | Description
 parLocation    | No       | The Azure Region to deploy the resources into.
 parCompanyPrefix | No       | Prefix value which will be prepended to all resource names.
 parHubNetworkName | No       | Name for Hub Network.
-parGlobalResourceLock | No       | Global Resource Lock Configuration used for all resources deployed in this module.
+parGlobalResourceLock | No       | Global Resource Lock Configuration used for all resources deployed in this module.  - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.  
 parHubNetworkAddressPrefix | No       | The IP address range for Hub Network.
 parSubnets     | No       | The name, IP address range, network security group, route table and delegation serviceName for each subnet in the virtual networks.
 parDnsServerIps | No       | Array of DNS Server IP addresses for VNet.
-parVirtualNetworkLock | No       | Resource Lock Configuration for Virtual Network.
+parVirtualNetworkLock | No       | Resource Lock Configuration for Virtual Network.  - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.  
 parPublicIpSku | No       | Public IP Address SKU.
 parPublicIpPrefix | No       | Optional Prefix for Public IPs. Include a succedent dash if required. Example: prefix-
 parPublicIpSuffix | No       | Optional Suffix for Public IPs. Include a preceding dash if required. Example: -suffix
@@ -22,10 +22,10 @@ parAzBastionName | No       | Name Associated with Bastion Service.
 parAzBastionSku | No       | Azure Bastion SKU.
 parAzBastionTunneling | No       | Switch to enable/disable Bastion native client support. This is only supported when the Standard SKU is used for Bastion as documented here: https://learn.microsoft.com/azure/bastion/native-client
 parAzBastionNsgName | No       | Name for Azure Bastion Subnet NSG.
-parBastionLock | No       | Resource Lock Configuration for Bastion.
+parBastionLock | No       | Resource Lock Configuration for Bastion.  - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.  
 parDdosEnabled | No       | Switch to enable/disable DDoS Network Protection deployment.
 parDdosPlanName | No       | DDoS Plan Name.
-parDdosLock    | No       | Resource Lock Configuration for DDoS Plan.
+parDdosLock    | No       | Resource Lock Configuration for DDoS Plan.  - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.  
 parAzFirewallEnabled | No       | Switch to enable/disable Azure Firewall deployment.
 parAzFirewallName | No       | Azure Firewall Name.
 parAzFirewallPoliciesName | No       | Azure Firewall Policies Name.
@@ -36,21 +36,21 @@ parAzErGatewayAvailabilityZones | No       | Availability Zones to deploy the VP
 parAzVpnGatewayAvailabilityZones | No       | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP.
 parAzFirewallDnsProxyEnabled | No       | Switch to enable/disable Azure Firewall DNS Proxy.
 parAzFirewallDnsServers | No       | Array of custom DNS servers used by Azure Firewall
-parAzureFirewallLock | No       | Resource Lock Configuration for Azure Firewall.
+parAzureFirewallLock | No       |  Resource Lock Configuration for Azure Firewall.  - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.  
 parHubRouteTableName | No       | Name of Route table to create for the default route of Hub.
 parDisableBgpRoutePropagation | No       | Switch to enable/disable BGP Propagation on route table.
-parHubRouteTableLock | No       | Resource Lock Configuration for Hub Route Table.
+parHubRouteTableLock | No       | Resource Lock Configuration for Hub Route Table.  - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.  
 parPrivateDnsZonesEnabled | No       | Switch to enable/disable Private DNS Zones deployment.
 parPrivateDnsZonesResourceGroup | No       | Resource Group Name for Private DNS Zones.
 parPrivateDnsZones | No       | Array of DNS Zones to provision in Hub Virtual Network. Default: All known Azure Private DNS Zones
 parPrivateDnsZoneAutoMergeAzureBackupZone | No       | Set Parameter to false to skip the addition of a Private DNS Zone for Azure Backup.
 parVirtualNetworkIdToLinkFailover | No       | Resource ID of Failover VNet for Private DNS Zone VNet Failover Links
-parPrivateDNSZonesLock | No       | Resource Lock Configuration for Private DNS Zone(s).
+parPrivateDNSZonesLock | No       | Resource Lock Configuration for Private DNS Zone(s).  - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.  
 parVpnGatewayEnabled | No       | Switch to enable/disable VPN virtual network gateway deployment.
 parVpnGatewayConfig | No       | Configuration for VPN virtual network gateway to be deployed.
 parExpressRouteGatewayEnabled | No       | Switch to enable/disable ExpressRoute virtual network gateway deployment.
 parExpressRouteGatewayConfig | No       | Configuration for ExpressRoute virtual network gateway to be deployed.
-parVirtualNetworkGatewayLock | No       | Resource Lock Configuration for ExpressRoute Virtual Network Gateway.
+parVirtualNetworkGatewayLock | No       | Resource Lock Configuration for ExpressRoute Virtual Network Gateway.  - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.  
 parTags        | No       | Tags you would like to be applied to all resources in this module.
 parTelemetryOptOut | No       | Set Parameter to true to Opt-out of deployment telemetry.
 parBastionOutboundSshRdpPorts | No       | Define outbound destination ports or ranges for SSH or RDP that you want to access from Azure Bastion.
@@ -85,6 +85,11 @@ Name for Hub Network.
 
 Global Resource Lock Configuration used for all resources deployed in this module.
 
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+
+
 - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}`
 
 ### parHubNetworkAddressPrefix
@@ -115,6 +120,11 @@ Array of DNS Server IP addresses for VNet.
 
 Resource Lock Configuration for Virtual Network.
 
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+
+
 - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}`
 
 ### parPublicIpSku
@@ -189,6 +199,11 @@ Name for Azure Bastion Subnet NSG.
 
 Resource Lock Configuration for Bastion.
 
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+
+
 - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}`
 
 ### parDdosEnabled
@@ -213,6 +228,11 @@ DDoS Plan Name.
 
 Resource Lock Configuration for DDoS Plan.
 
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+
+
 - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}`
 
 ### parAzFirewallEnabled
@@ -301,7 +321,12 @@ Array of custom DNS servers used by Azure Firewall
 
 ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square)
 
-Resource Lock Configuration for Azure Firewall.
+ Resource Lock Configuration for Azure Firewall.
+
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+
 
 - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}`
 
@@ -327,6 +352,11 @@ Switch to enable/disable BGP Propagation on route table.
 
 Resource Lock Configuration for Hub Route Table.
 
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+
+
 - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}`
 
 ### parPrivateDnsZonesEnabled
@@ -373,6 +403,11 @@ Resource ID of Failover VNet for Private DNS Zone VNet Failover Links
 
 Resource Lock Configuration for Private DNS Zone(s).
 
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+
+
 - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}`
 
 ### parVpnGatewayEnabled
@@ -413,6 +448,11 @@ Configuration for ExpressRoute virtual network gateway to be deployed.
 
 Resource Lock Configuration for ExpressRoute Virtual Network Gateway.
 
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+
+
 - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}`
 
 ### parTags

diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep
@@ -23,7 +23,7 @@ type lockType = {
   name: string?
 
   @description('Optional. The lock settings of the service.')
-  kind:('CanNotDelete' | 'ReadOnly' | 'None')
+  kind: ('CanNotDelete' | 'ReadOnly' | 'None')
 
   @description('Optional. Notes about this lock.')
   notes: string?
@@ -38,7 +38,12 @@ param parCompanyPrefix string = 'alz'
 @sys.description('Name for Hub Network.')
 param parHubNetworkName string = '${parCompanyPrefix}-hub-${parLocation}'
 
-@sys.description('Global Resource Lock Configuration used for all resources deployed in this module.')
+@sys.description('''Global Resource Lock Configuration used for all resources deployed in this module.
+
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+''')
 param parGlobalResourceLock lockType = {
   kind: 'None'
   notes: 'This lock was created by the ALZ Bicep Hub Networking Module.'
@@ -78,7 +83,12 @@ param parSubnets subnetOptionsType = [
 @sys.description('Array of DNS Server IP addresses for VNet.')
 param parDnsServerIps array = []
 
-@sys.description('Resource Lock Configuration for Virtual Network.')
+@sys.description('''Resource Lock Configuration for Virtual Network.
+
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+''')
 param parVirtualNetworkLock lockType = {
   kind: 'None'
   notes: 'This lock was created by the ALZ Bicep Hub Networking Module.'
@@ -116,7 +126,12 @@ param parAzBastionTunneling bool = false
 @sys.description('Name for Azure Bastion Subnet NSG.')
 param parAzBastionNsgName string = 'nsg-AzureBastionSubnet'
 
-@sys.description('Resource Lock Configuration for Bastion.')
+@sys.description('''Resource Lock Configuration for Bastion.
+
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+''')
 param parBastionLock lockType = {
   kind: 'None'
   notes: 'This lock was created by the ALZ Bicep Hub Networking Module.'
@@ -128,7 +143,12 @@ param parDdosEnabled bool = true
 @sys.description('DDoS Plan Name.')
 param parDdosPlanName string = '${parCompanyPrefix}-ddos-plan'
 
-@sys.description('Resource Lock Configuration for DDoS Plan.')
+@sys.description('''Resource Lock Configuration for DDoS Plan.
+
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+''')
 param parDdosLock lockType = {
   kind: 'None'
   notes: 'This lock was created by the ALZ Bicep Hub Networking Module.'
@@ -189,7 +209,12 @@ param parAzFirewallDnsProxyEnabled bool = true
 @sys.description('Array of custom DNS servers used by Azure Firewall')
 param parAzFirewallDnsServers array = []
 
-@sys.description('Resource Lock Configuration for Azure Firewall.')
+@sys.description(''' Resource Lock Configuration for Azure Firewall.
+
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+''')
 param parAzureFirewallLock lockType = {
   kind: 'None'
   notes: 'This lock was created by the ALZ Bicep Hub Networking Module.'
@@ -201,7 +226,12 @@ param parHubRouteTableName string = '${parCompanyPrefix}-hub-routetable'
 @sys.description('Switch to enable/disable BGP Propagation on route table.')
 param parDisableBgpRoutePropagation bool = false
 
-@sys.description('Resource Lock Configuration for Hub Route Table.')
+@sys.description('''Resource Lock Configuration for Hub Route Table.
+
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+''')
 param parHubRouteTableLock lockType = {
   kind: 'None'
   notes: 'This lock was created by the ALZ Bicep Hub Networking Module.'
@@ -290,7 +320,12 @@ param parPrivateDnsZoneAutoMergeAzureBackupZone bool = true
 @sys.description('Resource ID of Failover VNet for Private DNS Zone VNet Failover Links')
 param parVirtualNetworkIdToLinkFailover string = ''
 
-@sys.description('Resource Lock Configuration for Private DNS Zone(s).')
+@sys.description('''Resource Lock Configuration for Private DNS Zone(s).
+
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+''')
 param parPrivateDNSZonesLock lockType = {
   kind: 'None'
   notes: 'This lock was created by the ALZ Bicep Hub Networking Module.'
@@ -342,7 +377,12 @@ param parExpressRouteGatewayConfig object = {
   }
 }
 
-@sys.description('Resource Lock Configuration for ExpressRoute Virtual Network Gateway.')
+@sys.description('''Resource Lock Configuration for ExpressRoute Virtual Network Gateway.
+
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+''')
 param parVirtualNetworkGatewayLock lockType = {
   kind: 'None'
   notes: 'This lock was created by the ALZ Bicep Hub Networking Module.'
@@ -391,7 +431,7 @@ var varSubnetProperties = [for subnet in varSubnetMap: {
   }
 }]
 
-var varVpnGwConfig = ((parVpnGatewayEnabled) &&(!empty(parVpnGatewayConfig)) ? parVpnGatewayConfig : json('{"name": "noconfigVpn"}'))
+var varVpnGwConfig = ((parVpnGatewayEnabled) && (!empty(parVpnGatewayConfig)) ? parVpnGatewayConfig : json('{"name": "noconfigVpn"}'))
 
 var varErGwConfig = ((parExpressRouteGatewayEnabled) && !empty(parExpressRouteGatewayConfig) ? parExpressRouteGatewayConfig : json('{"name": "noconfigEr"}'))
 

diff --git a/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md b/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md
@@ -6,21 +6,21 @@ ALZ Bicep Module used to set up Logging
 
 Parameter name | Required | Description
 -------------- | -------- | -----------
-parGlobalResourceLock | No       | Global Resource Lock Configuration used for all resources deployed in this module.
+parGlobalResourceLock | No       | Global Resource Lock Configuration used for all resources deployed in this module.  - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.  
 parLogAnalyticsWorkspaceName | No       | Log Analytics Workspace name.
 parLogAnalyticsWorkspaceLocation | No       | Log Analytics region name - Ensure the regions selected is a supported mapping as per: https://docs.microsoft.com/azure/automation/how-to/region-mappings.
 parLogAnalyticsWorkspaceSkuName | No       | Log Analytics Workspace sku name.
 parLogAnalyticsWorkspaceCapacityReservationLevel | No       | Log Analytics Workspace Capacity Reservation Level. Only used if parLogAnalyticsWorkspaceSkuName is set to CapacityReservation.
 parLogAnalyticsWorkspaceLogRetentionInDays | No       | Number of days of log retention for Log Analytics Workspace.
-parLogAnalyticsWorkspaceLock | No       | Resource Lock Configuration for Log Analytics Workspace.
+parLogAnalyticsWorkspaceLock | No       | Resource Lock Configuration for Log Analytics Workspace.  - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.  
 parLogAnalyticsWorkspaceSolutions | No       | Solutions that will be added to the Log Analytics Workspace.
-parLogAnalyticsWorkspaceSolutionsLock | No       | Resource Lock Configuration for Log Analytics Workspace Solutions.
+parLogAnalyticsWorkspaceSolutionsLock | No       | Resource Lock Configuration for Log Analytics Workspace Solutions.  - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.  
 parLogAnalyticsWorkspaceLinkAutomationAccount | No       | Log Analytics Workspace should be linked with the automation account.
 parAutomationAccountName | No       | Automation account name.
 parAutomationAccountLocation | No       | Automation Account region name. - Ensure the regions selected is a supported mapping as per: https://docs.microsoft.com/azure/automation/how-to/region-mappings.
 parAutomationAccountUseManagedIdentity | No       | Automation Account - use managed identity.
 parAutomationAccountPublicNetworkAccess | No       | Automation Account - Public network access.
-parAutomationAccountLock | No       | Resource Lock Configuration for Automation Account.
+parAutomationAccountLock | No       | Resource Lock Configuration for Automation Account.  - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock.  
 parTags        | No       | Tags you would like to be applied to all resources in this module.
 parAutomationAccountTags | No       | Tags you would like to be applied to Automation Account.
 parLogAnalyticsWorkspaceTags | No       | Tags you would like to be applied to Log Analytics Workspace.
@@ -34,6 +34,11 @@ parTelemetryOptOut | No       | Set Parameter to true to Opt-out of deployment t
 
 Global Resource Lock Configuration used for all resources deployed in this module.
 
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+
+
 - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Logging Module.}`
 
 ### parLogAnalyticsWorkspaceName
@@ -86,6 +91,11 @@ Number of days of log retention for Log Analytics Workspace.
 
 Resource Lock Configuration for Log Analytics Workspace.
 
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+
+
 - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Logging Module.}`
 
 ### parLogAnalyticsWorkspaceSolutions
@@ -104,6 +114,11 @@ Solutions that will be added to the Log Analytics Workspace.
 
 Resource Lock Configuration for Log Analytics Workspace Solutions.
 
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+
+
 - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Logging Module.}`
 
 ### parLogAnalyticsWorkspaceLinkAutomationAccount
@@ -152,6 +167,11 @@ Automation Account - Public network access.
 
 Resource Lock Configuration for Automation Account.
 
+- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None.
+- `notes` - Notes about this lock.
+
+
+
 - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Logging Module.}`
 
 ### parTags