From eb9e8fad360121db2a4f73a3454ee137961f64e3 Mon Sep 17 00:00:00 2001 From: Jack Tracey Date: Mon, 28 Feb 2022 11:11:38 +0000 Subject: [PATCH 1/3] changes to fix 153 concerns --- docs/wiki/FAQ.md | 12 +- .../customRoleDefinitions.bicep | 2 +- .../hubNetworking/dataTestDnsZones.bicep | 194 ++++++++++++++++++ .../modules/hubNetworking/hubNetworking.bicep | 2 +- .../modules/hubNetworking/testDnsZones.bicep | 58 ++++++ .../bicep/modules/logging/logging.bicep | 2 +- .../managementGroups/managementGroups.bicep | 3 +- .../alzDefaultPolicyAssignments.bicep | 4 +- .../policyAssignmentManagementGroup.bicep | 4 +- .../custom-policy-definitions.bicep | 2 +- .../bicep/modules/publicIp/publicIp.bicep | 2 +- .../roleAssignmentManagementGroup.bicep | 2 +- .../subscriptionPlacement.bicep | 2 +- .../virtualNetworkPeer.bicep | 2 +- 14 files changed, 275 insertions(+), 16 deletions(-) create mode 100644 infra-as-code/bicep/modules/hubNetworking/dataTestDnsZones.bicep create mode 100644 infra-as-code/bicep/modules/hubNetworking/testDnsZones.bicep diff --git a/docs/wiki/FAQ.md b/docs/wiki/FAQ.md index 4b3013136..0d0eed557 100644 --- a/docs/wiki/FAQ.md +++ b/docs/wiki/FAQ.md @@ -10,8 +10,16 @@ Some FAQ questions that relate more to the architecture are based over in the CA ## List of Frequently Asked Questions -- TBC +- [Why are some linter rules disabled via the `#disable-next-line` Bicep function?](#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function) --- -## Questions & Answers \ No newline at end of file +## Questions & Answers + +## Why are some linter rules disabled via the `#disable-next-line` Bicep function? + +In some of the ALZ-Bicep modules some of linter rules are disabled using the `#disable-next-line` Bicep feature. Today, this is primarily for disabling the [no-loc-expr-outside-params linter rule](https://docs.microsoft.com/azure/azure-resource-manager/bicep/linter-rule-no-loc-expr-outside-params) for the, optional, telemetry module as we want to ensure this telemetry deployment is stored in the same location as specified by the `location` input when deploying the Bicep module, instead of in the same location as specified by `parRegion` or `parLocation` as this may be different from the region targeted by the deployment to ARM. + +You may also see it in some location for resources that do not require a region for deployment, like Azure Policies, so instead of making users input an additional parameter for the region, we just use the one that was targeted by the deployment to ARM when the module was deployed. + +It is not recommended to disable linter rules when it can be resolved by making changes to the Bicep code. However, in some scenarios, like above, this is necessary. \ No newline at end of file diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep b/infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep index 70a20e820..bb4f2955f 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep +++ b/infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep @@ -55,7 +55,7 @@ module modRolesSecurityOperationsRole 'definitions/caf-security-operations-role. // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdManagementGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location)}' params: {} } diff --git a/infra-as-code/bicep/modules/hubNetworking/dataTestDnsZones.bicep b/infra-as-code/bicep/modules/hubNetworking/dataTestDnsZones.bicep new file mode 100644 index 000000000..1b99fc67c --- /dev/null +++ b/infra-as-code/bicep/modules/hubNetworking/dataTestDnsZones.bicep @@ -0,0 +1,194 @@ +// param parDnsZonesFromOutput object = { +// azureAutomation: { +// name: 'privatelink.azure-automation.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.azure-automation.net' +// } +// azureDB: { +// name: 'privatelink.database.windows.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.database.windows.net' +// } +// } + +param parDnsZonesFromOutput object = { + azureAutomation: 'privatelink.azure-automation.net' + azureDB: 'privatelink.database.windows.net' +} + +// { +// name: 'privatelink.sql.azuresynapse.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.sql.azuresynapse.net' +// } +// { +// name: 'privatelink.azuresynapse.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.azuresynapse.net' +// } +// { +// name: 'privatelink.blob.core.windows.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.blob.core.windows.net' +// } +// { +// name: 'privatelink.table.core.windows.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.table.core.windows.net' +// } +// { +// name: 'privatelink.queue.core.windows.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.queue.core.windows.net' +// } +// { +// name: 'privatelink.file.core.windows.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.file.core.windows.net' +// } +// { +// name: 'privatelink.web.core.windows.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.web.core.windows.net' +// } +// { +// name: 'privatelink.dfs.core.windows.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.dfs.core.windows.net' +// } +// { +// name: 'privatelink.documents.azure.com' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.documents.azure.com' +// } +// { +// name: 'privatelink.mongo.cosmos.azure.com' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.mongo.cosmos.azure.com' +// } +// { +// name: 'privatelink.cassandra.cosmos.azure.com' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.cassandra.cosmos.azure.com' +// } +// { +// name: 'privatelink.gremlin.cosmos.azure.com' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.gremlin.cosmos.azure.com' +// } +// { +// name: 'privatelink.table.cosmos.azure.com' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.table.cosmos.azure.com' +// } +// { +// name: 'privatelink.northeurope.batch.azure.com' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.northeurope.batch.azure.com' +// } +// { +// name: 'privatelink.postgres.database.azure.com' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.postgres.database.azure.com' +// } +// { +// name: 'privatelink.mysql.database.azure.com' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.mysql.database.azure.com' +// } +// { +// name: 'privatelink.mariadb.database.azure.com' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.mariadb.database.azure.com' +// } +// { +// name: 'privatelink.vaultcore.azure.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.vaultcore.azure.net' +// } +// { +// name: 'privatelink.northeurope.azmk8s.io' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.northeurope.azmk8s.io' +// } +// { +// name: 'northeurope.privatelink.siterecovery.windowsazure.com' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/northeurope.privatelink.siterecovery.windowsazure.com' +// } +// { +// name: 'privatelink.servicebus.windows.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.servicebus.windows.net' +// } +// { +// name: 'privatelink.azure-devices.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.azure-devices.net' +// } +// { +// name: 'privatelink.eventgrid.azure.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.eventgrid.azure.net' +// } +// { +// name: 'privatelink.azurewebsites.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.azurewebsites.net' +// } +// { +// name: 'privatelink.api.azureml.ms' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.api.azureml.ms' +// } +// { +// name: 'privatelink.notebooks.azure.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.notebooks.azure.net' +// } +// { +// name: 'privatelink.service.signalr.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.service.signalr.net' +// } +// { +// name: 'privatelink.afs.azure.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.afs.azure.net' +// } +// { +// name: 'privatelink.datafactory.azure.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.datafactory.azure.net' +// } +// { +// name: 'privatelink.adf.azure.com' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.adf.azure.com' +// } +// { +// name: 'privatelink.redis.cache.windows.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.redis.cache.windows.net' +// } +// { +// name: 'privatelink.redisenterprise.cache.azure.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.redisenterprise.cache.azure.net' +// } +// { +// name: 'privatelink.purview.azure.com' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.purview.azure.com' +// } +// { +// name: 'privatelink.digitaltwins.azure.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.digitaltwins.azure.net' +// } +// { +// name: 'privatelink.azconfig.io' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.azconfig.io' +// } +// { +// name: 'privatelink.webpubsub.azure.com' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.webpubsub.azure.com' +// } +// { +// name: 'privatelink.azure-devices-provisioning.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.azure-devices-provisioning.net' +// } +// { +// name: 'privatelink.cognitiveservices.azure.com' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.cognitiveservices.azure.com' +// } +// { +// name: 'privatelink.azurecr.io' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.azurecr.io' +// } +// { +// name: 'privatelink.search.windows.net' +// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.search.windows.net' +// } +// } + +// output outDnsZones array = parDnsZonesFromOutput + +output outDnsZones object = parDnsZonesFromOutput + +output outDnsZonesItems array = items(parDnsZonesFromOutput) + +var varDnsZonesItems = [for dnsZone in items(parDnsZonesFromOutput): { + zoneName: dnsZone.value +}] + +output testArray array = varDnsZonesItems + +resource resPrivateDnsZones 'Microsoft.Network/privateDnsZones@2020-06-01' = [for privateDnsZone in varDnsZonesItems: { + name: privateDnsZone.zoneName + location: 'global' +}] diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index b98e8c32d..514357b22 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -466,7 +466,7 @@ resource resVirtualNetworkLink 'Microsoft.Network/privateDnsZones/virtualNetwork // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdResourceGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(resourceGroup().location)}' params: {} } diff --git a/infra-as-code/bicep/modules/hubNetworking/testDnsZones.bicep b/infra-as-code/bicep/modules/hubNetworking/testDnsZones.bicep new file mode 100644 index 000000000..43797e3dd --- /dev/null +++ b/infra-as-code/bicep/modules/hubNetworking/testDnsZones.bicep @@ -0,0 +1,58 @@ +@description('Switch which allows Private DNS Zones to be disabled. Default: true') +param parPrivateDNSZonesEnabled bool = true + +@description('Array of DNS Zones to provision in Hub Virtual Network. Default: All known Azure Private DNS Zones') +param parPrivateDnsZones array =[ + 'privatelink.azure-automation.net' + 'privatelink.database.windows.net' + 'privatelink.sql.azuresynapse.net' + 'privatelink.azuresynapse.net' + 'privatelink.blob.core.windows.net' + 'privatelink.table.core.windows.net' + 'privatelink.queue.core.windows.net' + 'privatelink.file.core.windows.net' + 'privatelink.web.core.windows.net' + 'privatelink.dfs.core.windows.net' + 'privatelink.documents.azure.com' + 'privatelink.mongo.cosmos.azure.com' + 'privatelink.cassandra.cosmos.azure.com' + 'privatelink.gremlin.cosmos.azure.com' + 'privatelink.table.cosmos.azure.com' + 'privatelink.${resourceGroup().location}.batch.azure.com' + 'privatelink.postgres.database.azure.com' + 'privatelink.mysql.database.azure.com' + 'privatelink.mariadb.database.azure.com' + 'privatelink.vaultcore.azure.net' + 'privatelink.${resourceGroup().location}.azmk8s.io' + '${resourceGroup().location}.privatelink.siterecovery.windowsazure.com' + 'privatelink.servicebus.windows.net' + 'privatelink.azure-devices.net' + 'privatelink.eventgrid.azure.net' + 'privatelink.azurewebsites.net' + 'privatelink.api.azureml.ms' + 'privatelink.notebooks.azure.net' + 'privatelink.service.signalr.net' + 'privatelink.afs.azure.net' + 'privatelink.datafactory.azure.net' + 'privatelink.adf.azure.com' + 'privatelink.redis.cache.windows.net' + 'privatelink.redisenterprise.cache.azure.net' + 'privatelink.purview.azure.com' + 'privatelink.digitaltwins.azure.net' + 'privatelink.azconfig.io' + 'privatelink.webpubsub.azure.com' + 'privatelink.azure-devices-provisioning.net' + 'privatelink.cognitiveservices.azure.com' + 'privatelink.azurecr.io' + 'privatelink.search.windows.net' +] + +resource resPrivateDnsZones 'Microsoft.Network/privateDnsZones@2020-06-01' = [for privateDnsZone in parPrivateDnsZones: if(parPrivateDNSZonesEnabled) { + name: privateDnsZone + location: 'global' +}] + +output outPrivateDnsZones array = [for i in range(0,length(parPrivateDnsZones)): { + name: resPrivateDnsZones[i].name + id: resPrivateDnsZones[i].id +}] diff --git a/infra-as-code/bicep/modules/logging/logging.bicep b/infra-as-code/bicep/modules/logging/logging.bicep index 280a166a1..1d93b51c6 100644 --- a/infra-as-code/bicep/modules/logging/logging.bicep +++ b/infra-as-code/bicep/modules/logging/logging.bicep @@ -118,7 +118,7 @@ resource resLogAnalyticsLinkedServiceForAutomationAccount 'Microsoft.Operational // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdResourceGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(resourceGroup().location)}' params: {} } diff --git a/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep b/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep index f5ba5dcb2..48b8dd7ed 100644 --- a/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep +++ b/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep @@ -203,12 +203,11 @@ resource resLandingZonesOnlineMG 'Microsoft.Management/managementGroups@2021-04- // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdTenant.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location)}' params: {} } - // Output Management Group IDs output outTopLevelMGId string = resTopLevelMG.id diff --git a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep index 7215eea5e..ccaf4ae0f 100644 --- a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep +++ b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep @@ -47,7 +47,7 @@ var varCuaid = '98cef979-5a6b-403b-83c7-10c8f04ac9a2' // Orchestration Module Variables var varDeploymentNameWrappers = { basePrefix: 'ALZBicep' - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Policies resources are not deployed to a region, like other resources, but the metadata is stored in a region hence requiring this to keep input parameters reduced. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information baseSuffixTenantAndManagementGroup: '${deployment().location}-${uniqueString(deployment().location, parTopLevelManagementGroupPrefix)}' } @@ -226,7 +226,7 @@ targetScope = 'managementGroup' // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../../../CRML/customerUsageAttribution/cuaIdManagementGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location)}' params: {} } diff --git a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep index 2f3835463..5307950c4 100644 --- a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep +++ b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep @@ -82,7 +82,7 @@ resource resPolicyAssignment 'Microsoft.Authorization/policyAssignments@2020-09- identity: { type: varPolicyIdentity } - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Policies resources are not deployed to a region, like other resources, but the metadata is stored in a region hence requiring this to keep input parameters reduced. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information location: deployment().location } @@ -110,7 +110,7 @@ module modPolicyIdentityRoleAssignmentSubsMany '../../roleAssignments/roleAssign // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../../CRML/customerUsageAttribution/cuaIdManagementGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location, parPolicyAssignmentName)}' params: {} } diff --git a/infra-as-code/bicep/modules/policy/definitions/custom-policy-definitions.bicep b/infra-as-code/bicep/modules/policy/definitions/custom-policy-definitions.bicep index 9b302d85e..416bb06c0 100644 --- a/infra-as-code/bicep/modules/policy/definitions/custom-policy-definitions.bicep +++ b/infra-as-code/bicep/modules/policy/definitions/custom-policy-definitions.bicep @@ -1240,7 +1240,7 @@ resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2 // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../../CRML/customerUsageAttribution/cuaIdManagementGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location)}' params: {} } diff --git a/infra-as-code/bicep/modules/publicIp/publicIp.bicep b/infra-as-code/bicep/modules/publicIp/publicIp.bicep index bdd3241fd..ba0997c93 100644 --- a/infra-as-code/bicep/modules/publicIp/publicIp.bicep +++ b/infra-as-code/bicep/modules/publicIp/publicIp.bicep @@ -37,7 +37,7 @@ resource resPublicIP 'Microsoft.Network/publicIPAddresses@2021-02-01' ={ // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdResourceGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(resourceGroup().location, parPublicIPName)}' params: {} } diff --git a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep index 41aac20d7..05ab8706c 100644 --- a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep +++ b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep @@ -45,7 +45,7 @@ resource resRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-08-01-p // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdManagementGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location, parRoleAssignmentNameGuid)}' params: {} } diff --git a/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep b/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep index f69d701bd..b44271684 100644 --- a/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep +++ b/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep @@ -29,7 +29,7 @@ resource resSubscriptionPlacement 'Microsoft.Management/managementGroups/subscri // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdManagementGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location)}' params: {} } diff --git a/infra-as-code/bicep/modules/virtualNetworkPeer/virtualNetworkPeer.bicep b/infra-as-code/bicep/modules/virtualNetworkPeer/virtualNetworkPeer.bicep index 77c274626..60452e2f0 100644 --- a/infra-as-code/bicep/modules/virtualNetworkPeer/virtualNetworkPeer.bicep +++ b/infra-as-code/bicep/modules/virtualNetworkPeer/virtualNetworkPeer.bicep @@ -45,7 +45,7 @@ resource resVirtualNetworkPeer 'Microsoft.Network/virtualNetworks/virtualNetwork // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdResourceGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(resourceGroup().location)}' params: {} } From 18eac86e71e6c696520a8f9bfd38ec4f6c7c5e3a Mon Sep 17 00:00:00 2001 From: Jack Tracey Date: Mon, 28 Feb 2022 11:15:37 +0000 Subject: [PATCH 2/3] remove incorrect file staged and typo fix in URL --- .../customRoleDefinitions.bicep | 2 +- .../hubNetworking/dataTestDnsZones.bicep | 194 ------------------ .../modules/hubNetworking/hubNetworking.bicep | 2 +- .../bicep/modules/logging/logging.bicep | 2 +- .../managementGroups/managementGroups.bicep | 2 +- .../alzDefaultPolicyAssignments.bicep | 4 +- .../policyAssignmentManagementGroup.bicep | 4 +- .../custom-policy-definitions.bicep | 2 +- .../bicep/modules/publicIp/publicIp.bicep | 2 +- .../roleAssignmentManagementGroup.bicep | 2 +- .../subscriptionPlacement.bicep | 2 +- .../virtualNetworkPeer.bicep | 2 +- 12 files changed, 13 insertions(+), 207 deletions(-) delete mode 100644 infra-as-code/bicep/modules/hubNetworking/dataTestDnsZones.bicep diff --git a/infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep b/infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep index bb4f2955f..8d4f0628e 100644 --- a/infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep +++ b/infra-as-code/bicep/modules/customRoleDefinitions/customRoleDefinitions.bicep @@ -55,7 +55,7 @@ module modRolesSecurityOperationsRole 'definitions/caf-security-operations-role. // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdManagementGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location)}' params: {} } diff --git a/infra-as-code/bicep/modules/hubNetworking/dataTestDnsZones.bicep b/infra-as-code/bicep/modules/hubNetworking/dataTestDnsZones.bicep deleted file mode 100644 index 1b99fc67c..000000000 --- a/infra-as-code/bicep/modules/hubNetworking/dataTestDnsZones.bicep +++ /dev/null @@ -1,194 +0,0 @@ -// param parDnsZonesFromOutput object = { -// azureAutomation: { -// name: 'privatelink.azure-automation.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.azure-automation.net' -// } -// azureDB: { -// name: 'privatelink.database.windows.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.database.windows.net' -// } -// } - -param parDnsZonesFromOutput object = { - azureAutomation: 'privatelink.azure-automation.net' - azureDB: 'privatelink.database.windows.net' -} - -// { -// name: 'privatelink.sql.azuresynapse.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.sql.azuresynapse.net' -// } -// { -// name: 'privatelink.azuresynapse.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.azuresynapse.net' -// } -// { -// name: 'privatelink.blob.core.windows.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.blob.core.windows.net' -// } -// { -// name: 'privatelink.table.core.windows.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.table.core.windows.net' -// } -// { -// name: 'privatelink.queue.core.windows.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.queue.core.windows.net' -// } -// { -// name: 'privatelink.file.core.windows.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.file.core.windows.net' -// } -// { -// name: 'privatelink.web.core.windows.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.web.core.windows.net' -// } -// { -// name: 'privatelink.dfs.core.windows.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.dfs.core.windows.net' -// } -// { -// name: 'privatelink.documents.azure.com' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.documents.azure.com' -// } -// { -// name: 'privatelink.mongo.cosmos.azure.com' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.mongo.cosmos.azure.com' -// } -// { -// name: 'privatelink.cassandra.cosmos.azure.com' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.cassandra.cosmos.azure.com' -// } -// { -// name: 'privatelink.gremlin.cosmos.azure.com' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.gremlin.cosmos.azure.com' -// } -// { -// name: 'privatelink.table.cosmos.azure.com' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.table.cosmos.azure.com' -// } -// { -// name: 'privatelink.northeurope.batch.azure.com' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.northeurope.batch.azure.com' -// } -// { -// name: 'privatelink.postgres.database.azure.com' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.postgres.database.azure.com' -// } -// { -// name: 'privatelink.mysql.database.azure.com' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.mysql.database.azure.com' -// } -// { -// name: 'privatelink.mariadb.database.azure.com' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.mariadb.database.azure.com' -// } -// { -// name: 'privatelink.vaultcore.azure.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.vaultcore.azure.net' -// } -// { -// name: 'privatelink.northeurope.azmk8s.io' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.northeurope.azmk8s.io' -// } -// { -// name: 'northeurope.privatelink.siterecovery.windowsazure.com' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/northeurope.privatelink.siterecovery.windowsazure.com' -// } -// { -// name: 'privatelink.servicebus.windows.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.servicebus.windows.net' -// } -// { -// name: 'privatelink.azure-devices.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.azure-devices.net' -// } -// { -// name: 'privatelink.eventgrid.azure.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.eventgrid.azure.net' -// } -// { -// name: 'privatelink.azurewebsites.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.azurewebsites.net' -// } -// { -// name: 'privatelink.api.azureml.ms' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.api.azureml.ms' -// } -// { -// name: 'privatelink.notebooks.azure.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.notebooks.azure.net' -// } -// { -// name: 'privatelink.service.signalr.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.service.signalr.net' -// } -// { -// name: 'privatelink.afs.azure.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.afs.azure.net' -// } -// { -// name: 'privatelink.datafactory.azure.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.datafactory.azure.net' -// } -// { -// name: 'privatelink.adf.azure.com' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.adf.azure.com' -// } -// { -// name: 'privatelink.redis.cache.windows.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.redis.cache.windows.net' -// } -// { -// name: 'privatelink.redisenterprise.cache.azure.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.redisenterprise.cache.azure.net' -// } -// { -// name: 'privatelink.purview.azure.com' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.purview.azure.com' -// } -// { -// name: 'privatelink.digitaltwins.azure.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.digitaltwins.azure.net' -// } -// { -// name: 'privatelink.azconfig.io' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.azconfig.io' -// } -// { -// name: 'privatelink.webpubsub.azure.com' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.webpubsub.azure.com' -// } -// { -// name: 'privatelink.azure-devices-provisioning.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.azure-devices-provisioning.net' -// } -// { -// name: 'privatelink.cognitiveservices.azure.com' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.cognitiveservices.azure.com' -// } -// { -// name: 'privatelink.azurecr.io' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.azurecr.io' -// } -// { -// name: 'privatelink.search.windows.net' -// id: '/subscriptions/91c40acc-a2b4-4ffd-8c3b-8ba5e4cc7daf/resourceGroups/rsg-dns-test/providers/Microsoft.network/privateDnsZones/privatelink.search.windows.net' -// } -// } - -// output outDnsZones array = parDnsZonesFromOutput - -output outDnsZones object = parDnsZonesFromOutput - -output outDnsZonesItems array = items(parDnsZonesFromOutput) - -var varDnsZonesItems = [for dnsZone in items(parDnsZonesFromOutput): { - zoneName: dnsZone.value -}] - -output testArray array = varDnsZonesItems - -resource resPrivateDnsZones 'Microsoft.Network/privateDnsZones@2020-06-01' = [for privateDnsZone in varDnsZonesItems: { - name: privateDnsZone.zoneName - location: 'global' -}] diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index 514357b22..099955560 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -466,7 +466,7 @@ resource resVirtualNetworkLink 'Microsoft.Network/privateDnsZones/virtualNetwork // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdResourceGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(resourceGroup().location)}' params: {} } diff --git a/infra-as-code/bicep/modules/logging/logging.bicep b/infra-as-code/bicep/modules/logging/logging.bicep index 1d93b51c6..b66d6113c 100644 --- a/infra-as-code/bicep/modules/logging/logging.bicep +++ b/infra-as-code/bicep/modules/logging/logging.bicep @@ -118,7 +118,7 @@ resource resLogAnalyticsLinkedServiceForAutomationAccount 'Microsoft.Operational // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdResourceGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(resourceGroup().location)}' params: {} } diff --git a/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep b/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep index 48b8dd7ed..48c1d4622 100644 --- a/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep +++ b/infra-as-code/bicep/modules/managementGroups/managementGroups.bicep @@ -203,7 +203,7 @@ resource resLandingZonesOnlineMG 'Microsoft.Management/managementGroups@2021-04- // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdTenant.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location)}' params: {} } diff --git a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep index ccaf4ae0f..340589f03 100644 --- a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep +++ b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep @@ -47,7 +47,7 @@ var varCuaid = '98cef979-5a6b-403b-83c7-10c8f04ac9a2' // Orchestration Module Variables var varDeploymentNameWrappers = { basePrefix: 'ALZBicep' - #disable-next-line no-loc-expr-outside-params //Policies resources are not deployed to a region, like other resources, but the metadata is stored in a region hence requiring this to keep input parameters reduced. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information + #disable-next-line no-loc-expr-outside-params //Policies resources are not deployed to a region, like other resources, but the metadata is stored in a region hence requiring this to keep input parameters reduced. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information baseSuffixTenantAndManagementGroup: '${deployment().location}-${uniqueString(deployment().location, parTopLevelManagementGroupPrefix)}' } @@ -226,7 +226,7 @@ targetScope = 'managementGroup' // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../../../CRML/customerUsageAttribution/cuaIdManagementGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location)}' params: {} } diff --git a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep index 5307950c4..b9daed490 100644 --- a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep +++ b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep @@ -82,7 +82,7 @@ resource resPolicyAssignment 'Microsoft.Authorization/policyAssignments@2020-09- identity: { type: varPolicyIdentity } - #disable-next-line no-loc-expr-outside-params //Policies resources are not deployed to a region, like other resources, but the metadata is stored in a region hence requiring this to keep input parameters reduced. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information + #disable-next-line no-loc-expr-outside-params //Policies resources are not deployed to a region, like other resources, but the metadata is stored in a region hence requiring this to keep input parameters reduced. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information location: deployment().location } @@ -110,7 +110,7 @@ module modPolicyIdentityRoleAssignmentSubsMany '../../roleAssignments/roleAssign // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../../CRML/customerUsageAttribution/cuaIdManagementGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location, parPolicyAssignmentName)}' params: {} } diff --git a/infra-as-code/bicep/modules/policy/definitions/custom-policy-definitions.bicep b/infra-as-code/bicep/modules/policy/definitions/custom-policy-definitions.bicep index 416bb06c0..373bb39ab 100644 --- a/infra-as-code/bicep/modules/policy/definitions/custom-policy-definitions.bicep +++ b/infra-as-code/bicep/modules/policy/definitions/custom-policy-definitions.bicep @@ -1240,7 +1240,7 @@ resource resPolicySetDefinitions 'Microsoft.Authorization/policySetDefinitions@2 // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../../CRML/customerUsageAttribution/cuaIdManagementGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location)}' params: {} } diff --git a/infra-as-code/bicep/modules/publicIp/publicIp.bicep b/infra-as-code/bicep/modules/publicIp/publicIp.bicep index ba0997c93..15029c4c7 100644 --- a/infra-as-code/bicep/modules/publicIp/publicIp.bicep +++ b/infra-as-code/bicep/modules/publicIp/publicIp.bicep @@ -37,7 +37,7 @@ resource resPublicIP 'Microsoft.Network/publicIPAddresses@2021-02-01' ={ // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdResourceGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(resourceGroup().location, parPublicIPName)}' params: {} } diff --git a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep index 05ab8706c..fe1da9a0e 100644 --- a/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep +++ b/infra-as-code/bicep/modules/roleAssignments/roleAssignmentManagementGroup.bicep @@ -45,7 +45,7 @@ resource resRoleAssignment 'Microsoft.Authorization/roleAssignments@2020-08-01-p // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdManagementGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location, parRoleAssignmentNameGuid)}' params: {} } diff --git a/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep b/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep index b44271684..2d5d06b03 100644 --- a/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep +++ b/infra-as-code/bicep/modules/subscriptionPlacement/subscriptionPlacement.bicep @@ -29,7 +29,7 @@ resource resSubscriptionPlacement 'Microsoft.Management/managementGroups/subscri // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdManagementGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(deployment().location)}' params: {} } diff --git a/infra-as-code/bicep/modules/virtualNetworkPeer/virtualNetworkPeer.bicep b/infra-as-code/bicep/modules/virtualNetworkPeer/virtualNetworkPeer.bicep index 60452e2f0..208f7cc24 100644 --- a/infra-as-code/bicep/modules/virtualNetworkPeer/virtualNetworkPeer.bicep +++ b/infra-as-code/bicep/modules/virtualNetworkPeer/virtualNetworkPeer.bicep @@ -45,7 +45,7 @@ resource resVirtualNetworkPeer 'Microsoft.Network/virtualNetworks/virtualNetwork // Optional Deployment for Customer Usage Attribution module modCustomerUsageAttribution '../../CRML/customerUsageAttribution/cuaIdResourceGroup.bicep' = if (!parTelemetryOptOut) { - #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ##why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information + #disable-next-line no-loc-expr-outside-params //Only to ensure telemetry data is stored in same location as deployment. See https://github.com/Azure/ALZ-Bicep/wiki/FAQ#why-are-some-linter-rules-disabled-via-the-disable-next-line-bicep-function for more information name: 'pid-${varCuaid}-${uniqueString(resourceGroup().location)}' params: {} } From 410411fadc4a44f7ab62ba57f051d62ca20eef83 Mon Sep 17 00:00:00 2001 From: Jack Tracey Date: Mon, 28 Feb 2022 11:27:56 +0000 Subject: [PATCH 3/3] remove unrequired file --- .../modules/hubNetworking/testDnsZones.bicep | 58 ------------------- 1 file changed, 58 deletions(-) delete mode 100644 infra-as-code/bicep/modules/hubNetworking/testDnsZones.bicep diff --git a/infra-as-code/bicep/modules/hubNetworking/testDnsZones.bicep b/infra-as-code/bicep/modules/hubNetworking/testDnsZones.bicep deleted file mode 100644 index 43797e3dd..000000000 --- a/infra-as-code/bicep/modules/hubNetworking/testDnsZones.bicep +++ /dev/null @@ -1,58 +0,0 @@ -@description('Switch which allows Private DNS Zones to be disabled. Default: true') -param parPrivateDNSZonesEnabled bool = true - -@description('Array of DNS Zones to provision in Hub Virtual Network. Default: All known Azure Private DNS Zones') -param parPrivateDnsZones array =[ - 'privatelink.azure-automation.net' - 'privatelink.database.windows.net' - 'privatelink.sql.azuresynapse.net' - 'privatelink.azuresynapse.net' - 'privatelink.blob.core.windows.net' - 'privatelink.table.core.windows.net' - 'privatelink.queue.core.windows.net' - 'privatelink.file.core.windows.net' - 'privatelink.web.core.windows.net' - 'privatelink.dfs.core.windows.net' - 'privatelink.documents.azure.com' - 'privatelink.mongo.cosmos.azure.com' - 'privatelink.cassandra.cosmos.azure.com' - 'privatelink.gremlin.cosmos.azure.com' - 'privatelink.table.cosmos.azure.com' - 'privatelink.${resourceGroup().location}.batch.azure.com' - 'privatelink.postgres.database.azure.com' - 'privatelink.mysql.database.azure.com' - 'privatelink.mariadb.database.azure.com' - 'privatelink.vaultcore.azure.net' - 'privatelink.${resourceGroup().location}.azmk8s.io' - '${resourceGroup().location}.privatelink.siterecovery.windowsazure.com' - 'privatelink.servicebus.windows.net' - 'privatelink.azure-devices.net' - 'privatelink.eventgrid.azure.net' - 'privatelink.azurewebsites.net' - 'privatelink.api.azureml.ms' - 'privatelink.notebooks.azure.net' - 'privatelink.service.signalr.net' - 'privatelink.afs.azure.net' - 'privatelink.datafactory.azure.net' - 'privatelink.adf.azure.com' - 'privatelink.redis.cache.windows.net' - 'privatelink.redisenterprise.cache.azure.net' - 'privatelink.purview.azure.com' - 'privatelink.digitaltwins.azure.net' - 'privatelink.azconfig.io' - 'privatelink.webpubsub.azure.com' - 'privatelink.azure-devices-provisioning.net' - 'privatelink.cognitiveservices.azure.com' - 'privatelink.azurecr.io' - 'privatelink.search.windows.net' -] - -resource resPrivateDnsZones 'Microsoft.Network/privateDnsZones@2020-06-01' = [for privateDnsZone in parPrivateDnsZones: if(parPrivateDNSZonesEnabled) { - name: privateDnsZone - location: 'global' -}] - -output outPrivateDnsZones array = [for i in range(0,length(parPrivateDnsZones)): { - name: resPrivateDnsZones[i].name - id: resPrivateDnsZones[i].id -}]