From 8bef23f58f24e7aad2245b7f326fc5bc268c3fd0 Mon Sep 17 00:00:00 2001 From: Zach Trocinski <30884663+oZakari@users.noreply.github.com> Date: Fri, 23 Feb 2024 11:51:49 -0600 Subject: [PATCH] Enhancement: Update api versions for policy defs and subscription resources and add clarity for resource lock param desc. (#730) * Update policy def API versions * Update subscription resource api * Test change * Generate Parameter Markdowns [oZakari/9a4a7a11] * Test change * Generate Parameter Markdowns [oZakari/9a4a7a11] * Update parameter descriptions for resource locks. * Generate Parameter Markdowns [oZakari/9a4a7a11] * Update param descriptions for hubnetworking locks * Generate Parameter Markdowns [oZakari/9a4a7a11] * Update parameter descriptions for resource locks * Generate Parameter Markdowns [oZakari/9a4a7a11] --------- Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> --- .../generateddocs/hubNetworking.bicep.md | 58 +++++++++++++++--- .../modules/hubNetworking/hubNetworking.bicep | 60 +++++++++++++++---- .../logging/generateddocs/logging.bicep.md | 28 +++++++-- .../bicep/modules/logging/logging.bicep | 30 ++++++++-- .../definitions/customPolicyDefinitions.bicep | 4 +- .../mc-customPolicyDefinitions.bicep | 4 +- .../privateDnsZoneLinks.bicep.md | 9 ++- .../privateDnsZoneLinks.bicep | 9 ++- .../generateddocs/privateDnsZones.bicep.md | 9 ++- .../privateDnsZones/privateDnsZones.bicep | 9 ++- .../publicIp/generateddocs/publicIp.bicep.md | 9 ++- .../bicep/modules/publicIp/publicIp.bicep | 11 +++- .../generateddocs/resourceGroup.bicep.md | 9 ++- .../generateddocs/resourceGroupLock.bicep.md | 9 ++- .../modules/resourceGroup/resourceGroup.bicep | 9 ++- .../resourceGroup/resourceGroupLock.bicep | 9 ++- .../generateddocs/spokeNetworking.bicep.md | 23 +++++-- .../spokeNetworking/spokeNetworking.bicep | 23 +++++-- .../subscriptionPlacement.bicep | 2 +- .../generateddocs/vwanConnectivity.bicep.md | 56 ++++++++++++++--- .../vwanConnectivity/vwanConnectivity.bicep | 58 +++++++++++++++--- .../generateddocs/hubPeeredSpoke.bicep.md | 28 +++++++-- .../hubPeeredSpoke/hubPeeredSpoke.bicep | 30 ++++++++-- 23 files changed, 408 insertions(+), 88 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md index 67ddf2366..893d1b5fe 100644 --- a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md +++ b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md @@ -9,11 +9,11 @@ Parameter name | Required | Description parLocation | No | The Azure Region to deploy the resources into. parCompanyPrefix | No | Prefix value which will be prepended to all resource names. parHubNetworkName | No | Name for Hub Network. -parGlobalResourceLock | No | Global Resource Lock Configuration used for all resources deployed in this module. +parGlobalResourceLock | No | Global Resource Lock Configuration used for all resources deployed in this module. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parHubNetworkAddressPrefix | No | The IP address range for Hub Network. parSubnets | No | The name, IP address range, network security group, route table and delegation serviceName for each subnet in the virtual networks. parDnsServerIps | No | Array of DNS Server IP addresses for VNet. -parVirtualNetworkLock | No | Resource Lock Configuration for Virtual Network. +parVirtualNetworkLock | No | Resource Lock Configuration for Virtual Network. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parPublicIpSku | No | Public IP Address SKU. parPublicIpPrefix | No | Optional Prefix for Public IPs. Include a succedent dash if required. Example: prefix- parPublicIpSuffix | No | Optional Suffix for Public IPs. Include a preceding dash if required. Example: -suffix @@ -22,10 +22,10 @@ parAzBastionName | No | Name Associated with Bastion Service. parAzBastionSku | No | Azure Bastion SKU. parAzBastionTunneling | No | Switch to enable/disable Bastion native client support. This is only supported when the Standard SKU is used for Bastion as documented here: https://learn.microsoft.com/azure/bastion/native-client parAzBastionNsgName | No | Name for Azure Bastion Subnet NSG. -parBastionLock | No | Resource Lock Configuration for Bastion. +parBastionLock | No | Resource Lock Configuration for Bastion. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parDdosEnabled | No | Switch to enable/disable DDoS Network Protection deployment. parDdosPlanName | No | DDoS Plan Name. -parDdosLock | No | Resource Lock Configuration for DDoS Plan. +parDdosLock | No | Resource Lock Configuration for DDoS Plan. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parAzFirewallEnabled | No | Switch to enable/disable Azure Firewall deployment. parAzFirewallName | No | Azure Firewall Name. parAzFirewallPoliciesName | No | Azure Firewall Policies Name. @@ -36,21 +36,21 @@ parAzErGatewayAvailabilityZones | No | Availability Zones to deploy the VP parAzVpnGatewayAvailabilityZones | No | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. parAzFirewallDnsProxyEnabled | No | Switch to enable/disable Azure Firewall DNS Proxy. parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall -parAzureFirewallLock | No | Resource Lock Configuration for Azure Firewall. +parAzureFirewallLock | No | Resource Lock Configuration for Azure Firewall. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parHubRouteTableName | No | Name of Route table to create for the default route of Hub. parDisableBgpRoutePropagation | No | Switch to enable/disable BGP Propagation on route table. -parHubRouteTableLock | No | Resource Lock Configuration for Hub Route Table. +parHubRouteTableLock | No | Resource Lock Configuration for Hub Route Table. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parPrivateDnsZonesEnabled | No | Switch to enable/disable Private DNS Zones deployment. parPrivateDnsZonesResourceGroup | No | Resource Group Name for Private DNS Zones. parPrivateDnsZones | No | Array of DNS Zones to provision in Hub Virtual Network. Default: All known Azure Private DNS Zones parPrivateDnsZoneAutoMergeAzureBackupZone | No | Set Parameter to false to skip the addition of a Private DNS Zone for Azure Backup. parVirtualNetworkIdToLinkFailover | No | Resource ID of Failover VNet for Private DNS Zone VNet Failover Links -parPrivateDNSZonesLock | No | Resource Lock Configuration for Private DNS Zone(s). +parPrivateDNSZonesLock | No | Resource Lock Configuration for Private DNS Zone(s). - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parVpnGatewayEnabled | No | Switch to enable/disable VPN virtual network gateway deployment. parVpnGatewayConfig | No | Configuration for VPN virtual network gateway to be deployed. parExpressRouteGatewayEnabled | No | Switch to enable/disable ExpressRoute virtual network gateway deployment. parExpressRouteGatewayConfig | No | Configuration for ExpressRoute virtual network gateway to be deployed. -parVirtualNetworkGatewayLock | No | Resource Lock Configuration for ExpressRoute Virtual Network Gateway. +parVirtualNetworkGatewayLock | No | Resource Lock Configuration for ExpressRoute Virtual Network Gateway. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parTags | No | Tags you would like to be applied to all resources in this module. parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry. parBastionOutboundSshRdpPorts | No | Define outbound destination ports or ranges for SSH or RDP that you want to access from Azure Bastion. @@ -85,6 +85,11 @@ Name for Hub Network. Global Resource Lock Configuration used for all resources deployed in this module. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}` ### parHubNetworkAddressPrefix @@ -115,6 +120,11 @@ Array of DNS Server IP addresses for VNet. Resource Lock Configuration for Virtual Network. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}` ### parPublicIpSku @@ -189,6 +199,11 @@ Name for Azure Bastion Subnet NSG. Resource Lock Configuration for Bastion. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}` ### parDdosEnabled @@ -213,6 +228,11 @@ DDoS Plan Name. Resource Lock Configuration for DDoS Plan. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}` ### parAzFirewallEnabled @@ -301,7 +321,12 @@ Array of custom DNS servers used by Azure Firewall ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Resource Lock Configuration for Azure Firewall. + Resource Lock Configuration for Azure Firewall. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}` @@ -327,6 +352,11 @@ Switch to enable/disable BGP Propagation on route table. Resource Lock Configuration for Hub Route Table. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}` ### parPrivateDnsZonesEnabled @@ -373,6 +403,11 @@ Resource ID of Failover VNet for Private DNS Zone VNet Failover Links Resource Lock Configuration for Private DNS Zone(s). +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}` ### parVpnGatewayEnabled @@ -413,6 +448,11 @@ Configuration for ExpressRoute virtual network gateway to be deployed. Resource Lock Configuration for ExpressRoute Virtual Network Gateway. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}` ### parTags diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index 014fb2da1..c7e0e1fd0 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -23,7 +23,7 @@ type lockType = { name: string? @description('Optional. The lock settings of the service.') - kind:('CanNotDelete' | 'ReadOnly' | 'None') + kind: ('CanNotDelete' | 'ReadOnly' | 'None') @description('Optional. Notes about this lock.') notes: string? @@ -38,7 +38,12 @@ param parCompanyPrefix string = 'alz' @sys.description('Name for Hub Network.') param parHubNetworkName string = '${parCompanyPrefix}-hub-${parLocation}' -@sys.description('Global Resource Lock Configuration used for all resources deployed in this module.') +@sys.description('''Global Resource Lock Configuration used for all resources deployed in this module. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parGlobalResourceLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Hub Networking Module.' @@ -78,7 +83,12 @@ param parSubnets subnetOptionsType = [ @sys.description('Array of DNS Server IP addresses for VNet.') param parDnsServerIps array = [] -@sys.description('Resource Lock Configuration for Virtual Network.') +@sys.description('''Resource Lock Configuration for Virtual Network. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parVirtualNetworkLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Hub Networking Module.' @@ -116,7 +126,12 @@ param parAzBastionTunneling bool = false @sys.description('Name for Azure Bastion Subnet NSG.') param parAzBastionNsgName string = 'nsg-AzureBastionSubnet' -@sys.description('Resource Lock Configuration for Bastion.') +@sys.description('''Resource Lock Configuration for Bastion. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parBastionLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Hub Networking Module.' @@ -128,7 +143,12 @@ param parDdosEnabled bool = true @sys.description('DDoS Plan Name.') param parDdosPlanName string = '${parCompanyPrefix}-ddos-plan' -@sys.description('Resource Lock Configuration for DDoS Plan.') +@sys.description('''Resource Lock Configuration for DDoS Plan. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parDdosLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Hub Networking Module.' @@ -189,7 +209,12 @@ param parAzFirewallDnsProxyEnabled bool = true @sys.description('Array of custom DNS servers used by Azure Firewall') param parAzFirewallDnsServers array = [] -@sys.description('Resource Lock Configuration for Azure Firewall.') +@sys.description(''' Resource Lock Configuration for Azure Firewall. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parAzureFirewallLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Hub Networking Module.' @@ -201,7 +226,12 @@ param parHubRouteTableName string = '${parCompanyPrefix}-hub-routetable' @sys.description('Switch to enable/disable BGP Propagation on route table.') param parDisableBgpRoutePropagation bool = false -@sys.description('Resource Lock Configuration for Hub Route Table.') +@sys.description('''Resource Lock Configuration for Hub Route Table. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parHubRouteTableLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Hub Networking Module.' @@ -290,7 +320,12 @@ param parPrivateDnsZoneAutoMergeAzureBackupZone bool = true @sys.description('Resource ID of Failover VNet for Private DNS Zone VNet Failover Links') param parVirtualNetworkIdToLinkFailover string = '' -@sys.description('Resource Lock Configuration for Private DNS Zone(s).') +@sys.description('''Resource Lock Configuration for Private DNS Zone(s). + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parPrivateDNSZonesLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Hub Networking Module.' @@ -342,7 +377,12 @@ param parExpressRouteGatewayConfig object = { } } -@sys.description('Resource Lock Configuration for ExpressRoute Virtual Network Gateway.') +@sys.description('''Resource Lock Configuration for ExpressRoute Virtual Network Gateway. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parVirtualNetworkGatewayLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Hub Networking Module.' @@ -391,7 +431,7 @@ var varSubnetProperties = [for subnet in varSubnetMap: { } }] -var varVpnGwConfig = ((parVpnGatewayEnabled) &&(!empty(parVpnGatewayConfig)) ? parVpnGatewayConfig : json('{"name": "noconfigVpn"}')) +var varVpnGwConfig = ((parVpnGatewayEnabled) && (!empty(parVpnGatewayConfig)) ? parVpnGatewayConfig : json('{"name": "noconfigVpn"}')) var varErGwConfig = ((parExpressRouteGatewayEnabled) && !empty(parExpressRouteGatewayConfig) ? parExpressRouteGatewayConfig : json('{"name": "noconfigEr"}')) diff --git a/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md b/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md index 7e4b86940..abe480451 100644 --- a/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md +++ b/infra-as-code/bicep/modules/logging/generateddocs/logging.bicep.md @@ -6,21 +6,21 @@ ALZ Bicep Module used to set up Logging Parameter name | Required | Description -------------- | -------- | ----------- -parGlobalResourceLock | No | Global Resource Lock Configuration used for all resources deployed in this module. +parGlobalResourceLock | No | Global Resource Lock Configuration used for all resources deployed in this module. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parLogAnalyticsWorkspaceName | No | Log Analytics Workspace name. parLogAnalyticsWorkspaceLocation | No | Log Analytics region name - Ensure the regions selected is a supported mapping as per: https://docs.microsoft.com/azure/automation/how-to/region-mappings. parLogAnalyticsWorkspaceSkuName | No | Log Analytics Workspace sku name. parLogAnalyticsWorkspaceCapacityReservationLevel | No | Log Analytics Workspace Capacity Reservation Level. Only used if parLogAnalyticsWorkspaceSkuName is set to CapacityReservation. parLogAnalyticsWorkspaceLogRetentionInDays | No | Number of days of log retention for Log Analytics Workspace. -parLogAnalyticsWorkspaceLock | No | Resource Lock Configuration for Log Analytics Workspace. +parLogAnalyticsWorkspaceLock | No | Resource Lock Configuration for Log Analytics Workspace. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parLogAnalyticsWorkspaceSolutions | No | Solutions that will be added to the Log Analytics Workspace. -parLogAnalyticsWorkspaceSolutionsLock | No | Resource Lock Configuration for Log Analytics Workspace Solutions. +parLogAnalyticsWorkspaceSolutionsLock | No | Resource Lock Configuration for Log Analytics Workspace Solutions. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parLogAnalyticsWorkspaceLinkAutomationAccount | No | Log Analytics Workspace should be linked with the automation account. parAutomationAccountName | No | Automation account name. parAutomationAccountLocation | No | Automation Account region name. - Ensure the regions selected is a supported mapping as per: https://docs.microsoft.com/azure/automation/how-to/region-mappings. parAutomationAccountUseManagedIdentity | No | Automation Account - use managed identity. parAutomationAccountPublicNetworkAccess | No | Automation Account - Public network access. -parAutomationAccountLock | No | Resource Lock Configuration for Automation Account. +parAutomationAccountLock | No | Resource Lock Configuration for Automation Account. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parTags | No | Tags you would like to be applied to all resources in this module. parAutomationAccountTags | No | Tags you would like to be applied to Automation Account. parLogAnalyticsWorkspaceTags | No | Tags you would like to be applied to Log Analytics Workspace. @@ -34,6 +34,11 @@ parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment t Global Resource Lock Configuration used for all resources deployed in this module. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Logging Module.}` ### parLogAnalyticsWorkspaceName @@ -86,6 +91,11 @@ Number of days of log retention for Log Analytics Workspace. Resource Lock Configuration for Log Analytics Workspace. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Logging Module.}` ### parLogAnalyticsWorkspaceSolutions @@ -104,6 +114,11 @@ Solutions that will be added to the Log Analytics Workspace. Resource Lock Configuration for Log Analytics Workspace Solutions. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Logging Module.}` ### parLogAnalyticsWorkspaceLinkAutomationAccount @@ -152,6 +167,11 @@ Automation Account - Public network access. Resource Lock Configuration for Automation Account. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Logging Module.}` ### parTags diff --git a/infra-as-code/bicep/modules/logging/logging.bicep b/infra-as-code/bicep/modules/logging/logging.bicep index 92f15e72b..9dcc8a530 100644 --- a/infra-as-code/bicep/modules/logging/logging.bicep +++ b/infra-as-code/bicep/modules/logging/logging.bicep @@ -6,13 +6,18 @@ type lockType = { name: string? @description('Optional. The lock settings of the service.') - kind:('CanNotDelete' | 'ReadOnly' | 'None') + kind: ('CanNotDelete' | 'ReadOnly' | 'None') @description('Optional. Notes about this lock.') notes: string? } -@sys.description('Global Resource Lock Configuration used for all resources deployed in this module.') +@sys.description('''Global Resource Lock Configuration used for all resources deployed in this module. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parGlobalResourceLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Logging Module.' @@ -55,7 +60,12 @@ param parLogAnalyticsWorkspaceCapacityReservationLevel int = 100 @sys.description('Number of days of log retention for Log Analytics Workspace.') param parLogAnalyticsWorkspaceLogRetentionInDays int = 365 -@sys.description('Resource Lock Configuration for Log Analytics Workspace.') +@sys.description('''Resource Lock Configuration for Log Analytics Workspace. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parLogAnalyticsWorkspaceLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Logging Module.' @@ -88,7 +98,12 @@ param parLogAnalyticsWorkspaceSolutions array = [ 'VMInsights' ] -@sys.description('Resource Lock Configuration for Log Analytics Workspace Solutions.') +@sys.description('''Resource Lock Configuration for Log Analytics Workspace Solutions. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parLogAnalyticsWorkspaceSolutionsLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Logging Module.' @@ -109,7 +124,12 @@ param parAutomationAccountUseManagedIdentity bool = true @sys.description('Automation Account - Public network access.') param parAutomationAccountPublicNetworkAccess bool = true -@sys.description('Resource Lock Configuration for Automation Account.') +@sys.description('''Resource Lock Configuration for Automation Account. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parAutomationAccountLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Logging Module.' diff --git a/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep b/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep index d17ee9939..5643d3401 100644 --- a/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep +++ b/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep @@ -2076,7 +2076,7 @@ var varPolicySetDefinitionEsEnforceGuardrailsKeyVaultParameters = loadJsonConten // Customer Usage Attribution Id var varCuaid = '2b136786-9881-412e-84ba-f4c2822e1ac9' -resource resPolicyDefinitions 'Microsoft.Authorization/policyDefinitions@2021-06-01' = [for policy in varCustomPolicyDefinitionsArray: { +resource resPolicyDefinitions 'Microsoft.Authorization/policyDefinitions@2023-04-01' = [for policy in varCustomPolicyDefinitionsArray: { name: policy.libDefinition.name properties: { description: policy.libDefinition.properties.description @@ -2089,7 +2089,7 @@ resource resPolicyDefinitions 'Microsoft.Authorization/policyDefinitions@2021-06 } }] -resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2021-06-01' = [for policySet in varCustomPolicySetDefinitionsArray: { +resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2023-04-01' = [for policySet in varCustomPolicySetDefinitionsArray: { dependsOn: [ resPolicyDefinitions // Must wait for policy definitons to be deployed before starting the creation of Policy Set/Initiative Defininitions ] diff --git a/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep b/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep index 9262bc3c7..1fac5dcfe 100644 --- a/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep +++ b/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep @@ -1326,7 +1326,7 @@ var varPolicySetDefinitionEsMcEnforceEncryptTransitParameters = loadJsonContent( // Customer Usage Attribution Id var varCuaid = '2b136786-9881-412e-84ba-f4c2822e1ac9' -resource resPolicyDefinitions 'Microsoft.Authorization/policyDefinitions@2021-06-01' = [for policy in varCustomPolicyDefinitionsArray: { +resource resPolicyDefinitions 'Microsoft.Authorization/policyDefinitions@2023-04-01' = [for policy in varCustomPolicyDefinitionsArray: { name: policy.libDefinition.name properties: { description: policy.libDefinition.properties.description @@ -1339,7 +1339,7 @@ resource resPolicyDefinitions 'Microsoft.Authorization/policyDefinitions@2021-06 } }] -resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2021-06-01' = [for policySet in varCustomPolicySetDefinitionsArray: { +resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2023-04-01' = [for policySet in varCustomPolicySetDefinitionsArray: { dependsOn: [ resPolicyDefinitions // Must wait for policy definitons to be deployed before starting the creation of Policy Set/Initiative Defininitions ] diff --git a/infra-as-code/bicep/modules/privateDnsZoneLinks/generateddocs/privateDnsZoneLinks.bicep.md b/infra-as-code/bicep/modules/privateDnsZoneLinks/generateddocs/privateDnsZoneLinks.bicep.md index 0cb5f9b79..434690313 100644 --- a/infra-as-code/bicep/modules/privateDnsZoneLinks/generateddocs/privateDnsZoneLinks.bicep.md +++ b/infra-as-code/bicep/modules/privateDnsZoneLinks/generateddocs/privateDnsZoneLinks.bicep.md @@ -6,7 +6,7 @@ Parameter name | Required | Description -------------- | -------- | ----------- parSpokeVirtualNetworkResourceId | No | The Spoke Virtual Network Resource ID. parPrivateDnsZoneResourceId | No | The Private DNS Zone Resource IDs to associate with the spoke Virtual Network. -parResourceLockConfig | No | Resource Lock Configuration Object +parResourceLockConfig | No | Resource Lock Configuration for Private DNS Zone Links. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. ### parSpokeVirtualNetworkResourceId @@ -24,7 +24,12 @@ The Private DNS Zone Resource IDs to associate with the spoke Virtual Network. ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Resource Lock Configuration Object +Resource Lock Configuration for Private DNS Zone Links. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Private DNS Zone Links Module.}` diff --git a/infra-as-code/bicep/modules/privateDnsZoneLinks/privateDnsZoneLinks.bicep b/infra-as-code/bicep/modules/privateDnsZoneLinks/privateDnsZoneLinks.bicep index 617576f25..b24df08a4 100644 --- a/infra-as-code/bicep/modules/privateDnsZoneLinks/privateDnsZoneLinks.bicep +++ b/infra-as-code/bicep/modules/privateDnsZoneLinks/privateDnsZoneLinks.bicep @@ -5,7 +5,7 @@ type lockType = { name: string? @description('Optional. The lock settings of the service.') - kind:('CanNotDelete' | 'ReadOnly' | 'None') + kind: ('CanNotDelete' | 'ReadOnly' | 'None') @description('Optional. Notes about this lock.') notes: string? @@ -17,7 +17,12 @@ param parSpokeVirtualNetworkResourceId string = '' @sys.description('The Private DNS Zone Resource IDs to associate with the spoke Virtual Network.') param parPrivateDnsZoneResourceId string = '' -@sys.description('Resource Lock Configuration Object') +@sys.description('''Resource Lock Configuration for Private DNS Zone Links. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parResourceLockConfig lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Private DNS Zone Links Module.' diff --git a/infra-as-code/bicep/modules/privateDnsZones/generateddocs/privateDnsZones.bicep.md b/infra-as-code/bicep/modules/privateDnsZones/generateddocs/privateDnsZones.bicep.md index a5b8973a9..cca6b6273 100644 --- a/infra-as-code/bicep/modules/privateDnsZones/generateddocs/privateDnsZones.bicep.md +++ b/infra-as-code/bicep/modules/privateDnsZones/generateddocs/privateDnsZones.bicep.md @@ -12,7 +12,7 @@ parPrivateDnsZoneAutoMergeAzureBackupZone | No | Set Parameter to false to parTags | No | Tags you would like to be applied to all resources in this module. parVirtualNetworkIdToLink | No | Resource ID of VNet for Private DNS Zone VNet Links. parVirtualNetworkIdToLinkFailover | No | Resource ID of VNet for Failover Private DNS Zone VNet Links. -parResourceLockConfig | No | Resource Lock Configuration Object +parResourceLockConfig | No | Resource Lock Configuration for Private DNS Zones. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry. ### parLocation @@ -61,7 +61,12 @@ Resource ID of VNet for Failover Private DNS Zone VNet Links. ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Resource Lock Configuration Object +Resource Lock Configuration for Private DNS Zones. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Private DNS Zones Module.}` diff --git a/infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep b/infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep index 2b3a25cb2..6779abeee 100644 --- a/infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep +++ b/infra-as-code/bicep/modules/privateDnsZones/privateDnsZones.bicep @@ -6,7 +6,7 @@ type lockType = { name: string? @description('Optional. The lock settings of the service.') - kind:('CanNotDelete' | 'ReadOnly' | 'None') + kind: ('CanNotDelete' | 'ReadOnly' | 'None') @description('Optional. Notes about this lock.') notes: string? @@ -98,7 +98,12 @@ param parVirtualNetworkIdToLink string = '' @sys.description('Resource ID of VNet for Failover Private DNS Zone VNet Links.') param parVirtualNetworkIdToLinkFailover string = '' -@sys.description('Resource Lock Configuration Object') +@sys.description('''Resource Lock Configuration for Private DNS Zones. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parResourceLockConfig lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Private DNS Zones Module.' diff --git a/infra-as-code/bicep/modules/publicIp/generateddocs/publicIp.bicep.md b/infra-as-code/bicep/modules/publicIp/generateddocs/publicIp.bicep.md index 4d239ef46..790893428 100644 --- a/infra-as-code/bicep/modules/publicIp/generateddocs/publicIp.bicep.md +++ b/infra-as-code/bicep/modules/publicIp/generateddocs/publicIp.bicep.md @@ -11,7 +11,7 @@ parPublicIpName | Yes | Name of Public IP to create in Azure. parPublicIpSku | Yes | Public IP Address SKU. parPublicIpProperties | Yes | Properties of Public IP to be deployed. parAvailabilityZones | No | Availability Zones to deploy the Public IP across. Region must support Availability Zones to use. If it does not then leave empty. -parResourceLockConfig | No | Resource Lock Configuration Object +parResourceLockConfig | No | Resource Lock Configuration for Public IPs. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parTags | No | Tags to be applied to resource when deployed. parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry. @@ -53,7 +53,12 @@ Availability Zones to deploy the Public IP across. Region must support Availabil ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Resource Lock Configuration Object +Resource Lock Configuration for Public IPs. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Public IP Module.}` diff --git a/infra-as-code/bicep/modules/publicIp/publicIp.bicep b/infra-as-code/bicep/modules/publicIp/publicIp.bicep index 4a3741200..c7fc3ef57 100644 --- a/infra-as-code/bicep/modules/publicIp/publicIp.bicep +++ b/infra-as-code/bicep/modules/publicIp/publicIp.bicep @@ -6,7 +6,7 @@ type lockType = { name: string? @description('Optional. The lock settings of the service.') - kind:('CanNotDelete' | 'ReadOnly' | 'None') + kind: ('CanNotDelete' | 'ReadOnly' | 'None') @description('Optional. Notes about this lock.') notes: string? @@ -32,7 +32,12 @@ param parPublicIpProperties object @sys.description('Availability Zones to deploy the Public IP across. Region must support Availability Zones to use. If it does not then leave empty.') param parAvailabilityZones array = [] -@sys.description('Resource Lock Configuration Object') +@sys.description('''Resource Lock Configuration for Public IPs. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parResourceLockConfig lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Public IP Module.' @@ -47,7 +52,7 @@ param parTelemetryOptOut bool = false // Customer Usage Attribution Id var varCuaid = '3f85b84c-6bad-4c42-86bf-11c233241c22' -resource resPublicIp 'Microsoft.Network/publicIPAddresses@2023-02-01' ={ +resource resPublicIp 'Microsoft.Network/publicIPAddresses@2023-02-01' = { name: parPublicIpName tags: parTags location: parLocation diff --git a/infra-as-code/bicep/modules/resourceGroup/generateddocs/resourceGroup.bicep.md b/infra-as-code/bicep/modules/resourceGroup/generateddocs/resourceGroup.bicep.md index b7a39fdb7..666c2cef1 100644 --- a/infra-as-code/bicep/modules/resourceGroup/generateddocs/resourceGroup.bicep.md +++ b/infra-as-code/bicep/modules/resourceGroup/generateddocs/resourceGroup.bicep.md @@ -8,7 +8,7 @@ Parameter name | Required | Description -------------- | -------- | ----------- parLocation | Yes | Azure Region where Resource Group will be created. parResourceGroupName | Yes | Name of Resource Group to be created. -parResourceLockConfig | No | Resource Lock Configuration Object +parResourceLockConfig | No | Resource Lock Configuration for Resource Groups. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parTags | No | Tags you would like to be applied to all resources in this module. parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry. @@ -28,7 +28,12 @@ Name of Resource Group to be created. ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Resource Lock Configuration Object +Resource Lock Configuration for Resource Groups. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Resource Group Module.}` diff --git a/infra-as-code/bicep/modules/resourceGroup/generateddocs/resourceGroupLock.bicep.md b/infra-as-code/bicep/modules/resourceGroup/generateddocs/resourceGroupLock.bicep.md index 5dbda9713..14e11e678 100644 --- a/infra-as-code/bicep/modules/resourceGroup/generateddocs/resourceGroupLock.bicep.md +++ b/infra-as-code/bicep/modules/resourceGroup/generateddocs/resourceGroupLock.bicep.md @@ -6,14 +6,19 @@ Module used to lock Resource Groups for Azure Landing Zones Parameter name | Required | Description -------------- | -------- | ----------- -parResourceLockConfig | No | Resource Lock Configuration Object +parResourceLockConfig | No | Resource Lock Configuration for Resource Groups. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parResourceGroupName | Yes | Resource Group Name ### parResourceLockConfig ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Resource Lock Configuration Object +Resource Lock Configuration for Resource Groups. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Resource Group Module.}` diff --git a/infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep b/infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep index 6ddd506ab..76b8f3b25 100644 --- a/infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep +++ b/infra-as-code/bicep/modules/resourceGroup/resourceGroup.bicep @@ -8,7 +8,7 @@ type lockType = { name: string? @description('Optional. The lock settings of the service.') - kind:('CanNotDelete' | 'ReadOnly' | 'None') + kind: ('CanNotDelete' | 'ReadOnly' | 'None') @description('Optional. Notes about this lock.') notes: string? @@ -20,7 +20,12 @@ param parLocation string @sys.description('Name of Resource Group to be created.') param parResourceGroupName string -@sys.description('Resource Lock Configuration Object') +@sys.description('''Resource Lock Configuration for Resource Groups. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parResourceLockConfig lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Resource Group Module.' diff --git a/infra-as-code/bicep/modules/resourceGroup/resourceGroupLock.bicep b/infra-as-code/bicep/modules/resourceGroup/resourceGroupLock.bicep index 7d649d6ec..ca4cea7dc 100644 --- a/infra-as-code/bicep/modules/resourceGroup/resourceGroupLock.bicep +++ b/infra-as-code/bicep/modules/resourceGroup/resourceGroupLock.bicep @@ -6,13 +6,18 @@ type lockType = { name: string? @description('Optional. The lock settings of the service.') - kind:('CanNotDelete' | 'ReadOnly' | 'None') + kind: ('CanNotDelete' | 'ReadOnly' | 'None') @description('Optional. Notes about this lock.') notes: string? } -@sys.description('Resource Lock Configuration Object') +@sys.description('''Resource Lock Configuration for Resource Groups. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parResourceLockConfig lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Resource Group Module.' diff --git a/infra-as-code/bicep/modules/spokeNetworking/generateddocs/spokeNetworking.bicep.md b/infra-as-code/bicep/modules/spokeNetworking/generateddocs/spokeNetworking.bicep.md index df43b0017..b852fe02a 100644 --- a/infra-as-code/bicep/modules/spokeNetworking/generateddocs/spokeNetworking.bicep.md +++ b/infra-as-code/bicep/modules/spokeNetworking/generateddocs/spokeNetworking.bicep.md @@ -9,14 +9,14 @@ Parameter name | Required | Description parLocation | No | The Azure Region to deploy the resources into. parDisableBgpRoutePropagation | No | Switch to enable/disable BGP Propagation on route table. parDdosProtectionPlanId | No | Id of the DdosProtectionPlan which will be applied to the Virtual Network. -parGlobalResourceLock | No | Global Resource Lock Configuration used for all resources deployed in this module. +parGlobalResourceLock | No | Global Resource Lock Configuration used for all resources deployed in this module. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parSpokeNetworkAddressPrefix | No | The IP address range for all virtual networks to use. parSpokeNetworkName | No | The Name of the Spoke Virtual Network. -parSpokeNetworkLock | No | Resource Lock Configuration for Spoke Network. +parSpokeNetworkLock | No | Resource Lock Configuration for Spoke Network - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parDnsServerIps | No | Array of DNS Server IP addresses for VNet. parNextHopIpAddress | No | IP Address where network traffic should route to leveraged with DNS Proxy. parSpokeToHubRouteTableName | No | Name of Route table to create for the default route of Hub. -parSpokeRouteTableLock | No | Resource Lock Configuration for Spoke Network Route Table. +parSpokeRouteTableLock | No | Resource Lock Configuration for Spoke Network Route Table. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parTags | No | Tags you would like to be applied to all resources in this module. parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry. @@ -48,6 +48,11 @@ Id of the DdosProtectionPlan which will be applied to the Virtual Network. Global Resource Lock Configuration used for all resources deployed in this module. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Networking Module.}` ### parSpokeNetworkAddressPrefix @@ -70,7 +75,12 @@ The Name of the Spoke Virtual Network. ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Resource Lock Configuration for Spoke Network. +Resource Lock Configuration for Spoke Network + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Spoke Networking Module.}` @@ -100,6 +110,11 @@ Name of Route table to create for the default route of Hub. Resource Lock Configuration for Spoke Network Route Table. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Spoke Networking Module.}` ### parTags diff --git a/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep b/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep index a23267d61..29b1fa2ae 100644 --- a/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep +++ b/infra-as-code/bicep/modules/spokeNetworking/spokeNetworking.bicep @@ -6,7 +6,7 @@ type lockType = { name: string? @description('Optional. The lock settings of the service.') - kind:('CanNotDelete' | 'ReadOnly' | 'None') + kind: ('CanNotDelete' | 'ReadOnly' | 'None') @description('Optional. Notes about this lock.') notes: string? @@ -21,7 +21,12 @@ param parDisableBgpRoutePropagation bool = false @sys.description('Id of the DdosProtectionPlan which will be applied to the Virtual Network.') param parDdosProtectionPlanId string = '' -@sys.description('Global Resource Lock Configuration used for all resources deployed in this module.') +@sys.description('''Global Resource Lock Configuration used for all resources deployed in this module. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parGlobalResourceLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Hub Networking Module.' @@ -33,7 +38,12 @@ param parSpokeNetworkAddressPrefix string = '10.11.0.0/16' @sys.description('The Name of the Spoke Virtual Network.') param parSpokeNetworkName string = 'vnet-spoke' -@sys.description('Resource Lock Configuration for Spoke Network.') +@sys.description('''Resource Lock Configuration for Spoke Network + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parSpokeNetworkLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Spoke Networking Module.' @@ -48,7 +58,12 @@ param parNextHopIpAddress string = '' @sys.description('Name of Route table to create for the default route of Hub.') param parSpokeToHubRouteTableName string = 'rtb-spoke-to-hub' -@sys.description('Resource Lock Configuration for Spoke Network Route Table.') +@sys.description('''Resource Lock Configuration for Spoke Network Route Table. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parSpokeRouteTableLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Spoke Networking Module.' diff --git a/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep b/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep index d75174d87..05afee52b 100644 --- a/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep +++ b/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep @@ -15,7 +15,7 @@ param parTelemetryOptOut bool = false // Customer Usage Attribution Id var varCuaid = '3dfa9e81-f0cf-4b25-858e-167937fd380b' -resource resSubscriptionPlacement 'Microsoft.Management/managementGroups/subscriptions@2021-04-01' = [for subscriptionId in parSubscriptionIds: { +resource resSubscriptionPlacement 'Microsoft.Management/managementGroups/subscriptions@2023-04-01' = [for subscriptionId in parSubscriptionIds: { scope: tenant() name: '${parTargetManagementGroupId}/${subscriptionId}' }] diff --git a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md index b36b5633e..6bb9c2bb2 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md +++ b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md @@ -8,37 +8,37 @@ Parameter name | Required | Description -------------- | -------- | ----------- parLocation | No | Region in which the resource group was created. parCompanyPrefix | No | Prefix value which will be prepended to all resource names. -parGlobalResourceLock | No | Global Resource Lock Configuration used for all resources deployed in this module. +parGlobalResourceLock | No | Global Resource Lock Configuration used for all resources deployed in this module. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. parAzFirewallIntelMode | No | The Azure Firewall Threat Intelligence Mode. parVirtualHubEnabled | No | Switch to enable/disable Virtual Hub deployment. parAzFirewallDnsProxyEnabled | No | Switch to enable/disable Azure Firewall DNS Proxy. parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall. parVirtualWanName | No | Prefix Used for Virtual WAN. -parVirtualWanLock | No | Resource Lock Configuration for Virtual WAN. +parVirtualWanLock | No | Resource Lock Configuration for Virtual WAN. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parVirtualWanHubName | No | Prefix Used for Virtual WAN Hub. parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. -parVpnGatewayLock | No | Resource Lock Configuration for Virtual WAN Hub VPN Gateway. -parExpressRouteGatewayLock | No | Resource Lock Configuration for Virtual WAN Hub ExpressRoute Gateway. -parVirtualWanHubsLock | No | Resource Lock Configuration for Virtual WAN Hub. +parVpnGatewayLock | No | Resource Lock Configuration for Virtual WAN Hub VPN Gateway. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parExpressRouteGatewayLock | No | Resource Lock Configuration for Virtual WAN Hub ExpressRoute Gateway. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parVirtualWanHubsLock | No | Resource Lock Configuration for Virtual WAN Hub. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parVpnGatewayName | No | VPN Gateway Name. parExpressRouteGatewayName | No | ExpressRoute Gateway Name. parAzFirewallName | No | Azure Firewall Name. parAzFirewallAvailabilityZones | No | Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty. parAzFirewallPoliciesName | No | Azure Firewall Policies Name. -parAzureFirewallLock | No | Resource Lock Configuration for Azure Firewall. +parAzureFirewallLock | No | Resource Lock Configuration for Azure Firewall. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parVpnGatewayScaleUnit | No | The scale unit for this VPN Gateway. parExpressRouteGatewayScaleUnit | No | The scale unit for this ExpressRoute Gateway. parDdosEnabled | No | Switch to enable/disable DDoS Network Protection deployment. parDdosPlanName | No | DDoS Plan Name. -parDdosLock | No | Resource Lock Configuration for DDoS Plan. +parDdosLock | No | Resource Lock Configuration for DDoS Plan. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parPrivateDnsZonesEnabled | No | Switch to enable/disable Private DNS Zones deployment. parPrivateDnsZonesResourceGroup | No | Resource Group Name for Private DNS Zones. parPrivateDnsZones | No | Array of DNS Zones to provision in Hub Virtual Network. parPrivateDnsZoneAutoMergeAzureBackupZone | No | Set Parameter to false to skip the addition of a Private DNS Zone for Azure Backup. parVirtualNetworkIdToLink | No | Resource ID of VNet for Private DNS Zone VNet Links parVirtualNetworkIdToLinkFailover | No | Resource ID of Failover VNet for Private DNS Zone VNet Failover Links -parPrivateDNSZonesLock | No | Resource Lock Configuration for Private DNS Zone(s). +parPrivateDNSZonesLock | No | Resource Lock Configuration for Private DNS Zone(s). - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parTags | No | Tags you would like to be applied to all resources in this module. parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry @@ -64,6 +64,11 @@ Prefix value which will be prepended to all resource names. Global Resource Lock Configuration used for all resources deployed in this module. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep vWAN Connectivity Module.}` ### parAzFirewallTier @@ -122,6 +127,11 @@ Prefix Used for Virtual WAN. Resource Lock Configuration for Virtual WAN. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep vWAN Connectivity Module.}` ### parVirtualWanHubName @@ -155,6 +165,11 @@ Array Used for multiple Virtual WAN Hubs deployment. Each object in the array re Resource Lock Configuration for Virtual WAN Hub VPN Gateway. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep vWAN Connectivity Module.}` ### parExpressRouteGatewayLock @@ -163,6 +178,11 @@ Resource Lock Configuration for Virtual WAN Hub VPN Gateway. Resource Lock Configuration for Virtual WAN Hub ExpressRoute Gateway. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep vWAN Connectivity Module.}` ### parVirtualWanHubsLock @@ -171,6 +191,11 @@ Resource Lock Configuration for Virtual WAN Hub ExpressRoute Gateway. Resource Lock Configuration for Virtual WAN Hub. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep vWAN Connectivity Module.}` ### parVpnGatewayName @@ -219,6 +244,11 @@ Azure Firewall Policies Name. Resource Lock Configuration for Azure Firewall. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep vWAN Connectivity Module.}` ### parVpnGatewayScaleUnit @@ -259,6 +289,11 @@ DDoS Plan Name. Resource Lock Configuration for DDoS Plan. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep vWAN Connectivity Module.}` ### parPrivateDnsZonesEnabled @@ -311,6 +346,11 @@ Resource ID of Failover VNet for Private DNS Zone VNet Failover Links Resource Lock Configuration for Private DNS Zone(s). +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep vWAN Connectivity Module.}` ### parTags diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep index 152246759..955f57595 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep @@ -46,7 +46,7 @@ type lockType = { name: string? @description('Optional. The lock settings of the service.') - kind:('CanNotDelete' | 'ReadOnly' | 'None') + kind: ('CanNotDelete' | 'ReadOnly' | 'None') @description('Optional. Notes about this lock.') notes: string? @@ -58,7 +58,12 @@ param parLocation string = resourceGroup().location @sys.description('Prefix value which will be prepended to all resource names.') param parCompanyPrefix string = 'alz' -@sys.description('Global Resource Lock Configuration used for all resources deployed in this module.') +@sys.description('''Global Resource Lock Configuration used for all resources deployed in this module. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parGlobalResourceLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep vWAN Connectivity Module.' @@ -92,7 +97,12 @@ param parAzFirewallDnsServers array = [] @sys.description('Prefix Used for Virtual WAN.') param parVirtualWanName string = '${parCompanyPrefix}-vwan-${parLocation}' -@sys.description('Resource Lock Configuration for Virtual WAN.') +@sys.description('''Resource Lock Configuration for Virtual WAN. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parVirtualWanLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep vWAN Connectivity Module.' @@ -125,19 +135,34 @@ param parVirtualWanHubs virtualWanOptionsType = [ { } ] -@sys.description('Resource Lock Configuration for Virtual WAN Hub VPN Gateway.') +@sys.description('''Resource Lock Configuration for Virtual WAN Hub VPN Gateway. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parVpnGatewayLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep vWAN Connectivity Module.' } -@sys.description('Resource Lock Configuration for Virtual WAN Hub ExpressRoute Gateway.') +@sys.description('''Resource Lock Configuration for Virtual WAN Hub ExpressRoute Gateway. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parExpressRouteGatewayLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep vWAN Connectivity Module.' } -@sys.description('Resource Lock Configuration for Virtual WAN Hub.') +@sys.description('''Resource Lock Configuration for Virtual WAN Hub. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parVirtualWanHubsLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep vWAN Connectivity Module.' @@ -163,7 +188,12 @@ param parAzFirewallAvailabilityZones array = [] @sys.description('Azure Firewall Policies Name.') param parAzFirewallPoliciesName string = '${parCompanyPrefix}-azfwpolicy-${parLocation}' -@sys.description('Resource Lock Configuration for Azure Firewall.') +@sys.description('''Resource Lock Configuration for Azure Firewall. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parAzureFirewallLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep vWAN Connectivity Module.' @@ -181,7 +211,12 @@ param parDdosEnabled bool = true @sys.description('DDoS Plan Name.') param parDdosPlanName string = '${parCompanyPrefix}-ddos-plan' -@sys.description('Resource Lock Configuration for DDoS Plan.') +@sys.description('''Resource Lock Configuration for DDoS Plan. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parDdosLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep vWAN Connectivity Module.' @@ -273,7 +308,12 @@ param parVirtualNetworkIdToLink string = '' @sys.description('Resource ID of Failover VNet for Private DNS Zone VNet Failover Links') param parVirtualNetworkIdToLinkFailover string = '' -@sys.description('Resource Lock Configuration for Private DNS Zone(s).') +@sys.description('''Resource Lock Configuration for Private DNS Zone(s). + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parPrivateDNSZonesLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep vWAN Connectivity Module.' diff --git a/infra-as-code/bicep/orchestration/hubPeeredSpoke/generateddocs/hubPeeredSpoke.bicep.md b/infra-as-code/bicep/orchestration/hubPeeredSpoke/generateddocs/hubPeeredSpoke.bicep.md index dfb09f85f..106f167a4 100644 --- a/infra-as-code/bicep/orchestration/hubPeeredSpoke/generateddocs/hubPeeredSpoke.bicep.md +++ b/infra-as-code/bicep/orchestration/hubPeeredSpoke/generateddocs/hubPeeredSpoke.bicep.md @@ -12,7 +12,7 @@ parTopLevelManagementGroupSuffix | No | Optional suffix for the management parPeeredVnetSubscriptionId | No | Subscription Id to the Virtual Network Hub object. Default: Empty String parTags | No | Array of Tags to be applied to all resources in module. Default: Empty Object parTelemetryOptOut | No | Set Parameter to true to Opt-out of deployment telemetry. -parGlobalResourceLock | No | Global Resource Lock Configuration used for all resources deployed in this module. +parGlobalResourceLock | No | Global Resource Lock Configuration used for all resources deployed in this module. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parPeeredVnetSubscriptionMgPlacement | No | The Management Group Id to place the subscription in. Default: Empty String parResourceGroupNameForSpokeNetworking | No | Name of Resource Group to be created to contain spoke networking resources like the virtual network. parResourceGroupLock | No | Resource Group Lock Configuration. @@ -24,9 +24,9 @@ parDnsServerIps | No | Array of DNS Server IP addresses for VNet. Default: parNextHopIpAddress | No | IP Address where network traffic should route to. Default: Empty string parDisableBgpRoutePropagation | No | Switch which allows BGP Route Propogation to be disabled on the route table. parSpokeToHubRouteTableName | No | Name of Route table to create for the default route of Hub. -parSpokeNetworkLock | No | Resource Lock Configuration for Spoke Network. -parSpokeRouteTableLock | No | Resource Lock Configuration for Spoke Network Route Table. -parPrivateDnsZoneVirtualNetworkLinkLock | No | Resource Lock Configuration for Private DNS Virtual Network Network Links. +parSpokeNetworkLock | No | Resource Lock Configuration for Spoke Network. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parSpokeRouteTableLock | No | Resource Lock Configuration for Spoke Network Route Table. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. +parPrivateDnsZoneVirtualNetworkLinkLock | No | Resource Lock Configuration for Private DNS Virtual Network Network Links. - `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. - `notes` - Notes about this lock. parHubVirtualNetworkId | Yes | Virtual Network ID of Hub Virtual Network, or Azure Virtuel WAN hub ID. parAllowSpokeForwardedTraffic | No | Switch to enable/disable forwarded Traffic from outside spoke network. parAllowHubVpnGatewayTransit | No | Switch to enable/disable VPN Gateway for the hub network peering. @@ -82,6 +82,11 @@ Set Parameter to true to Opt-out of deployment telemetry. Global Resource Lock Configuration used for all resources deployed in this module. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Peered Spoke Orchestration Networking Module.}` ### parPeeredVnetSubscriptionMgPlacement @@ -168,6 +173,11 @@ Name of Route table to create for the default route of Hub. Resource Lock Configuration for Spoke Network. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Peered Spoke Orchestration Networking Module.}` ### parSpokeRouteTableLock @@ -176,6 +186,11 @@ Resource Lock Configuration for Spoke Network. Resource Lock Configuration for Spoke Network Route Table. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Peered Spoke Orchestration Networking Module.}` ### parPrivateDnsZoneVirtualNetworkLinkLock @@ -184,6 +199,11 @@ Resource Lock Configuration for Spoke Network Route Table. Resource Lock Configuration for Private DNS Virtual Network Network Links. +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + + + - Default value: `@{kind=None; notes=This lock was created by the ALZ Bicep Hub Peered Spoke Orchestration Networking Module.}` ### parHubVirtualNetworkId diff --git a/infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep b/infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep index 6745b2508..5296990c7 100644 --- a/infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep +++ b/infra-as-code/bicep/orchestration/hubPeeredSpoke/hubPeeredSpoke.bicep @@ -8,7 +8,7 @@ type lockType = { name: string? @description('Optional. The lock settings of the service.') - kind:('CanNotDelete' | 'ReadOnly' | 'None') + kind: ('CanNotDelete' | 'ReadOnly' | 'None') @description('Optional. Notes about this lock.') notes: string? @@ -37,7 +37,12 @@ param parTags object = {} @sys.description('Set Parameter to true to Opt-out of deployment telemetry.') param parTelemetryOptOut bool = false -@sys.description('Global Resource Lock Configuration used for all resources deployed in this module.') +@sys.description('''Global Resource Lock Configuration used for all resources deployed in this module. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parGlobalResourceLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Hub Peered Spoke Orchestration Networking Module.' @@ -82,20 +87,35 @@ param parDisableBgpRoutePropagation bool = false @sys.description('Name of Route table to create for the default route of Hub.') param parSpokeToHubRouteTableName string = 'rtb-spoke-to-hub' -@sys.description('Resource Lock Configuration for Spoke Network.') +@sys.description('''Resource Lock Configuration for Spoke Network. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parSpokeNetworkLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Hub Peered Spoke Orchestration Networking Module.' } -@sys.description('Resource Lock Configuration for Spoke Network Route Table.') +@sys.description('''Resource Lock Configuration for Spoke Network Route Table. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parSpokeRouteTableLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Hub Peered Spoke Orchestration Networking Module.' } // Private DNS Link Module Parameters -@sys.description('Resource Lock Configuration for Private DNS Virtual Network Network Links.') +@sys.description('''Resource Lock Configuration for Private DNS Virtual Network Network Links. + +- `kind` - The lock settings of the service which can be CanNotDelete, ReadOnly, or None. +- `notes` - Notes about this lock. + +''') param parPrivateDnsZoneVirtualNetworkLinkLock lockType = { kind: 'None' notes: 'This lock was created by the ALZ Bicep Hub Peered Spoke Orchestration Networking Module.'