Bicep refactor (#470)

* deployment names + LAW sku

* bumping acr import

* deployment name limit

* better string trimming.

* descriptive managed id name

* bumping k8s version

* api version bumps

* linter warnings

* ContainerLogV2 parent

* adding v2configmap to gitignore

* requestRoutingRule priority

.gitignore

@@ -8,3 +8,4 @@ bicep/main.json
 helper/localsite.html
 helper/prodsite.html
 helper/build/**
+container-azm-ms-agentconfig.yaml

bicep/acragentpool.bicep

@@ -2,7 +2,7 @@ param location string = resourceGroup().location
 param acrName string
 param acrPoolSubnetId string = ''
 
-resource acr 'Microsoft.ContainerRegistry/registries@2021-06-01-preview' existing =  {
+resource acr 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' existing =  {
   name: acrName
 }
 

bicep/aksagentpool.bicep

@@ -59,8 +59,8 @@ resource userNodepool 'Microsoft.ContainerService/managedClusters/agentPools@202
     mode: 'User'
     vmSize: agentVMSize
     count: agentCount
-    minCount: autoScale ? agentCount : json('null')
-    maxCount: autoScale ? agentCountMax : json('null')
+    minCount: autoScale ? agentCount : null
+    maxCount: autoScale ? agentCountMax : null
     enableAutoScaling: autoScale
     availabilityZones: !empty(availabilityZones) ? availabilityZones : null
     osDiskType: osDiskType
@@ -69,7 +69,7 @@ resource userNodepool 'Microsoft.ContainerService/managedClusters/agentPools@202
     osType: osType
     maxPods: maxPods
     type: 'VirtualMachineScaleSets'
-    vnetSubnetID: !empty(subnetId) ? subnetId : json('null')
+    vnetSubnetID: !empty(subnetId) ? subnetId : null
     upgradeSettings: {
       maxSurge: '33%'
     }

bicep/aksnetcontrib.bicep

@@ -15,15 +15,15 @@ var networkContributorRole = subscriptionResourceId('Microsoft.Authorization/rol
 var existingAksSubnetName = !empty(byoAKSSubnetId) ? split(byoAKSSubnetId, '/')[10] : ''
 var existingAksVnetName = !empty(byoAKSSubnetId) ? split(byoAKSSubnetId, '/')[8] : ''
 
-resource existingvnet 'Microsoft.Network/virtualNetworks@2021-02-01' existing =  {
+resource existingvnet 'Microsoft.Network/virtualNetworks@2022-07-01' existing =  {
   name: existingAksVnetName
 }
-resource existingAksSubnet 'Microsoft.Network/virtualNetworks/subnets@2020-08-01' existing = {
+resource existingAksSubnet 'Microsoft.Network/virtualNetworks/subnets@2022-07-01' existing = {
   parent: existingvnet
   name: existingAksSubnetName
 }
 
-resource subnetRbac 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = if (rbacAssignmentScope == 'subnet') {
+resource subnetRbac 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (rbacAssignmentScope == 'subnet') {
   name:  guid(user_identity_principalId, networkContributorRole, existingAksSubnetName)
   scope: existingAksSubnet
   properties: {
@@ -33,7 +33,7 @@ resource subnetRbac 'Microsoft.Authorization/roleAssignments@2020-04-01-preview'
   }
 }
 
-resource existingVnetRbac 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = if (rbacAssignmentScope != 'subnet') {
+resource existingVnetRbac 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (rbacAssignmentScope != 'subnet') {
   name:  guid(user_identity_principalId, networkContributorRole, existingAksVnetName)
   scope: existingvnet
   properties: {

bicep/appgw.bicep

@@ -25,7 +25,7 @@ resource appgwpip 'Microsoft.Network/publicIPAddresses@2020-07-01' = {
 var frontendPublicIpConfig = {
   properties: {
     publicIPAddress: {
-      id: '${appgwpip.id}'
+      id: appgwpip.id
     }
   }
   name: 'appGatewayFrontendIP'

bicep/bicepconfig.json

@@ -1,9 +1,13 @@
+
 {
     "analyzers": {
       "core": {
         "enabled": true,
         "verbose": false,
         "rules": {
+            "use-recent-api-versions" : {
+                "level": "warning"
+            },
             "no-hardcoded-location" : {
                 "level": "error"
             },

bicep/dnsZone.bicep

@@ -12,7 +12,7 @@ resource privateDns 'Microsoft.Network/privateDnsZones@2020-06-01' existing = if
 }
 
 var DNSZoneContributor = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')
-resource dnsContributor 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = if (!isPrivate) {
+resource dnsContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (!isPrivate) {
   scope: dns
   name: guid(dns.id, principalId, DNSZoneContributor)
   properties: {
@@ -23,7 +23,7 @@ resource dnsContributor 'Microsoft.Authorization/roleAssignments@2020-04-01-prev
 }
 
 var PrivateDNSZoneContributor = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')
-resource privateDnsContributor 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = if (isPrivate) {
+resource privateDnsContributor 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (isPrivate) {
   scope: privateDns
   name: guid(privateDns.id, principalId, PrivateDNSZoneContributor)
   properties: {

bicep/dnsZoneRbac.bicep

@@ -15,7 +15,7 @@ var dnsZoneName = !empty(dnsZoneId) ? split(dnsZoneId, '/')[8] : ''
 var isDnsZonePrivate = !empty(dnsZoneId) ? split(dnsZoneId, '/')[7] == 'privateDnsZones' : false
 
 module dnsZone './dnsZone.bicep' = if (!empty(dnsZoneId)) {
-  name: 'dns-${dnsZoneName}'
+  name: take('${deployment().name}-dns-${dnsZoneName}',64)
   scope: resourceGroup(dnsZoneRg)
   params: {
     dnsZoneName: dnsZoneName

bicep/firewall.bicep

@@ -25,7 +25,7 @@ var managementIpConfig = {
   }
 }
 
-resource fw_pip 'Microsoft.Network/publicIPAddresses@2021-03-01' = {
+resource fw_pip 'Microsoft.Network/publicIPAddresses@2022-07-01' = {
   name: firewallPublicIpName
   location: location
   sku: {
@@ -38,7 +38,7 @@ resource fw_pip 'Microsoft.Network/publicIPAddresses@2021-03-01' = {
   }
 }
 
-resource fwManagementIp_pip 'Microsoft.Network/publicIPAddresses@2021-03-01' = if(fwSku=='Basic') {
+resource fwManagementIp_pip 'Microsoft.Network/publicIPAddresses@2022-07-01' = if(fwSku=='Basic') {
   name: firewallManagementPublicIpName
   location: location
   sku: {

bicep/keyvault.bicep

@@ -21,14 +21,13 @@ param keyVaultIPAllowlist array = []
 
 param logAnalyticsWorkspaceId string = ''
 
-var akvRawName = 'kv-${replace(resourceName, '-', '')}${uniqueString(resourceGroup().id, resourceName)}'
-var akvName = length(akvRawName) > 24 ? substring(akvRawName, 0, 24) : akvRawName
+var akvName = take('kv-${replace(resourceName, '-', '')}${uniqueString(resourceGroup().id, resourceName)}',24)
 
 var kvIPRules = [for kvIp in keyVaultIPAllowlist: {
   value: kvIp
 }]
 
-resource kv 'Microsoft.KeyVault/vaults@2021-11-01-preview' = {
+resource kv 'Microsoft.KeyVault/vaults@2022-07-01' = {
   name: akvName
   location: location
   properties: {
@@ -52,7 +51,7 @@ resource kv 'Microsoft.KeyVault/vaults@2021-11-01-preview' = {
     enabledForDiskEncryption: false
     enabledForTemplateDeployment: false
     enableSoftDelete: keyVaultSoftDelete
-    enablePurgeProtection: keyVaultPurgeProtection ? true : json('null')
+    enablePurgeProtection: keyVaultPurgeProtection ? true : null
   }
 }
 

bicep/keyvaultkey.bicep

@@ -1,10 +1,10 @@
 param keyVaultName string
 
-resource kv 'Microsoft.KeyVault/vaults@2021-11-01-preview' existing = {
+resource kv 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
   name: keyVaultName
 }
 
-resource kvKmsKey 'Microsoft.KeyVault/vaults/keys@2021-11-01-preview' = {
+resource kvKmsKey 'Microsoft.KeyVault/vaults/keys@2022-07-01' = {
   name: 'kmskey'
   parent: kv
   properties: {

bicep/keyvaultrbac.bicep

@@ -48,7 +48,7 @@ var keyVaultCryptoUserRole = subscriptionResourceId('Microsoft.Authorization/rol
 var keyVaultCryptoOfficerRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '14b46e9e-c2b7-41b4-b07b-48a6ebf60603')
 var keyVaultCryptoServiceEncrpytionRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions','e147488a-f6f5-4113-8e2d-b22465e65bf6')
 
-resource kv 'Microsoft.KeyVault/vaults@2021-11-01-preview' existing = {
+resource kv 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
   name: keyVaultName
 }