Skip to content

Commit

Permalink
Merge branch 'Azure:main' into main
Browse files Browse the repository at this point in the history
  • Loading branch information
@oZakari
oZakari authored Nov 15, 2024
2 parents d882d23 + 72199cd commit e7a1a67
Show file tree
Hide file tree
Showing 101 changed files with 6,301 additions and 2,141 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/platform.ossf-scorecard.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard (optional).
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
uses: github/codeql-action/upload-sarif@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
with:
sarif_file: results.sarif
22 changes: 19 additions & 3 deletions avm/ptn/lz/sub-vending/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -796,7 +796,7 @@ param virtualNetworkResourceGroupName = '<virtualNetworkResourceGroupName>'
| [`roleAssignments`](#parameter-roleassignments) | array | Supply an array of objects containing the details of the role assignments to create.<p><p>Each object must contain the following `keys`:<li>`principalId` = The Object ID of the User, Group, SPN, Managed Identity to assign the RBAC role too.<li>`definition` = The Name of one of the pre-defined built-In RBAC Roles or a Resource ID of a Built-in or custom RBAC Role Definition as follows:<p> - You can only provide the RBAC role name of the pre-defined roles (Contributor, Owner, Reader, Role Based Access Control Administrator (Preview), and User Access Administrator). We only provide those roles as they are the most common ones to assign to a new subscription, also to reduce the template size and complexity in case we define each and every Built-in RBAC role.<p> - You can provide the Resource ID of a Built-in or custom RBAC Role Definition<p> - e.g. `/providers/Microsoft.Authorization/roleDefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`<li>`relativeScope` = 2 options can be provided for input value:<p> 1. `''` *(empty string)* = Make RBAC Role Assignment to Subscription scope<p> 2. `'/resourceGroups/<RESOURCE GROUP NAME>'` = Make RBAC Role Assignment to specified Resource Group.<p> |
| [`subscriptionAliasEnabled`](#parameter-subscriptionaliasenabled) | bool | Whether to create a new Subscription using the Subscription Alias resource. If `false`, supply an existing Subscription''s ID in the parameter named `existingSubscriptionId` instead to deploy resources to an existing Subscription. |
| [`subscriptionAliasName`](#parameter-subscriptionaliasname) | string | The name of the Subscription Alias, that will be created by this module.<p><p>The string must be comprised of `a-z`, `A-Z`, `0-9`, `-`, `_` and ` ` (space). The maximum length is 63 characters.<p><p>> **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.<p> |
| [`subscriptionBillingScope`](#parameter-subscriptionbillingscope) | string | The Billing Scope for the new Subscription alias, that will be created by this module.<p><p>A valid Billing Scope starts with `/providers/Microsoft.Billing/billingAccounts/` and is case sensitive.<p><p>> **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.<p> |
| [`subscriptionBillingScope`](#parameter-subscriptionbillingscope) | string | The Billing Scope for the new Subscription alias, that will be created by this module.<p><p>A valid Billing Scope looks like `/providers/Microsoft.Billing/billingAccounts/{billingAccountName}/enrollmentAccounts/{enrollmentAccountName}` and is case sensitive.<p><p>> **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.<p> |
| [`subscriptionDisplayName`](#parameter-subscriptiondisplayname) | string | The name of the subscription alias. The string must be comprised of a-z, A-Z, 0-9, - and _. The maximum length is 63 characters.<p><p>The string must be comprised of `a-z`, `A-Z`, `0-9`, `-`, `_` and ` ` (space). The maximum length is 63 characters.<p><p>> The value for this parameter and the parameter named `subscriptionAliasName` are usually set to the same value for simplicity. But they can be different if required for a reason.<p><p>> **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.<p> |
| [`subscriptionManagementGroupAssociationEnabled`](#parameter-subscriptionmanagementgroupassociationenabled) | bool | Whether to move the Subscription to the specified Management Group supplied in the parameter `subscriptionManagementGroupId`.<p> |
| [`subscriptionManagementGroupId`](#parameter-subscriptionmanagementgroupid) | string | The destination Management Group ID for the new Subscription that will be created by this module (or the existing one provided in the parameter `existingSubscriptionId`).<p><p>**IMPORTANT:** Do not supply the display name of the Management Group. The Management Group ID forms part of the Azure Resource ID. e.g., `/providers/Microsoft.Management/managementGroups/{managementGroupId}`.<p> |
Expand Down Expand Up @@ -983,7 +983,6 @@ An object of resource providers and resource providers features to register. If
'Microsoft.Sql': []
'Microsoft.Storage': []
'Microsoft.StreamAnalytics': []
'Microsoft.TimeSeriesInsights': []
'Microsoft.Web': []
}
```
Expand All @@ -1003,6 +1002,23 @@ Supply an array of objects containing the details of the role assignments to cre
- Required: No
- Type: array
- Default: `[]`
- Example:
```Bicep
[
{
// Contributor role assignment at subscription scope
principalId: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
definition: '/Contributor'
relativeScope: ''
}
{
// Owner role assignment at resource group scope
principalId: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
definition: '/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635'
relativeScope: '/resourceGroups/{resourceGroupName}'
}
]
```

**Required parameters**

Expand Down Expand Up @@ -1099,7 +1115,7 @@ The name of the Subscription Alias, that will be created by this module.<p><p>Th

### Parameter: `subscriptionBillingScope`

The Billing Scope for the new Subscription alias, that will be created by this module.<p><p>A valid Billing Scope starts with `/providers/Microsoft.Billing/billingAccounts/` and is case sensitive.<p><p>> **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.<p>
The Billing Scope for the new Subscription alias, that will be created by this module.<p><p>A valid Billing Scope looks like `/providers/Microsoft.Billing/billingAccounts/{billingAccountName}/enrollmentAccounts/{enrollmentAccountName}` and is case sensitive.<p><p>> **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.<p>

- Required: No
- Type: string
Expand Down
21 changes: 19 additions & 2 deletions avm/ptn/lz/sub-vending/main.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ param subscriptionAliasName string = ''

@description('''Optional. The Billing Scope for the new Subscription alias, that will be created by this module.
A valid Billing Scope starts with `/providers/Microsoft.Billing/billingAccounts/` and is case sensitive.
A valid Billing Scope looks like `/providers/Microsoft.Billing/billingAccounts/{billingAccountName}/enrollmentAccounts/{enrollmentAccountName}` and is case sensitive.
> **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.
''')
Expand Down Expand Up @@ -200,6 +200,24 @@ Each object must contain the following `keys`:
1. `''` *(empty string)* = Make RBAC Role Assignment to Subscription scope
2. `'/resourceGroups/<RESOURCE GROUP NAME>'` = Make RBAC Role Assignment to specified Resource Group.
''')
@metadata({
example: '''
[
{
// Contributor role assignment at subscription scope
principalId: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
definition: '/Contributor'
relativeScope: ''
}
{
// Owner role assignment at resource group scope
principalId: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
definition: '/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635'
relativeScope: '/resourceGroups/{resourceGroupName}'
}
]
'''
})
param roleAssignments roleAssignmentType = []

@description('Optional. Enable/Disable usage telemetry for module.')
Expand Down Expand Up @@ -297,7 +315,6 @@ param resourceProviders object = {
'Microsoft.Sql': []
'Microsoft.Storage': []
'Microsoft.StreamAnalytics': []
'Microsoft.TimeSeriesInsights': []
'Microsoft.Web': []
}

Expand Down
65 changes: 32 additions & 33 deletions avm/ptn/lz/sub-vending/main.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "423999171457325305"
"version": "0.31.34.60546",
"templateHash": "5769743851515501504"
},
"name": "Sub-vending",
"description": "This module deploys a subscription to accelerate deployment of landing zones. For more information on how to use it, please visit this [Wiki](https://github.com/Azure/bicep-lz-vending/wiki).",
Expand Down Expand Up @@ -257,7 +257,7 @@
"type": "string",
"defaultValue": "",
"metadata": {
"description": "Optional. The Billing Scope for the new Subscription alias, that will be created by this module.\n\nA valid Billing Scope starts with `/providers/Microsoft.Billing/billingAccounts/` and is case sensitive.\n\n> **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.\n"
"description": "Optional. The Billing Scope for the new Subscription alias, that will be created by this module.\n\nA valid Billing Scope looks like `/providers/Microsoft.Billing/billingAccounts/{billingAccountName}/enrollmentAccounts/{enrollmentAccountName}` and is case sensitive.\n\n> **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.\n"
}
},
"subscriptionWorkload": {
Expand Down Expand Up @@ -456,6 +456,7 @@
"$ref": "#/definitions/roleAssignmentType",
"defaultValue": [],
"metadata": {
"example": " [\n {\n // Contributor role assignment at subscription scope\n principalId: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'\n definition: '/Contributor'\n relativeScope: ''\n }\n {\n // Owner role assignment at resource group scope\n principalId: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'\n definition: '/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635'\n relativeScope: '/resourceGroups/{resourceGroupName}'\n }\n ]\n ",
"description": "Optional. Supply an array of objects containing the details of the role assignments to create.\n\nEach object must contain the following `keys`:\n- `principalId` = The Object ID of the User, Group, SPN, Managed Identity to assign the RBAC role too.\n- `definition` = The Name of one of the pre-defined built-In RBAC Roles or a Resource ID of a Built-in or custom RBAC Role Definition as follows:\n - You can only provide the RBAC role name of the pre-defined roles (Contributor, Owner, Reader, Role Based Access Control Administrator (Preview), and User Access Administrator). We only provide those roles as they are the most common ones to assign to a new subscription, also to reduce the template size and complexity in case we define each and every Built-in RBAC role.\n - You can provide the Resource ID of a Built-in or custom RBAC Role Definition\n - e.g. `/providers/Microsoft.Authorization/roleDefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`\n- `relativeScope` = 2 options can be provided for input value:\n 1. `''` *(empty string)* = Make RBAC Role Assignment to Subscription scope\n 2. `'/resourceGroups/<RESOURCE GROUP NAME>'` = Make RBAC Role Assignment to specified Resource Group.\n"
}
},
Expand Down Expand Up @@ -589,7 +590,6 @@
"Microsoft.Sql": [],
"Microsoft.Storage": [],
"Microsoft.StreamAnalytics": [],
"Microsoft.TimeSeriesInsights": [],
"Microsoft.Web": []
},
"metadata": {
Expand Down Expand Up @@ -670,8 +670,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "1611270751895734589"
"version": "0.31.34.60546",
"templateHash": "3457070988046201960"
}
},
"parameters": {
Expand Down Expand Up @@ -881,8 +881,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "6797720849193671192"
"version": "0.31.34.60546",
"templateHash": "15704136472131684900"
},
"name": "`/subResourcesWrapper/deploy.bicep` Parameters",
"description": "This module is used by the [`bicep-lz-vending`](https://aka.ms/sub-vending/bicep) module to help orchestrate the deployment",
Expand Down Expand Up @@ -1474,7 +1474,6 @@
"Microsoft.Sql": [],
"Microsoft.Storage": [],
"Microsoft.StreamAnalytics": [],
"Microsoft.TimeSeriesInsights": [],
"Microsoft.Web": []
},
"metadata": {
Expand Down Expand Up @@ -1589,8 +1588,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "15074465703139369012"
"version": "0.31.34.60546",
"templateHash": "17907165258968798055"
}
},
"parameters": {
Expand Down Expand Up @@ -1650,8 +1649,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "15410141635305926698"
"version": "0.31.34.60546",
"templateHash": "3960537387423914398"
}
},
"parameters": {
Expand Down Expand Up @@ -1710,8 +1709,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "5472979603320584709"
"version": "0.31.34.60546",
"templateHash": "4908789287090218941"
}
},
"parameters": {
Expand Down Expand Up @@ -1766,8 +1765,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "11343593259864722989"
"version": "0.31.34.60546",
"templateHash": "12493928637555451452"
}
},
"parameters": {
Expand Down Expand Up @@ -1844,8 +1843,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "13884963778440627255"
"version": "0.31.34.60546",
"templateHash": "12602325500495654095"
}
},
"parameters": {
Expand Down Expand Up @@ -1899,8 +1898,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "4428652978548820109"
"version": "0.31.34.60546",
"templateHash": "7409476431103411951"
}
},
"parameters": {
Expand Down Expand Up @@ -2479,8 +2478,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "15410141635305926698"
"version": "0.31.34.60546",
"templateHash": "3960537387423914398"
}
},
"parameters": {
Expand Down Expand Up @@ -2539,8 +2538,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "5472979603320584709"
"version": "0.31.34.60546",
"templateHash": "4908789287090218941"
}
},
"parameters": {
Expand Down Expand Up @@ -2595,8 +2594,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "11343593259864722989"
"version": "0.31.34.60546",
"templateHash": "12493928637555451452"
}
},
"parameters": {
Expand Down Expand Up @@ -2673,8 +2672,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "13884963778440627255"
"version": "0.31.34.60546",
"templateHash": "12602325500495654095"
}
},
"parameters": {
Expand Down Expand Up @@ -2728,8 +2727,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "4428652978548820109"
"version": "0.31.34.60546",
"templateHash": "7409476431103411951"
}
},
"parameters": {
Expand Down Expand Up @@ -4425,8 +4424,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "15250207882926040999"
"version": "0.31.34.60546",
"templateHash": "11117025288711367178"
}
},
"parameters": {
Expand Down
1 change: 0 additions & 1 deletion avm/ptn/lz/sub-vending/modules/subResourceWrapper.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,6 @@ param resourceProviders object = {
'Microsoft.Sql': []
'Microsoft.Storage': []
'Microsoft.StreamAnalytics': []
'Microsoft.TimeSeriesInsights': []
'Microsoft.Web': []
}

Expand Down
4 changes: 2 additions & 2 deletions avm/res/api-management/service/api-version-set/main.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "2492486199367242598"
"version": "0.31.34.60546",
"templateHash": "4169716301128870956"
},
"name": "API Management Service API Version Sets",
"description": "This module deploys an API Management Service API Version Set.",
Expand Down
4 changes: 2 additions & 2 deletions avm/res/api-management/service/api/diagnostics/main.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "2531959928497745895"
"version": "0.31.34.60546",
"templateHash": "5353729184860596208"
},
"name": "API Management Service APIs Diagnostics.",
"description": "This module deploys an API Management Service API Diagnostics.",
Expand Down
Loading

0 comments on commit e7a1a67

Please sign in to comment.