diff --git a/modules/network/service-endpoint-policy/.test/common/main.test.bicep b/modules/network/service-endpoint-policy/.test/common/main.test.bicep
index a558092313..ef6675cda3 100644
--- a/modules/network/service-endpoint-policy/.test/common/main.test.bicep
+++ b/modules/network/service-endpoint-policy/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/network/service-endpoint-policy/.test/min/main.test.bicep b/modules/network/service-endpoint-policy/.test/min/main.test.bicep
index 24e0f500a5..7ac8d7747a 100644
--- a/modules/network/service-endpoint-policy/.test/min/main.test.bicep
+++ b/modules/network/service-endpoint-policy/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/network/service-endpoint-policy/README.md b/modules/network/service-endpoint-policy/README.md
index 38a9157321..fa986762e6 100644
--- a/modules/network/service-endpoint-policy/README.md
+++ b/modules/network/service-endpoint-policy/README.md
@@ -5,10 +5,10 @@ This module deploys a Service Endpoint Policy.
## Navigation
- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
## Resource Types
@@ -18,56 +18,29 @@ This module deploys a Service Endpoint Policy.
| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
| `Microsoft.Network/serviceEndpointPolicies` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/serviceEndpointPolicies) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The Service Endpoint Policy name. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `contextualServiceEndpointPolicies` | array | `[]` | | An Array of contextual service endpoint policy. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[resourceGroup().location]` | | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `serviceAlias` | string | `''` | | The alias indicating if the policy belongs to a service. |
-| `serviceEndpointPolicyDefinitions` | array | `[]` | | An Array of service endpoint policy definitions. |
-| `tags` | object | `{object}` | | Tags of the resource. |
-
+## Usage examples
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the Service Endpoint Policy. |
-| `resourceGroupName` | string | The resource group the Service Endpoint Policy was deployed into. |
-| `resourceId` | string | The resource ID of the Service Endpoint Policy. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-## Cross-referenced modules
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-_None_
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.service-endpoint-policy:1.0.0`.
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
-Example 1: Common
via Bicep module
```bicep
-module serviceEndpointPolicy './network/service-endpoint-policy/main.bicep' = {
+module serviceEndpointPolicy 'br:bicep/modules/network.service-endpoint-policy:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-nsnpcom'
params: {
// Required parameters
@@ -169,14 +142,17 @@ module serviceEndpointPolicy './network/service-endpoint-policy/main.bicep' = {
-
Example 2: Min
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module serviceEndpointPolicy './network/service-endpoint-policy/main.bicep' = {
+module serviceEndpointPolicy 'br:bicep/modules/network.service-endpoint-policy:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-nsnpmin'
params: {
// Required parameters
@@ -213,3 +189,102 @@ module serviceEndpointPolicy './network/service-endpoint-policy/main.bicep' = {
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The Service Endpoint Policy name. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`contextualServiceEndpointPolicies`](#parameter-contextualserviceendpointpolicies) | array | An Array of contextual service endpoint policy. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`serviceAlias`](#parameter-servicealias) | string | The alias indicating if the policy belongs to a service. |
+| [`serviceEndpointPolicyDefinitions`](#parameter-serviceendpointpolicydefinitions) | array | An Array of service endpoint policy definitions. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+
+### Parameter: `contextualServiceEndpointPolicies`
+
+An Array of contextual service endpoint policy.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+The Service Endpoint Policy name.
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `serviceAlias`
+
+The alias indicating if the policy belongs to a service.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `serviceEndpointPolicyDefinitions`
+
+An Array of service endpoint policy definitions.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the Service Endpoint Policy. |
+| `resourceGroupName` | string | The resource group the Service Endpoint Policy was deployed into. |
+| `resourceId` | string | The resource ID of the Service Endpoint Policy. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/network/service-endpoint-policy/main.json b/modules/network/service-endpoint-policy/main.json
index 46c01805d0..da6271e05c 100644
--- a/modules/network/service-endpoint-policy/main.json
+++ b/modules/network/service-endpoint-policy/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "7581628455026938381"
+ "version": "0.22.6.54827",
+ "templateHash": "702238259297546605"
},
"name": "Service Endpoint Policies",
"description": "This module deploys a Service Endpoint Policy.",
@@ -155,8 +155,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "15055971962075100955"
+ "version": "0.22.6.54827",
+ "templateHash": "1377119003389114371"
}
},
"parameters": {
diff --git a/modules/network/trafficmanagerprofile/.test/common/main.test.bicep b/modules/network/trafficmanagerprofile/.test/common/main.test.bicep
index 7111fdb6dd..14ba90e0c3 100644
--- a/modules/network/trafficmanagerprofile/.test/common/main.test.bicep
+++ b/modules/network/trafficmanagerprofile/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/network/trafficmanagerprofile/.test/min/main.test.bicep b/modules/network/trafficmanagerprofile/.test/min/main.test.bicep
index d34573ba6c..b0100513d4 100644
--- a/modules/network/trafficmanagerprofile/.test/min/main.test.bicep
+++ b/modules/network/trafficmanagerprofile/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/network/trafficmanagerprofile/README.md b/modules/network/trafficmanagerprofile/README.md
index d9db9a5dbe..0abbad2564 100644
--- a/modules/network/trafficmanagerprofile/README.md
+++ b/modules/network/trafficmanagerprofile/README.md
@@ -4,14 +4,14 @@ This module deploys a Traffic Manager Profile.
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
- [Notes](#Notes)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
@@ -20,66 +20,29 @@ This module deploys a Traffic Manager Profile.
| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
| `Microsoft.Network/trafficmanagerprofiles` | [2018-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2018-08-01/trafficmanagerprofiles) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Name of the Traffic Manager. |
-| `relativeName` | string | The relative DNS name provided by this Traffic Manager profile. This value is combined with the DNS domain name used by Azure Traffic Manager to form the fully-qualified domain name (FQDN) of the profile. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, ProbeHealthStatusEvents]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. |
-| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". |
-| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. |
-| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `endpoints` | array | `[]` | | The list of endpoints in the Traffic Manager profile. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `maxReturn` | int | `1` | | Maximum number of endpoints to be returned for MultiValue routing type. |
-| `monitorConfig` | object | `{object}` | | The endpoint monitoring settings of the Traffic Manager profile. |
-| `profileStatus` | string | `'Enabled'` | `[Disabled, Enabled]` | The status of the Traffic Manager profile. |
-| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `tags` | object | `{object}` | | Resource tags. |
-| `trafficRoutingMethod` | string | `'Performance'` | `[Geographic, MultiValue, Performance, Priority, Subnet, Weighted]` | The traffic routing method of the Traffic Manager profile. |
-| `trafficViewEnrollmentStatus` | string | `'Disabled'` | `[Disabled, Enabled]` | Indicates whether Traffic View is 'Enabled' or 'Disabled' for the Traffic Manager profile. Null, indicates 'Disabled'. Enabling this feature will increase the cost of the Traffic Manage profile. |
-| `ttl` | int | `60` | | The DNS Time-To-Live (TTL), in seconds. This informs the local DNS resolvers and DNS clients how long to cache DNS responses provided by this Traffic Manager profile. |
-
-
-## Outputs
+## Usage examples
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the traffic manager was deployed into. |
-| `resourceGroupName` | string | The resource group the traffic manager was deployed into. |
-| `resourceId` | string | The resource ID of the traffic manager. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-## Cross-referenced modules
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-_None_
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.trafficmanagerprofile:1.0.0`.
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
-Example 1: Common
via Bicep module
```bicep
-module trafficmanagerprofile './network/trafficmanagerprofile/main.bicep' = {
+module trafficmanagerprofile 'br:bicep/modules/network.trafficmanagerprofile:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-ntmpcom'
params: {
// Required parameters
@@ -173,14 +136,17 @@ module trafficmanagerprofile './network/trafficmanagerprofile/main.bicep' = {
-
Example 2: Min
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module trafficmanagerprofile './network/trafficmanagerprofile/main.bicep' = {
+module trafficmanagerprofile 'br:bicep/modules/network.trafficmanagerprofile:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-ntmpmin'
params: {
// Required parameters
@@ -223,6 +189,195 @@ module trafficmanagerprofile './network/trafficmanagerprofile/main.bicep' = {
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the Traffic Manager. |
+| [`relativeName`](#parameter-relativename) | string | The relative DNS name provided by this Traffic Manager profile. This value is combined with the DNS domain name used by Azure Traffic Manager to form the fully-qualified domain name (FQDN) of the profile. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`endpoints`](#parameter-endpoints) | array | The list of endpoints in the Traffic Manager profile. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`maxReturn`](#parameter-maxreturn) | int | Maximum number of endpoints to be returned for MultiValue routing type. |
+| [`monitorConfig`](#parameter-monitorconfig) | object | The endpoint monitoring settings of the Traffic Manager profile. |
+| [`profileStatus`](#parameter-profilestatus) | string | The status of the Traffic Manager profile. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`tags`](#parameter-tags) | object | Resource tags. |
+| [`trafficRoutingMethod`](#parameter-trafficroutingmethod) | string | The traffic routing method of the Traffic Manager profile. |
+| [`trafficViewEnrollmentStatus`](#parameter-trafficviewenrollmentstatus) | string | Indicates whether Traffic View is 'Enabled' or 'Disabled' for the Traffic Manager profile. Null, indicates 'Disabled'. Enabling this feature will increase the cost of the Traffic Manage profile. |
+| [`ttl`](#parameter-ttl) | int | The DNS Time-To-Live (TTL), in seconds. This informs the local DNS resolvers and DNS clients how long to cache DNS responses provided by this Traffic Manager profile. |
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', allLogs, ProbeHealthStatusEvents]`
+
+### Parameter: `diagnosticMetricsToEnable`
+
+The name of metrics that will be streamed.
+- Required: No
+- Type: array
+- Default: `[AllMetrics]`
+- Allowed: `[AllMetrics]`
+
+### Parameter: `diagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `endpoints`
+
+The list of endpoints in the Traffic Manager profile.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `maxReturn`
+
+Maximum number of endpoints to be returned for MultiValue routing type.
+- Required: No
+- Type: int
+- Default: `1`
+
+### Parameter: `monitorConfig`
+
+The endpoint monitoring settings of the Traffic Manager profile.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `name`
+
+Name of the Traffic Manager.
+- Required: Yes
+- Type: string
+
+### Parameter: `profileStatus`
+
+The status of the Traffic Manager profile.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `relativeName`
+
+The relative DNS name provided by this Traffic Manager profile. This value is combined with the DNS domain name used by Azure Traffic Manager to form the fully-qualified domain name (FQDN) of the profile.
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+Resource tags.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `trafficRoutingMethod`
+
+The traffic routing method of the Traffic Manager profile.
+- Required: No
+- Type: string
+- Default: `'Performance'`
+- Allowed: `[Geographic, MultiValue, Performance, Priority, Subnet, Weighted]`
+
+### Parameter: `trafficViewEnrollmentStatus`
+
+Indicates whether Traffic View is 'Enabled' or 'Disabled' for the Traffic Manager profile. Null, indicates 'Disabled'. Enabling this feature will increase the cost of the Traffic Manage profile.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `ttl`
+
+The DNS Time-To-Live (TTL), in seconds. This informs the local DNS resolvers and DNS clients how long to cache DNS responses provided by this Traffic Manager profile.
+- Required: No
+- Type: int
+- Default: `60`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the traffic manager was deployed into. |
+| `resourceGroupName` | string | The resource group the traffic manager was deployed into. |
+| `resourceId` | string | The resource ID of the traffic manager. |
+
+## Cross-referenced modules
+
+_None_
+
## Notes
### Parameter Usage: `monitorConfig`
diff --git a/modules/network/trafficmanagerprofile/main.json b/modules/network/trafficmanagerprofile/main.json
index 742c68c8e9..2d333fa853 100644
--- a/modules/network/trafficmanagerprofile/main.json
+++ b/modules/network/trafficmanagerprofile/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "10487954711345174328"
+ "version": "0.22.6.54827",
+ "templateHash": "10820097547945525322"
},
"name": "Traffic Manager Profiles",
"description": "This module deploys a Traffic Manager Profile.",
@@ -311,8 +311,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "8641211741680217957"
+ "version": "0.22.6.54827",
+ "templateHash": "5157762725404408248"
}
},
"parameters": {
diff --git a/modules/network/virtual-hub/.test/common/main.test.bicep b/modules/network/virtual-hub/.test/common/main.test.bicep
index b4901c097a..f6186c40cf 100644
--- a/modules/network/virtual-hub/.test/common/main.test.bicep
+++ b/modules/network/virtual-hub/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/network/virtual-hub/.test/min/main.test.bicep b/modules/network/virtual-hub/.test/min/main.test.bicep
index b198a5b312..56a53cb235 100644
--- a/modules/network/virtual-hub/.test/min/main.test.bicep
+++ b/modules/network/virtual-hub/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/network/virtual-hub/README.md b/modules/network/virtual-hub/README.md
index d40c79d5e8..7b1d4075fc 100644
--- a/modules/network/virtual-hub/README.md
+++ b/modules/network/virtual-hub/README.md
@@ -6,10 +6,10 @@ If you are planning to deploy a Secure Virtual Hub (with an Azure Firewall integ
## Navigation
- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
## Resource Types
@@ -20,68 +20,29 @@ If you are planning to deploy a Secure Virtual Hub (with an Azure Firewall integ
| `Microsoft.Network/virtualHubs/hubRouteTables` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2022-11-01/virtualHubs/hubRouteTables) |
| `Microsoft.Network/virtualHubs/hubVirtualNetworkConnections` | [2022-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2022-11-01/virtualHubs/hubVirtualNetworkConnections) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `addressPrefix` | string | Address-prefix for this VirtualHub. |
-| `name` | string | The virtual hub name. |
-| `virtualWanId` | string | Resource ID of the virtual WAN to link to. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `allowBranchToBranchTraffic` | bool | `True` | | Flag to control transit for VirtualRouter hub. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `expressRouteGatewayId` | string | `''` | | Resource ID of the Express Route Gateway to link to. |
-| `hubRouteTables` | array | `[]` | | Route tables to create for the virtual hub. |
-| `hubVirtualNetworkConnections` | array | `[]` | | Virtual network connections to create for the virtual hub. |
-| `location` | string | `[resourceGroup().location]` | | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `p2SVpnGatewayId` | string | `''` | | Resource ID of the Point-to-Site VPN Gateway to link to. |
-| `preferredRoutingGateway` | string | `''` | `['', ExpressRoute, None, VpnGateway]` | The preferred routing gateway types. |
-| `routeTableRoutes` | array | `[]` | | VirtualHub route tables. |
-| `securityPartnerProviderId` | string | `''` | | ID of the Security Partner Provider to link to. |
-| `securityProviderName` | string | `''` | | The Security Provider name. |
-| `sku` | string | `'Standard'` | `[Basic, Standard]` | The sku of this VirtualHub. |
-| `tags` | object | `{object}` | | Tags of the resource. |
-| `virtualHubRouteTableV2s` | array | `[]` | | List of all virtual hub route table v2s associated with this VirtualHub. |
-| `virtualRouterAsn` | int | `-1` | | VirtualRouter ASN. |
-| `virtualRouterIps` | array | `[]` | | VirtualRouter IPs. |
-| `vpnGatewayId` | string | `''` | | Resource ID of the VPN Gateway to link to. |
-
+## Usage examples
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the virtual hub. |
-| `resourceGroupName` | string | The resource group the virtual hub was deployed into. |
-| `resourceId` | string | The resource ID of the virtual hub. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-## Cross-referenced modules
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-_None_
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.virtual-hub:1.0.0`.
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
-Example 1: Common
via Bicep module
```bicep
-module virtualHub './network/virtual-hub/main.bicep' = {
+module virtualHub 'br:bicep/modules/network.virtual-hub:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-nvhcom'
params: {
// Required parameters
@@ -199,14 +160,17 @@ module virtualHub './network/virtual-hub/main.bicep' = {
-
Example 2: Min
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module virtualHub './network/virtual-hub/main.bicep' = {
+module virtualHub 'br:bicep/modules/network.virtual-hub:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-nvhmin'
params: {
// Required parameters
@@ -251,3 +215,198 @@ module virtualHub './network/virtual-hub/main.bicep' = {
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`addressPrefix`](#parameter-addressprefix) | string | Address-prefix for this VirtualHub. |
+| [`name`](#parameter-name) | string | The virtual hub name. |
+| [`virtualWanId`](#parameter-virtualwanid) | string | Resource ID of the virtual WAN to link to. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`allowBranchToBranchTraffic`](#parameter-allowbranchtobranchtraffic) | bool | Flag to control transit for VirtualRouter hub. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`expressRouteGatewayId`](#parameter-expressroutegatewayid) | string | Resource ID of the Express Route Gateway to link to. |
+| [`hubRouteTables`](#parameter-hubroutetables) | array | Route tables to create for the virtual hub. |
+| [`hubVirtualNetworkConnections`](#parameter-hubvirtualnetworkconnections) | array | Virtual network connections to create for the virtual hub. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`p2SVpnGatewayId`](#parameter-p2svpngatewayid) | string | Resource ID of the Point-to-Site VPN Gateway to link to. |
+| [`preferredRoutingGateway`](#parameter-preferredroutinggateway) | string | The preferred routing gateway types. |
+| [`routeTableRoutes`](#parameter-routetableroutes) | array | VirtualHub route tables. |
+| [`securityPartnerProviderId`](#parameter-securitypartnerproviderid) | string | ID of the Security Partner Provider to link to. |
+| [`securityProviderName`](#parameter-securityprovidername) | string | The Security Provider name. |
+| [`sku`](#parameter-sku) | string | The sku of this VirtualHub. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`virtualHubRouteTableV2s`](#parameter-virtualhubroutetablev2s) | array | List of all virtual hub route table v2s associated with this VirtualHub. |
+| [`virtualRouterAsn`](#parameter-virtualrouterasn) | int | VirtualRouter ASN. |
+| [`virtualRouterIps`](#parameter-virtualrouterips) | array | VirtualRouter IPs. |
+| [`vpnGatewayId`](#parameter-vpngatewayid) | string | Resource ID of the VPN Gateway to link to. |
+
+### Parameter: `addressPrefix`
+
+Address-prefix for this VirtualHub.
+- Required: Yes
+- Type: string
+
+### Parameter: `allowBranchToBranchTraffic`
+
+Flag to control transit for VirtualRouter hub.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `expressRouteGatewayId`
+
+Resource ID of the Express Route Gateway to link to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `hubRouteTables`
+
+Route tables to create for the virtual hub.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `hubVirtualNetworkConnections`
+
+Virtual network connections to create for the virtual hub.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+The virtual hub name.
+- Required: Yes
+- Type: string
+
+### Parameter: `p2SVpnGatewayId`
+
+Resource ID of the Point-to-Site VPN Gateway to link to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `preferredRoutingGateway`
+
+The preferred routing gateway types.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', ExpressRoute, None, VpnGateway]`
+
+### Parameter: `routeTableRoutes`
+
+VirtualHub route tables.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `securityPartnerProviderId`
+
+ID of the Security Partner Provider to link to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `securityProviderName`
+
+The Security Provider name.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `sku`
+
+The sku of this VirtualHub.
+- Required: No
+- Type: string
+- Default: `'Standard'`
+- Allowed: `[Basic, Standard]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `virtualHubRouteTableV2s`
+
+List of all virtual hub route table v2s associated with this VirtualHub.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `virtualRouterAsn`
+
+VirtualRouter ASN.
+- Required: No
+- Type: int
+- Default: `-1`
+
+### Parameter: `virtualRouterIps`
+
+VirtualRouter IPs.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `virtualWanId`
+
+Resource ID of the virtual WAN to link to.
+- Required: Yes
+- Type: string
+
+### Parameter: `vpnGatewayId`
+
+Resource ID of the VPN Gateway to link to.
+- Required: No
+- Type: string
+- Default: `''`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the virtual hub. |
+| `resourceGroupName` | string | The resource group the virtual hub was deployed into. |
+| `resourceId` | string | The resource ID of the virtual hub. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/network/virtual-hub/hub-route-table/README.md b/modules/network/virtual-hub/hub-route-table/README.md
index dd27e32016..37e065b3e2 100644
--- a/modules/network/virtual-hub/hub-route-table/README.md
+++ b/modules/network/virtual-hub/hub-route-table/README.md
@@ -19,28 +19,61 @@ This module deploys a Virtual Hub Route Table.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | The route table name. |
+| [`name`](#parameter-name) | string | The route table name. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `virtualHubName` | string | The name of the parent virtual hub. Required if the template is used in a standalone deployment. |
+| [`virtualHubName`](#parameter-virtualhubname) | string | The name of the parent virtual hub. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `labels` | array | `[]` | List of labels associated with this route table. |
-| `routes` | array | `[]` | List of all routes. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`labels`](#parameter-labels) | array | List of labels associated with this route table. |
+| [`routes`](#parameter-routes) | array | List of all routes. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `labels`
+
+List of labels associated with this route table.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `name`
+
+The route table name.
+- Required: Yes
+- Type: string
+
+### Parameter: `routes`
+
+List of all routes.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `virtualHubName`
+
+The name of the parent virtual hub. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the deployed virtual hub route table. |
| `resourceGroupName` | string | The resource group the virtual hub route table was deployed into. |
diff --git a/modules/network/virtual-hub/hub-route-table/main.json b/modules/network/virtual-hub/hub-route-table/main.json
index 895c3a3a4f..801ad71e30 100644
--- a/modules/network/virtual-hub/hub-route-table/main.json
+++ b/modules/network/virtual-hub/hub-route-table/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "14518513912380539716"
+ "version": "0.22.6.54827",
+ "templateHash": "16158603795616593379"
},
"name": "Virtual Hub Route Tables",
"description": "This module deploys a Virtual Hub Route Table.",
diff --git a/modules/network/virtual-hub/hub-virtual-network-connection/README.md b/modules/network/virtual-hub/hub-virtual-network-connection/README.md
index bd663aeb43..91988c38ee 100644
--- a/modules/network/virtual-hub/hub-virtual-network-connection/README.md
+++ b/modules/network/virtual-hub/hub-virtual-network-connection/README.md
@@ -19,29 +19,68 @@ This module deploys a Virtual Hub Virtual Network Connection.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | The connection name. |
-| `remoteVirtualNetworkId` | string | Resource ID of the virtual network to link to. |
+| [`name`](#parameter-name) | string | The connection name. |
+| [`remoteVirtualNetworkId`](#parameter-remotevirtualnetworkid) | string | Resource ID of the virtual network to link to. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `virtualHubName` | string | The name of the parent virtual hub. Required if the template is used in a standalone deployment. |
+| [`virtualHubName`](#parameter-virtualhubname) | string | The name of the parent virtual hub. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `enableInternetSecurity` | bool | `True` | Enable internet security. |
-| `routingConfiguration` | object | `{object}` | Routing Configuration indicating the associated and propagated route tables for this connection. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`enableInternetSecurity`](#parameter-enableinternetsecurity) | bool | Enable internet security. |
+| [`routingConfiguration`](#parameter-routingconfiguration) | object | Routing Configuration indicating the associated and propagated route tables for this connection. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableInternetSecurity`
+
+Enable internet security.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `name`
+
+The connection name.
+- Required: Yes
+- Type: string
+
+### Parameter: `remoteVirtualNetworkId`
+
+Resource ID of the virtual network to link to.
+- Required: Yes
+- Type: string
+
+### Parameter: `routingConfiguration`
+
+Routing Configuration indicating the associated and propagated route tables for this connection.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `virtualHubName`
+
+The name of the parent virtual hub. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the virtual hub connection. |
| `resourceGroupName` | string | The resource group the virtual hub connection was deployed into. |
diff --git a/modules/network/virtual-hub/hub-virtual-network-connection/main.json b/modules/network/virtual-hub/hub-virtual-network-connection/main.json
index 3fe3471be2..c514e9baaa 100644
--- a/modules/network/virtual-hub/hub-virtual-network-connection/main.json
+++ b/modules/network/virtual-hub/hub-virtual-network-connection/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "5767473063979797254"
+ "version": "0.22.6.54827",
+ "templateHash": "16334618854228578572"
},
"name": "Virtual Hub Virtual Network Connections",
"description": "This module deploys a Virtual Hub Virtual Network Connection.",
diff --git a/modules/network/virtual-hub/main.json b/modules/network/virtual-hub/main.json
index 2b0279e698..5e0c591d00 100644
--- a/modules/network/virtual-hub/main.json
+++ b/modules/network/virtual-hub/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "4151058169679427361"
+ "version": "0.22.6.54827",
+ "templateHash": "6969570927166088400"
},
"name": "Virtual Hubs",
"description": "This module deploys a Virtual Hub.\r\nIf you are planning to deploy a Secure Virtual Hub (with an Azure Firewall integrated), please refer to the Azure Firewall module.",
@@ -261,8 +261,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "7824851023582113714"
+ "version": "0.22.6.54827",
+ "templateHash": "16158603795616593379"
},
"name": "Virtual Hub Route Tables",
"description": "This module deploys a Virtual Hub Route Table.",
@@ -392,8 +392,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "9197169920166780501"
+ "version": "0.22.6.54827",
+ "templateHash": "16334618854228578572"
},
"name": "Virtual Hub Virtual Network Connections",
"description": "This module deploys a Virtual Hub Virtual Network Connection.",
diff --git a/modules/network/virtual-network-gateway/README.md b/modules/network/virtual-network-gateway/README.md
index 31e33bd461..616a53107d 100644
--- a/modules/network/virtual-network-gateway/README.md
+++ b/modules/network/virtual-network-gateway/README.md
@@ -4,13 +4,13 @@ This module deploys a Virtual Network Gateway.
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
@@ -21,92 +21,27 @@ This module deploys a Virtual Network Gateway.
| `Microsoft.Network/virtualNetworkGateways` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/virtualNetworkGateways) |
| `Microsoft.Network/virtualNetworkGateways/natRules` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/virtualNetworkGateways/natRules) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `gatewayType` | string | `[ExpressRoute, Vpn]` | Specifies the gateway type. E.g. VPN, ExpressRoute. |
-| `name` | string | | Specifies the Virtual Network Gateway name. |
-| `skuName` | string | `[Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ, VpnGw4, VpnGw4AZ, VpnGw5, VpnGw5AZ]` | The SKU of the Gateway. |
-| `vNetResourceId` | string | | Virtual Network resource ID. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `activeActive` | bool | `True` | | Value to specify if the Gateway should be deployed in active-active or active-passive configuration. |
-| `activeGatewayPipName` | string | `[format('{0}-pip2', parameters('name'))]` | | Specifies the name of the Public IP used by the Virtual Network Gateway when active-active configuration is required. If it's not provided, a '-pip' suffix will be appended to the gateway's name. |
-| `allowRemoteVnetTraffic` | bool | `False` | | Configure this gateway to accept traffic from other Azure Virtual Networks. This configuration does not support connectivity to Azure Virtual WAN. |
-| `allowVirtualWanTraffic` | bool | `False` | | Configures this gateway to accept traffic from remote Virtual WAN networks. |
-| `asn` | int | `65815` | | ASN value. |
-| `clientRevokedCertThumbprint` | string | `''` | | Thumbprint of the revoked certificate. This would revoke VPN client certificates matching this thumbprint from connecting to the VNet. |
-| `clientRootCertData` | string | `''` | | Client root certificate data used to authenticate VPN clients. Cannot be configured if vpnClientAadConfiguration is provided. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. |
-| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". |
-| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. |
-| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. |
-| `disableIPSecReplayProtection` | bool | `False` | | disableIPSecReplayProtection flag. Used for VPN Gateways. |
-| `domainNameLabel` | array | `[]` | | DNS name(s) of the Public IP resource(s). If you enabled active-active configuration, you need to provide 2 DNS names, if you want to use this feature. A region specific suffix will be appended to it, e.g.: your-DNS-name.westeurope.cloudapp.azure.com. |
-| `enableBgp` | bool | `True` | | Value to specify if BGP is enabled or not. |
-| `enableBgpRouteTranslationForNat` | bool | `False` | | EnableBgpRouteTranslationForNat flag. Can only be used when "natRules" are enabled on the Virtual Network Gateway. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `enableDnsForwarding` | bool | `False` | | Whether DNS forwarding is enabled or not and is only supported for Express Route Gateways. The DNS forwarding feature flag must be enabled on the current subscription. |
-| `enablePrivateIpAddress` | bool | `False` | | Whether private IP needs to be enabled on this gateway for connections or not. Used for configuring a Site-to-Site VPN connection over ExpressRoute private peering. |
-| `gatewayDefaultSiteLocalNetworkGatewayId` | string | `''` | | The reference to the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting. |
-| `gatewayPipName` | string | `[format('{0}-pip1', parameters('name'))]` | | Specifies the name of the Public IP used by the Virtual Network Gateway. If it's not provided, a '-pip' suffix will be appended to the gateway's name. |
-| `location` | string | `[resourceGroup().location]` | | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `natRules` | array | `[]` | | NatRules for virtual network gateway. NAT is supported on the the following SKUs: VpnGw2~5, VpnGw2AZ~5AZ and is supported for IPsec/IKE cross-premises connections only. |
-| `publicIpdiagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `publicIpDiagnosticSettingsName` | string | `''` | | The name of the public IP diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". |
-| `publicIPPrefixResourceId` | string | `''` | | Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix. |
-| `publicIpZones` | array | `[]` | | Specifies the zones of the Public IP address. Basic IP SKU does not support Availability Zones. |
-| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `tags` | object | `{object}` | | Tags of the resource. |
-| `virtualNetworkGatewaydiagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, GatewayDiagnosticLog, IKEDiagnosticLog, P2SDiagnosticLog, RouteDiagnosticLog, TunnelDiagnosticLog]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `vpnClientAadConfiguration` | object | `{object}` | | Configuration for AAD Authentication for P2S Tunnel Type, Cannot be configured if clientRootCertData is provided. |
-| `vpnClientAddressPoolPrefix` | string | `''` | | The IP address range from which VPN clients will receive an IP address when connected. Range specified must not overlap with on-premise network. |
-| `vpnGatewayGeneration` | string | `'None'` | `[Generation1, Generation2, None]` | The generation for this VirtualNetworkGateway. Must be None if virtualNetworkGatewayType is not VPN. |
-| `vpnType` | string | `'RouteBased'` | `[PolicyBased, RouteBased]` | Specifies the VPN type. |
-
+## Usage examples
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `activeActive` | bool | Shows if the virtual network gateway is configured in active-active mode. |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the virtual network gateway. |
-| `resourceGroupName` | string | The resource group the virtual network gateway was deployed. |
-| `resourceId` | string | The resource ID of the virtual network gateway. |
-
-## Cross-referenced modules
-
-This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
-
-| Reference | Type |
-| :-- | :-- |
-| `network/public-ip-address` | Local reference |
-
-## Deployment examples
-
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
>**Note**: The name of each example is based on the name of the file from which it is taken.
>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-Example 1: Aadvpn
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.virtual-network-gateway:1.0.0`.
+
+- [Aadvpn](#example-1-aadvpn)
+- [Expressroute](#example-2-expressroute)
+- [Vpn](#example-3-vpn)
+
+### Example 1: _Aadvpn_
via Bicep module
```bicep
-module virtualNetworkGateway './network/virtual-network-gateway/main.bicep' = {
+module virtualNetworkGateway 'br:bicep/modules/network.virtual-network-gateway:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-nvngavpn'
params: {
// Required parameters
@@ -260,14 +195,14 @@ module virtualNetworkGateway './network/virtual-network-gateway/main.bicep' = {
-
Example 2: Expressroute
+### Example 2: _Expressroute_
via Bicep module
```bicep
-module virtualNetworkGateway './network/virtual-network-gateway/main.bicep' = {
+module virtualNetworkGateway 'br:bicep/modules/network.virtual-network-gateway:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-nvger'
params: {
// Required parameters
@@ -395,14 +330,14 @@ module virtualNetworkGateway './network/virtual-network-gateway/main.bicep' = {
-
Example 3: Vpn
+### Example 3: _Vpn_
via Bicep module
```bicep
-module virtualNetworkGateway './network/virtual-network-gateway/main.bicep' = {
+module virtualNetworkGateway 'br:bicep/modules/network.virtual-network-gateway:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-nvgvpn'
params: {
// Required parameters
@@ -623,3 +558,359 @@ module virtualNetworkGateway './network/virtual-network-gateway/main.bicep' = {
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`gatewayType`](#parameter-gatewaytype) | string | Specifies the gateway type. E.g. VPN, ExpressRoute. |
+| [`name`](#parameter-name) | string | Specifies the Virtual Network Gateway name. |
+| [`skuName`](#parameter-skuname) | string | The SKU of the Gateway. |
+| [`vNetResourceId`](#parameter-vnetresourceid) | string | Virtual Network resource ID. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`activeActive`](#parameter-activeactive) | bool | Value to specify if the Gateway should be deployed in active-active or active-passive configuration. |
+| [`activeGatewayPipName`](#parameter-activegatewaypipname) | string | Specifies the name of the Public IP used by the Virtual Network Gateway when active-active configuration is required. If it's not provided, a '-pip' suffix will be appended to the gateway's name. |
+| [`allowRemoteVnetTraffic`](#parameter-allowremotevnettraffic) | bool | Configure this gateway to accept traffic from other Azure Virtual Networks. This configuration does not support connectivity to Azure Virtual WAN. |
+| [`allowVirtualWanTraffic`](#parameter-allowvirtualwantraffic) | bool | Configures this gateway to accept traffic from remote Virtual WAN networks. |
+| [`asn`](#parameter-asn) | int | ASN value. |
+| [`clientRevokedCertThumbprint`](#parameter-clientrevokedcertthumbprint) | string | Thumbprint of the revoked certificate. This would revoke VPN client certificates matching this thumbprint from connecting to the VNet. |
+| [`clientRootCertData`](#parameter-clientrootcertdata) | string | Client root certificate data used to authenticate VPN clients. Cannot be configured if vpnClientAadConfiguration is provided. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. |
+| [`disableIPSecReplayProtection`](#parameter-disableipsecreplayprotection) | bool | disableIPSecReplayProtection flag. Used for VPN Gateways. |
+| [`domainNameLabel`](#parameter-domainnamelabel) | array | DNS name(s) of the Public IP resource(s). If you enabled active-active configuration, you need to provide 2 DNS names, if you want to use this feature. A region specific suffix will be appended to it, e.g.: your-DNS-name.westeurope.cloudapp.azure.com. |
+| [`enableBgp`](#parameter-enablebgp) | bool | Value to specify if BGP is enabled or not. |
+| [`enableBgpRouteTranslationForNat`](#parameter-enablebgproutetranslationfornat) | bool | EnableBgpRouteTranslationForNat flag. Can only be used when "natRules" are enabled on the Virtual Network Gateway. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`enableDnsForwarding`](#parameter-enablednsforwarding) | bool | Whether DNS forwarding is enabled or not and is only supported for Express Route Gateways. The DNS forwarding feature flag must be enabled on the current subscription. |
+| [`enablePrivateIpAddress`](#parameter-enableprivateipaddress) | bool | Whether private IP needs to be enabled on this gateway for connections or not. Used for configuring a Site-to-Site VPN connection over ExpressRoute private peering. |
+| [`gatewayDefaultSiteLocalNetworkGatewayId`](#parameter-gatewaydefaultsitelocalnetworkgatewayid) | string | The reference to the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting. |
+| [`gatewayPipName`](#parameter-gatewaypipname) | string | Specifies the name of the Public IP used by the Virtual Network Gateway. If it's not provided, a '-pip' suffix will be appended to the gateway's name. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`natRules`](#parameter-natrules) | array | NatRules for virtual network gateway. NAT is supported on the the following SKUs: VpnGw2~5, VpnGw2AZ~5AZ and is supported for IPsec/IKE cross-premises connections only. |
+| [`publicIpdiagnosticLogCategoriesToEnable`](#parameter-publicipdiagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`publicIpDiagnosticSettingsName`](#parameter-publicipdiagnosticsettingsname) | string | The name of the public IP diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". |
+| [`publicIPPrefixResourceId`](#parameter-publicipprefixresourceid) | string | Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix. |
+| [`publicIpZones`](#parameter-publicipzones) | array | Specifies the zones of the Public IP address. Basic IP SKU does not support Availability Zones. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`virtualNetworkGatewaydiagnosticLogCategoriesToEnable`](#parameter-virtualnetworkgatewaydiagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`vpnClientAadConfiguration`](#parameter-vpnclientaadconfiguration) | object | Configuration for AAD Authentication for P2S Tunnel Type, Cannot be configured if clientRootCertData is provided. |
+| [`vpnClientAddressPoolPrefix`](#parameter-vpnclientaddresspoolprefix) | string | The IP address range from which VPN clients will receive an IP address when connected. Range specified must not overlap with on-premise network. |
+| [`vpnGatewayGeneration`](#parameter-vpngatewaygeneration) | string | The generation for this VirtualNetworkGateway. Must be None if virtualNetworkGatewayType is not VPN. |
+| [`vpnType`](#parameter-vpntype) | string | Specifies the VPN type. |
+
+### Parameter: `activeActive`
+
+Value to specify if the Gateway should be deployed in active-active or active-passive configuration.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `activeGatewayPipName`
+
+Specifies the name of the Public IP used by the Virtual Network Gateway when active-active configuration is required. If it's not provided, a '-pip' suffix will be appended to the gateway's name.
+- Required: No
+- Type: string
+- Default: `[format('{0}-pip2', parameters('name'))]`
+
+### Parameter: `allowRemoteVnetTraffic`
+
+Configure this gateway to accept traffic from other Azure Virtual Networks. This configuration does not support connectivity to Azure Virtual WAN.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `allowVirtualWanTraffic`
+
+Configures this gateway to accept traffic from remote Virtual WAN networks.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `asn`
+
+ASN value.
+- Required: No
+- Type: int
+- Default: `65815`
+
+### Parameter: `clientRevokedCertThumbprint`
+
+Thumbprint of the revoked certificate. This would revoke VPN client certificates matching this thumbprint from connecting to the VNet.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `clientRootCertData`
+
+Client root certificate data used to authenticate VPN clients. Cannot be configured if vpnClientAadConfiguration is provided.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticMetricsToEnable`
+
+The name of metrics that will be streamed.
+- Required: No
+- Type: array
+- Default: `[AllMetrics]`
+- Allowed: `[AllMetrics]`
+
+### Parameter: `diagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `disableIPSecReplayProtection`
+
+disableIPSecReplayProtection flag. Used for VPN Gateways.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `domainNameLabel`
+
+DNS name(s) of the Public IP resource(s). If you enabled active-active configuration, you need to provide 2 DNS names, if you want to use this feature. A region specific suffix will be appended to it, e.g.: your-DNS-name.westeurope.cloudapp.azure.com.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `enableBgp`
+
+Value to specify if BGP is enabled or not.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableBgpRouteTranslationForNat`
+
+EnableBgpRouteTranslationForNat flag. Can only be used when "natRules" are enabled on the Virtual Network Gateway.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableDnsForwarding`
+
+Whether DNS forwarding is enabled or not and is only supported for Express Route Gateways. The DNS forwarding feature flag must be enabled on the current subscription.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enablePrivateIpAddress`
+
+Whether private IP needs to be enabled on this gateway for connections or not. Used for configuring a Site-to-Site VPN connection over ExpressRoute private peering.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `gatewayDefaultSiteLocalNetworkGatewayId`
+
+The reference to the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `gatewayPipName`
+
+Specifies the name of the Public IP used by the Virtual Network Gateway. If it's not provided, a '-pip' suffix will be appended to the gateway's name.
+- Required: No
+- Type: string
+- Default: `[format('{0}-pip1', parameters('name'))]`
+
+### Parameter: `gatewayType`
+
+Specifies the gateway type. E.g. VPN, ExpressRoute.
+- Required: Yes
+- Type: string
+- Allowed: `[ExpressRoute, Vpn]`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+Specifies the Virtual Network Gateway name.
+- Required: Yes
+- Type: string
+
+### Parameter: `natRules`
+
+NatRules for virtual network gateway. NAT is supported on the the following SKUs: VpnGw2~5, VpnGw2AZ~5AZ and is supported for IPsec/IKE cross-premises connections only.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `publicIpdiagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', allLogs, DDoSMitigationFlowLogs, DDoSMitigationReports, DDoSProtectionNotifications]`
+
+### Parameter: `publicIpDiagnosticSettingsName`
+
+The name of the public IP diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `publicIPPrefixResourceId`
+
+Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `publicIpZones`
+
+Specifies the zones of the Public IP address. Basic IP SKU does not support Availability Zones.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `skuName`
+
+The SKU of the Gateway.
+- Required: Yes
+- Type: string
+- Allowed: `[Basic, ErGw1AZ, ErGw2AZ, ErGw3AZ, HighPerformance, Standard, UltraPerformance, VpnGw1, VpnGw1AZ, VpnGw2, VpnGw2AZ, VpnGw3, VpnGw3AZ, VpnGw4, VpnGw4AZ, VpnGw5, VpnGw5AZ]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `virtualNetworkGatewaydiagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', allLogs, GatewayDiagnosticLog, IKEDiagnosticLog, P2SDiagnosticLog, RouteDiagnosticLog, TunnelDiagnosticLog]`
+
+### Parameter: `vNetResourceId`
+
+Virtual Network resource ID.
+- Required: Yes
+- Type: string
+
+### Parameter: `vpnClientAadConfiguration`
+
+Configuration for AAD Authentication for P2S Tunnel Type, Cannot be configured if clientRootCertData is provided.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `vpnClientAddressPoolPrefix`
+
+The IP address range from which VPN clients will receive an IP address when connected. Range specified must not overlap with on-premise network.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `vpnGatewayGeneration`
+
+The generation for this VirtualNetworkGateway. Must be None if virtualNetworkGatewayType is not VPN.
+- Required: No
+- Type: string
+- Default: `'None'`
+- Allowed: `[Generation1, Generation2, None]`
+
+### Parameter: `vpnType`
+
+Specifies the VPN type.
+- Required: No
+- Type: string
+- Default: `'RouteBased'`
+- Allowed: `[PolicyBased, RouteBased]`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `activeActive` | bool | Shows if the virtual network gateway is configured in active-active mode. |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the virtual network gateway. |
+| `resourceGroupName` | string | The resource group the virtual network gateway was deployed. |
+| `resourceId` | string | The resource ID of the virtual network gateway. |
+
+## Cross-referenced modules
+
+This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+
+| Reference | Type |
+| :-- | :-- |
+| `modules/network/public-ip-address` | Local reference |
diff --git a/modules/network/virtual-network-gateway/main.json b/modules/network/virtual-network-gateway/main.json
index 18b0232c89..0404971daa 100644
--- a/modules/network/virtual-network-gateway/main.json
+++ b/modules/network/virtual-network-gateway/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "8459366170014558708"
+ "version": "0.22.6.54827",
+ "templateHash": "1318421731566619997"
},
"name": "Virtual Network Gateways",
"description": "This module deploys a Virtual Network Gateway.",
@@ -539,8 +539,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "1887898957722092173"
+ "version": "0.22.6.54827",
+ "templateHash": "4317747709004918530"
},
"name": "Public IP Addresses",
"description": "This module deploys a Public IP Address.",
@@ -873,8 +873,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "7328126239184883887"
+ "version": "0.22.6.54827",
+ "templateHash": "9976109177347918049"
}
},
"parameters": {
@@ -1092,8 +1092,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "483133118459920914"
+ "version": "0.22.6.54827",
+ "templateHash": "14778714560462406442"
},
"name": "VPN Gateway NAT Rules",
"description": "This module deploys a Virtual Network Gateway NAT Rule.",
@@ -1256,8 +1256,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "10035364843796427917"
+ "version": "0.22.6.54827",
+ "templateHash": "3489304115292603489"
}
},
"parameters": {
diff --git a/modules/network/virtual-network-gateway/nat-rule/README.md b/modules/network/virtual-network-gateway/nat-rule/README.md
index 3cd7056388..9bb8945e60 100644
--- a/modules/network/virtual-network-gateway/nat-rule/README.md
+++ b/modules/network/virtual-network-gateway/nat-rule/README.md
@@ -19,31 +19,87 @@ This module deploys a Virtual Network Gateway NAT Rule.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | The name of the NAT rule. |
+| [`name`](#parameter-name) | string | The name of the NAT rule. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `virtualNetworkGatewayName` | string | The name of the parent Virtual Network Gateway this NAT rule is associated with. Required if the template is used in a standalone deployment. |
+| [`virtualNetworkGatewayName`](#parameter-virtualnetworkgatewayname) | string | The name of the parent Virtual Network Gateway this NAT rule is associated with. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `externalMappings` | array | `[]` | | An address prefix range of destination IPs on the outside network that source IPs will be mapped to. In other words, your post-NAT address prefix range. |
-| `internalMappings` | array | `[]` | | An address prefix range of source IPs on the inside network that will be mapped to a set of external IPs. In other words, your pre-NAT address prefix range. |
-| `ipConfigurationId` | string | `''` | | A NAT rule must be configured to a specific Virtual Network Gateway instance. This is applicable to Dynamic NAT only. Static NAT rules are automatically applied to both Virtual Network Gateway instances. |
-| `mode` | string | `''` | `['', EgressSnat, IngressSnat]` | The type of NAT rule for Virtual Network NAT. IngressSnat mode (also known as Ingress Source NAT) is applicable to traffic entering the Azure hub's site-to-site Virtual Network gateway. EgressSnat mode (also known as Egress Source NAT) is applicable to traffic leaving the Azure hub's Site-to-site Virtual Network gateway. |
-| `type` | string | `''` | `['', Dynamic, Static]` | The type of NAT rule for Virtual Network NAT. Static one-to-one NAT establishes a one-to-one relationship between an internal address and an external address while Dynamic NAT assigns an IP and port based on availability. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`externalMappings`](#parameter-externalmappings) | array | An address prefix range of destination IPs on the outside network that source IPs will be mapped to. In other words, your post-NAT address prefix range. |
+| [`internalMappings`](#parameter-internalmappings) | array | An address prefix range of source IPs on the inside network that will be mapped to a set of external IPs. In other words, your pre-NAT address prefix range. |
+| [`ipConfigurationId`](#parameter-ipconfigurationid) | string | A NAT rule must be configured to a specific Virtual Network Gateway instance. This is applicable to Dynamic NAT only. Static NAT rules are automatically applied to both Virtual Network Gateway instances. |
+| [`mode`](#parameter-mode) | string | The type of NAT rule for Virtual Network NAT. IngressSnat mode (also known as Ingress Source NAT) is applicable to traffic entering the Azure hub's site-to-site Virtual Network gateway. EgressSnat mode (also known as Egress Source NAT) is applicable to traffic leaving the Azure hub's Site-to-site Virtual Network gateway. |
+| [`type`](#parameter-type) | string | The type of NAT rule for Virtual Network NAT. Static one-to-one NAT establishes a one-to-one relationship between an internal address and an external address while Dynamic NAT assigns an IP and port based on availability. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `externalMappings`
+
+An address prefix range of destination IPs on the outside network that source IPs will be mapped to. In other words, your post-NAT address prefix range.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `internalMappings`
+
+An address prefix range of source IPs on the inside network that will be mapped to a set of external IPs. In other words, your pre-NAT address prefix range.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `ipConfigurationId`
+
+A NAT rule must be configured to a specific Virtual Network Gateway instance. This is applicable to Dynamic NAT only. Static NAT rules are automatically applied to both Virtual Network Gateway instances.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `mode`
+
+The type of NAT rule for Virtual Network NAT. IngressSnat mode (also known as Ingress Source NAT) is applicable to traffic entering the Azure hub's site-to-site Virtual Network gateway. EgressSnat mode (also known as Egress Source NAT) is applicable to traffic leaving the Azure hub's Site-to-site Virtual Network gateway.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', EgressSnat, IngressSnat]`
+
+### Parameter: `name`
+
+The name of the NAT rule.
+- Required: Yes
+- Type: string
+
+### Parameter: `type`
+
+The type of NAT rule for Virtual Network NAT. Static one-to-one NAT establishes a one-to-one relationship between an internal address and an external address while Dynamic NAT assigns an IP and port based on availability.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Dynamic, Static]`
+
+### Parameter: `virtualNetworkGatewayName`
+
+The name of the parent Virtual Network Gateway this NAT rule is associated with. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the NAT rule. |
| `resourceGroupName` | string | The name of the resource group the NAT rule was deployed into. |
diff --git a/modules/network/virtual-network-gateway/nat-rule/main.json b/modules/network/virtual-network-gateway/nat-rule/main.json
index 5969b6ecce..8435d984f4 100644
--- a/modules/network/virtual-network-gateway/nat-rule/main.json
+++ b/modules/network/virtual-network-gateway/nat-rule/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "483133118459920914"
+ "version": "0.22.6.54827",
+ "templateHash": "14778714560462406442"
},
"name": "VPN Gateway NAT Rules",
"description": "This module deploys a Virtual Network Gateway NAT Rule.",
diff --git a/modules/network/virtual-network/.test/common/main.test.bicep b/modules/network/virtual-network/.test/common/main.test.bicep
index c0552ce142..832c76cfc0 100644
--- a/modules/network/virtual-network/.test/common/main.test.bicep
+++ b/modules/network/virtual-network/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/network/virtual-network/.test/min/main.test.bicep b/modules/network/virtual-network/.test/min/main.test.bicep
index 7148de4655..1cd5b5d90a 100644
--- a/modules/network/virtual-network/.test/min/main.test.bicep
+++ b/modules/network/virtual-network/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/network/virtual-network/README.md b/modules/network/virtual-network/README.md
index 17c45fe91e..90ed82108b 100644
--- a/modules/network/virtual-network/README.md
+++ b/modules/network/virtual-network/README.md
@@ -4,14 +4,14 @@ This module deploys a Virtual Network (vNet).
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
- [Notes](#Notes)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
@@ -22,71 +22,30 @@ This module deploys a Virtual Network (vNet).
| `Microsoft.Network/virtualNetworks/subnets` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/virtualNetworks/subnets) |
| `Microsoft.Network/virtualNetworks/virtualNetworkPeerings` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/virtualNetworks/virtualNetworkPeerings) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `addressPrefixes` | array | An Array of 1 or more IP Address Prefixes for the Virtual Network. |
-| `name` | string | The Virtual Network (vNet) Name. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `ddosProtectionPlanId` | string | `''` | | Resource ID of the DDoS protection plan to assign the VNET to. If it's left blank, DDoS protection will not be configured. If it's provided, the VNET created by this template will be attached to the referenced DDoS protection plan. The DDoS protection plan can exist in the same or in a different subscription. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, VMProtectionAlerts]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. |
-| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". |
-| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. |
-| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. |
-| `dnsServers` | array | `[]` | | DNS Servers associated to the Virtual Network. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `flowTimeoutInMinutes` | int | `0` | | The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes. Default value 0 will set the property to null. |
-| `location` | string | `[resourceGroup().location]` | | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `peerings` | array | `[]` | | Virtual Network Peerings configurations. |
-| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `subnets` | array | `[]` | | An Array of subnets to deploy to the Virtual Network. |
-| `tags` | object | `{object}` | | Tags of the resource. |
-| `vnetEncryption` | bool | `False` | | Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. Requires the EnableVNetEncryption feature to be registered for the subscription and a supported region to use this property. |
-| `vnetEncryptionEnforcement` | string | `'AllowUnencrypted'` | `[AllowUnencrypted, DropUnencrypted]` | If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled. |
-
-
-## Outputs
+## Usage examples
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `diagnosticsLogs` | array | The Diagnostic Settings of the virtual network. |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the virtual network. |
-| `resourceGroupName` | string | The resource group the virtual network was deployed into. |
-| `resourceId` | string | The resource ID of the virtual network. |
-| `subnetNames` | array | The names of the deployed subnets. |
-| `subnetResourceIds` | array | The resource IDs of the deployed subnets. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-## Cross-referenced modules
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-_None_
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.virtual-network:1.0.0`.
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
+- [Vnetpeering](#example-3-vnetpeering)
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
-Example 1: Common
via Bicep module
```bicep
-module virtualNetwork './network/virtual-network/main.bicep' = {
+module virtualNetwork 'br:bicep/modules/network.virtual-network:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-nvncom'
params: {
// Required parameters
@@ -294,14 +253,17 @@ module virtualNetwork './network/virtual-network/main.bicep' = {
-
Example 2: Min
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module virtualNetwork './network/virtual-network/main.bicep' = {
+module virtualNetwork 'br:bicep/modules/network.virtual-network:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-nvnmin'
params: {
// Required parameters
@@ -347,14 +309,14 @@ module virtualNetwork './network/virtual-network/main.bicep' = {
-
Example 3: Vnetpeering
+### Example 3: _Vnetpeering_
via Bicep module
```bicep
-module virtualNetwork './network/virtual-network/main.bicep' = {
+module virtualNetwork 'br:bicep/modules/network.virtual-network:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-nvnpeer'
params: {
// Required parameters
@@ -455,6 +417,205 @@ module virtualNetwork './network/virtual-network/main.bicep' = {
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`addressPrefixes`](#parameter-addressprefixes) | array | An Array of 1 or more IP Address Prefixes for the Virtual Network. |
+| [`name`](#parameter-name) | string | The Virtual Network (vNet) Name. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`ddosProtectionPlanId`](#parameter-ddosprotectionplanid) | string | Resource ID of the DDoS protection plan to assign the VNET to. If it's left blank, DDoS protection will not be configured. If it's provided, the VNET created by this template will be attached to the referenced DDoS protection plan. The DDoS protection plan can exist in the same or in a different subscription. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. |
+| [`dnsServers`](#parameter-dnsservers) | array | DNS Servers associated to the Virtual Network. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`flowTimeoutInMinutes`](#parameter-flowtimeoutinminutes) | int | The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes. Default value 0 will set the property to null. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`peerings`](#parameter-peerings) | array | Virtual Network Peerings configurations. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`subnets`](#parameter-subnets) | array | An Array of subnets to deploy to the Virtual Network. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`vnetEncryption`](#parameter-vnetencryption) | bool | Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. Requires the EnableVNetEncryption feature to be registered for the subscription and a supported region to use this property. |
+| [`vnetEncryptionEnforcement`](#parameter-vnetencryptionenforcement) | string | If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled. |
+
+### Parameter: `addressPrefixes`
+
+An Array of 1 or more IP Address Prefixes for the Virtual Network.
+- Required: Yes
+- Type: array
+
+### Parameter: `ddosProtectionPlanId`
+
+Resource ID of the DDoS protection plan to assign the VNET to. If it's left blank, DDoS protection will not be configured. If it's provided, the VNET created by this template will be attached to the referenced DDoS protection plan. The DDoS protection plan can exist in the same or in a different subscription.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', allLogs, VMProtectionAlerts]`
+
+### Parameter: `diagnosticMetricsToEnable`
+
+The name of metrics that will be streamed.
+- Required: No
+- Type: array
+- Default: `[AllMetrics]`
+- Allowed: `[AllMetrics]`
+
+### Parameter: `diagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `dnsServers`
+
+DNS Servers associated to the Virtual Network.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `flowTimeoutInMinutes`
+
+The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes. Default value 0 will set the property to null.
+- Required: No
+- Type: int
+- Default: `0`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+The Virtual Network (vNet) Name.
+- Required: Yes
+- Type: string
+
+### Parameter: `peerings`
+
+Virtual Network Peerings configurations.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `subnets`
+
+An Array of subnets to deploy to the Virtual Network.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `vnetEncryption`
+
+Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. Requires the EnableVNetEncryption feature to be registered for the subscription and a supported region to use this property.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `vnetEncryptionEnforcement`
+
+If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled.
+- Required: No
+- Type: string
+- Default: `'AllowUnencrypted'`
+- Allowed: `[AllowUnencrypted, DropUnencrypted]`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `diagnosticsLogs` | array | The Diagnostic Settings of the virtual network. |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the virtual network. |
+| `resourceGroupName` | string | The resource group the virtual network was deployed into. |
+| `resourceId` | string | The resource ID of the virtual network. |
+| `subnetNames` | array | The names of the deployed subnets. |
+| `subnetResourceIds` | array | The resource IDs of the deployed subnets. |
+
+## Cross-referenced modules
+
+_None_
+
## Notes
### Considerations
diff --git a/modules/network/virtual-network/main.json b/modules/network/virtual-network/main.json
index d246cbd6f8..2da9232c9d 100644
--- a/modules/network/virtual-network/main.json
+++ b/modules/network/virtual-network/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "12861814735026825278"
+ "version": "0.22.6.54827",
+ "templateHash": "6996162426151376576"
},
"name": "Virtual Networks",
"description": "This module deploys a Virtual Network (vNet).",
@@ -341,8 +341,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "13147389264555337469"
+ "version": "0.22.6.54827",
+ "templateHash": "8758167910677571979"
},
"name": "Virtual Network Subnets",
"description": "This module deploys a Virtual Network Subnet.",
@@ -537,8 +537,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "15642916335871461785"
+ "version": "0.22.6.54827",
+ "templateHash": "3698261669800089456"
}
},
"parameters": {
@@ -760,8 +760,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "10823477125090405647"
+ "version": "0.22.6.54827",
+ "templateHash": "18346996432273628410"
},
"name": "Virtual Network Peerings",
"description": "This module deploys a Virtual Network Peering.",
@@ -929,8 +929,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "10823477125090405647"
+ "version": "0.22.6.54827",
+ "templateHash": "18346996432273628410"
},
"name": "Virtual Network Peerings",
"description": "This module deploys a Virtual Network Peering.",
@@ -1093,8 +1093,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "826837070159019998"
+ "version": "0.22.6.54827",
+ "templateHash": "9735784247686217836"
}
},
"parameters": {
diff --git a/modules/network/virtual-network/subnet/README.md b/modules/network/virtual-network/subnet/README.md
index 8a9dfc4089..643c00ebdc 100644
--- a/modules/network/virtual-network/subnet/README.md
+++ b/modules/network/virtual-network/subnet/README.md
@@ -21,39 +21,150 @@ This module deploys a Virtual Network Subnet.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `addressPrefix` | string | The address prefix for the subnet. |
+| [`addressPrefix`](#parameter-addressprefix) | string | The address prefix for the subnet. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `virtualNetworkName` | string | The name of the parent virtual network. Required if the template is used in a standalone deployment. |
+| [`virtualNetworkName`](#parameter-virtualnetworkname) | string | The name of the parent virtual network. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `addressPrefixes` | array | `[]` | | List of address prefixes for the subnet. |
-| `applicationGatewayIPConfigurations` | array | `[]` | | Application gateway IP configurations of virtual network resource. |
-| `delegations` | array | `[]` | | The delegations to enable on the subnet. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `ipAllocations` | array | `[]` | | Array of IpAllocation which reference this subnet. |
-| `name` | string | | | The Name of the subnet resource. |
-| `natGatewayId` | string | `''` | | The resource ID of the NAT Gateway to use for the subnet. |
-| `networkSecurityGroupId` | string | `''` | | The resource ID of the network security group to assign to the subnet. |
-| `privateEndpointNetworkPolicies` | string | `''` | `['', Disabled, Enabled]` | enable or disable apply network policies on private endpoint in the subnet. |
-| `privateLinkServiceNetworkPolicies` | string | `''` | `['', Disabled, Enabled]` | enable or disable apply network policies on private link service in the subnet. |
-| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `routeTableId` | string | `''` | | The resource ID of the route table to assign to the subnet. |
-| `serviceEndpointPolicies` | array | `[]` | | An array of service endpoint policies. |
-| `serviceEndpoints` | array | `[]` | | The service endpoints to enable on the subnet. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`addressPrefixes`](#parameter-addressprefixes) | array | List of address prefixes for the subnet. |
+| [`applicationGatewayIPConfigurations`](#parameter-applicationgatewayipconfigurations) | array | Application gateway IP configurations of virtual network resource. |
+| [`delegations`](#parameter-delegations) | array | The delegations to enable on the subnet. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`ipAllocations`](#parameter-ipallocations) | array | Array of IpAllocation which reference this subnet. |
+| [`name`](#parameter-name) | string | The Name of the subnet resource. |
+| [`natGatewayId`](#parameter-natgatewayid) | string | The resource ID of the NAT Gateway to use for the subnet. |
+| [`networkSecurityGroupId`](#parameter-networksecuritygroupid) | string | The resource ID of the network security group to assign to the subnet. |
+| [`privateEndpointNetworkPolicies`](#parameter-privateendpointnetworkpolicies) | string | enable or disable apply network policies on private endpoint in the subnet. |
+| [`privateLinkServiceNetworkPolicies`](#parameter-privatelinkservicenetworkpolicies) | string | enable or disable apply network policies on private link service in the subnet. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`routeTableId`](#parameter-routetableid) | string | The resource ID of the route table to assign to the subnet. |
+| [`serviceEndpointPolicies`](#parameter-serviceendpointpolicies) | array | An array of service endpoint policies. |
+| [`serviceEndpoints`](#parameter-serviceendpoints) | array | The service endpoints to enable on the subnet. |
+
+### Parameter: `addressPrefix`
+
+The address prefix for the subnet.
+- Required: Yes
+- Type: string
+
+### Parameter: `addressPrefixes`
+
+List of address prefixes for the subnet.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `applicationGatewayIPConfigurations`
+
+Application gateway IP configurations of virtual network resource.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `delegations`
+
+The delegations to enable on the subnet.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `ipAllocations`
+
+Array of IpAllocation which reference this subnet.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `name`
+
+The Name of the subnet resource.
+- Required: Yes
+- Type: string
+
+### Parameter: `natGatewayId`
+
+The resource ID of the NAT Gateway to use for the subnet.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `networkSecurityGroupId`
+
+The resource ID of the network security group to assign to the subnet.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `privateEndpointNetworkPolicies`
+
+enable or disable apply network policies on private endpoint in the subnet.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Disabled, Enabled]`
+
+### Parameter: `privateLinkServiceNetworkPolicies`
+
+enable or disable apply network policies on private link service in the subnet.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Disabled, Enabled]`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `routeTableId`
+
+The resource ID of the route table to assign to the subnet.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `serviceEndpointPolicies`
+
+An array of service endpoint policies.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `serviceEndpoints`
+
+The service endpoints to enable on the subnet.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `virtualNetworkName`
+
+The name of the parent virtual network. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the virtual network peering. |
| `resourceGroupName` | string | The resource group the virtual network peering was deployed into. |
diff --git a/modules/network/virtual-network/subnet/main.json b/modules/network/virtual-network/subnet/main.json
index aa1af62d0a..084f994df1 100644
--- a/modules/network/virtual-network/subnet/main.json
+++ b/modules/network/virtual-network/subnet/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "17563066367289258796"
+ "version": "0.22.6.54827",
+ "templateHash": "8758167910677571979"
},
"name": "Virtual Network Subnets",
"description": "This module deploys a Virtual Network Subnet.",
@@ -200,8 +200,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "11765890115463110578"
+ "version": "0.22.6.54827",
+ "templateHash": "3698261669800089456"
}
},
"parameters": {
diff --git a/modules/network/virtual-network/virtual-network-peering/README.md b/modules/network/virtual-network/virtual-network-peering/README.md
index f5dd0935e8..fb53ca2d3f 100644
--- a/modules/network/virtual-network/virtual-network-peering/README.md
+++ b/modules/network/virtual-network/virtual-network-peering/README.md
@@ -4,12 +4,12 @@ This module deploys a Virtual Network Peering.
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
@@ -19,32 +19,93 @@ This module deploys a Virtual Network Peering.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `remoteVirtualNetworkId` | string | The Resource ID of the VNet that is this Local VNet is being peered to. Should be in the format of a Resource ID. |
+| [`remoteVirtualNetworkId`](#parameter-remotevirtualnetworkid) | string | The Resource ID of the VNet that is this Local VNet is being peered to. Should be in the format of a Resource ID. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `localVnetName` | string | The name of the parent Virtual Network to add the peering to. Required if the template is used in a standalone deployment. |
+| [`localVnetName`](#parameter-localvnetname) | string | The name of the parent Virtual Network to add the peering to. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `allowForwardedTraffic` | bool | `True` | Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. Default is true. |
-| `allowGatewayTransit` | bool | `False` | If gateway links can be used in remote virtual networking to link to this virtual network. Default is false. |
-| `allowVirtualNetworkAccess` | bool | `True` | Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. Default is true. |
-| `doNotVerifyRemoteGateways` | bool | `True` | If we need to verify the provisioning state of the remote gateway. Default is true. |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `name` | string | `[format('{0}-{1}', parameters('localVnetName'), last(split(parameters('remoteVirtualNetworkId'), '/')))]` | The Name of Vnet Peering resource. If not provided, default value will be localVnetName-remoteVnetName. |
-| `useRemoteGateways` | bool | `False` | If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. Default is false. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`allowForwardedTraffic`](#parameter-allowforwardedtraffic) | bool | Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. Default is true. |
+| [`allowGatewayTransit`](#parameter-allowgatewaytransit) | bool | If gateway links can be used in remote virtual networking to link to this virtual network. Default is false. |
+| [`allowVirtualNetworkAccess`](#parameter-allowvirtualnetworkaccess) | bool | Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. Default is true. |
+| [`doNotVerifyRemoteGateways`](#parameter-donotverifyremotegateways) | bool | If we need to verify the provisioning state of the remote gateway. Default is true. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`name`](#parameter-name) | string | The Name of Vnet Peering resource. If not provided, default value will be localVnetName-remoteVnetName. |
+| [`useRemoteGateways`](#parameter-useremotegateways) | bool | If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. Default is false. |
+
+### Parameter: `allowForwardedTraffic`
+
+Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. Default is true.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `allowGatewayTransit`
+
+If gateway links can be used in remote virtual networking to link to this virtual network. Default is false.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `allowVirtualNetworkAccess`
+
+Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. Default is true.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `doNotVerifyRemoteGateways`
+
+If we need to verify the provisioning state of the remote gateway. Default is true.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `localVnetName`
+
+The name of the parent Virtual Network to add the peering to. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `name`
+
+The Name of Vnet Peering resource. If not provided, default value will be localVnetName-remoteVnetName.
+- Required: No
+- Type: string
+- Default: `[format('{0}-{1}', parameters('localVnetName'), last(split(parameters('remoteVirtualNetworkId'), '/')))]`
+
+### Parameter: `remoteVirtualNetworkId`
+
+The Resource ID of the VNet that is this Local VNet is being peered to. Should be in the format of a Resource ID.
+- Required: Yes
+- Type: string
+
+### Parameter: `useRemoteGateways`
+
+If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. Default is false.
+- Required: No
+- Type: bool
+- Default: `False`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the virtual network peering. |
| `resourceGroupName` | string | The resource group the virtual network peering was deployed into. |
diff --git a/modules/network/virtual-network/virtual-network-peering/main.json b/modules/network/virtual-network/virtual-network-peering/main.json
index 50c7a9f2a1..a7efe2dec6 100644
--- a/modules/network/virtual-network/virtual-network-peering/main.json
+++ b/modules/network/virtual-network/virtual-network-peering/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "6880392752659964193"
+ "version": "0.22.6.54827",
+ "templateHash": "18346996432273628410"
},
"name": "Virtual Network Peerings",
"description": "This module deploys a Virtual Network Peering.",
diff --git a/modules/network/virtual-wan/.test/common/main.test.bicep b/modules/network/virtual-wan/.test/common/main.test.bicep
index 5b281b7b92..ab7ace98d9 100644
--- a/modules/network/virtual-wan/.test/common/main.test.bicep
+++ b/modules/network/virtual-wan/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/network/virtual-wan/.test/min/main.test.bicep b/modules/network/virtual-wan/.test/min/main.test.bicep
index edcf6fe066..8247a6e863 100644
--- a/modules/network/virtual-wan/.test/min/main.test.bicep
+++ b/modules/network/virtual-wan/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/network/virtual-wan/README.md b/modules/network/virtual-wan/README.md
index 8039719c7c..396b09bc56 100644
--- a/modules/network/virtual-wan/README.md
+++ b/modules/network/virtual-wan/README.md
@@ -4,13 +4,13 @@ This module deploys a Virtual WAN.
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
@@ -18,57 +18,29 @@ This module deploys a Virtual WAN.
| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
| `Microsoft.Network/virtualWans` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/virtualWans) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Name of the Virtual WAN. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `allowBranchToBranchTraffic` | bool | `False` | | True if branch to branch traffic is allowed. |
-| `allowVnetToVnetTraffic` | bool | `False` | | True if VNET to VNET traffic is allowed. |
-| `disableVpnEncryption` | bool | `False` | | VPN encryption to be disabled or not. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[resourceGroup().location]` | | Location where all resources will be created. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `tags` | object | `{object}` | | Tags of the resource. |
-| `type` | string | `'Standard'` | `[Basic, Standard]` | The type of the Virtual WAN. |
-
+## Usage examples
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the virtual WAN. |
-| `resourceGroupName` | string | The resource group the virtual WAN was deployed into. |
-| `resourceId` | string | The resource ID of the virtual WAN. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-## Cross-referenced modules
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-_None_
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.virtual-wan:1.0.0`.
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
-Example 1: Common
via Bicep module
```bicep
-module virtualWan './network/virtual-wan/main.bicep' = {
+module virtualWan 'br:bicep/modules/network.virtual-wan:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-nvwcom'
params: {
// Required parameters
@@ -158,14 +130,17 @@ module virtualWan './network/virtual-wan/main.bicep' = {
-
Example 2: Min
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module virtualWan './network/virtual-wan/main.bicep' = {
+module virtualWan 'br:bicep/modules/network.virtual-wan:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-nvwmin'
params: {
// Required parameters
@@ -202,3 +177,111 @@ module virtualWan './network/virtual-wan/main.bicep' = {
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the Virtual WAN. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`allowBranchToBranchTraffic`](#parameter-allowbranchtobranchtraffic) | bool | True if branch to branch traffic is allowed. |
+| [`allowVnetToVnetTraffic`](#parameter-allowvnettovnettraffic) | bool | True if VNET to VNET traffic is allowed. |
+| [`disableVpnEncryption`](#parameter-disablevpnencryption) | bool | VPN encryption to be disabled or not. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location where all resources will be created. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`type`](#parameter-type) | string | The type of the Virtual WAN. |
+
+### Parameter: `allowBranchToBranchTraffic`
+
+True if branch to branch traffic is allowed.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `allowVnetToVnetTraffic`
+
+True if VNET to VNET traffic is allowed.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `disableVpnEncryption`
+
+VPN encryption to be disabled or not.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location where all resources will be created.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+Name of the Virtual WAN.
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `type`
+
+The type of the Virtual WAN.
+- Required: No
+- Type: string
+- Default: `'Standard'`
+- Allowed: `[Basic, Standard]`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the virtual WAN. |
+| `resourceGroupName` | string | The resource group the virtual WAN was deployed into. |
+| `resourceId` | string | The resource ID of the virtual WAN. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/network/virtual-wan/main.json b/modules/network/virtual-wan/main.json
index 7d82f973b8..f7c0e84e62 100644
--- a/modules/network/virtual-wan/main.json
+++ b/modules/network/virtual-wan/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "2653906358986045673"
+ "version": "0.22.6.54827",
+ "templateHash": "6166970702359791938"
},
"name": "Virtual WANs",
"description": "This module deploys a Virtual WAN.",
@@ -167,8 +167,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "6282617647386769433"
+ "version": "0.22.6.54827",
+ "templateHash": "2713904896388571012"
}
},
"parameters": {
diff --git a/modules/network/vpn-gateway/.test/common/main.test.bicep b/modules/network/vpn-gateway/.test/common/main.test.bicep
index 757556890f..7496548a25 100644
--- a/modules/network/vpn-gateway/.test/common/main.test.bicep
+++ b/modules/network/vpn-gateway/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/network/vpn-gateway/.test/min/main.test.bicep b/modules/network/vpn-gateway/.test/min/main.test.bicep
index 4e11cce7a9..f050ca9adc 100644
--- a/modules/network/vpn-gateway/.test/min/main.test.bicep
+++ b/modules/network/vpn-gateway/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/network/vpn-gateway/README.md b/modules/network/vpn-gateway/README.md
index 8fd26e019d..d92e24bf09 100644
--- a/modules/network/vpn-gateway/README.md
+++ b/modules/network/vpn-gateway/README.md
@@ -5,10 +5,10 @@ This module deploys a VPN Gateway.
## Navigation
- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
- [Notes](#Notes)
## Resource Types
@@ -20,59 +20,29 @@ This module deploys a VPN Gateway.
| `Microsoft.Network/vpnGateways/natRules` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/vpnGateways/natRules) |
| `Microsoft.Network/vpnGateways/vpnConnections` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/vpnGateways/vpnConnections) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Name of the VPN gateway. |
-| `virtualHubResourceId` | string | The resource ID of a virtual Hub to connect to. Note: The virtual Hub and Gateway must be deployed into the same location. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `bgpSettings` | object | `{object}` | | BGP settings details. |
-| `enableBgpRouteTranslationForNat` | bool | `False` | | Enable BGP routes translation for NAT on this VPN gateway. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `isRoutingPreferenceInternet` | bool | `False` | | Enable routing preference property for the public IP interface of the VPN gateway. |
-| `location` | string | `[resourceGroup().location]` | | Location where all resources will be created. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `natRules` | array | `[]` | | List of all the NAT Rules to associate with the gateway. |
-| `tags` | object | `{object}` | | Tags of the resource. |
-| `vpnConnections` | array | `[]` | | The VPN connections to create in the VPN gateway. |
-| `vpnGatewayScaleUnit` | int | `2` | | The scale unit for this VPN gateway. |
-
+## Usage examples
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the VPN gateway. |
-| `resourceGroupName` | string | The name of the resource group the VPN gateway was deployed into. |
-| `resourceId` | string | The resource ID of the VPN gateway. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-## Cross-referenced modules
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-_None_
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.vpn-gateway:1.0.0`.
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
-
Example 1: Common
via Bicep module
```bicep
-module vpnGateway './network/vpn-gateway/main.bicep' = {
+module vpnGateway 'br:bicep/modules/network.vpn-gateway:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-nvgcom'
params: {
// Required parameters
@@ -206,14 +176,17 @@ module vpnGateway './network/vpn-gateway/main.bicep' = {
-
Example 2: Min
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module vpnGateway './network/vpn-gateway/main.bicep' = {
+module vpnGateway 'br:bicep/modules/network.vpn-gateway:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-nvgmin'
params: {
// Required parameters
@@ -256,6 +229,127 @@ module vpnGateway './network/vpn-gateway/main.bicep' = {
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the VPN gateway. |
+| [`virtualHubResourceId`](#parameter-virtualhubresourceid) | string | The resource ID of a virtual Hub to connect to. Note: The virtual Hub and Gateway must be deployed into the same location. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`bgpSettings`](#parameter-bgpsettings) | object | BGP settings details. |
+| [`enableBgpRouteTranslationForNat`](#parameter-enablebgproutetranslationfornat) | bool | Enable BGP routes translation for NAT on this VPN gateway. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`isRoutingPreferenceInternet`](#parameter-isroutingpreferenceinternet) | bool | Enable routing preference property for the public IP interface of the VPN gateway. |
+| [`location`](#parameter-location) | string | Location where all resources will be created. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`natRules`](#parameter-natrules) | array | List of all the NAT Rules to associate with the gateway. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`vpnConnections`](#parameter-vpnconnections) | array | The VPN connections to create in the VPN gateway. |
+| [`vpnGatewayScaleUnit`](#parameter-vpngatewayscaleunit) | int | The scale unit for this VPN gateway. |
+
+### Parameter: `bgpSettings`
+
+BGP settings details.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `enableBgpRouteTranslationForNat`
+
+Enable BGP routes translation for NAT on this VPN gateway.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `isRoutingPreferenceInternet`
+
+Enable routing preference property for the public IP interface of the VPN gateway.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `location`
+
+Location where all resources will be created.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+Name of the VPN gateway.
+- Required: Yes
+- Type: string
+
+### Parameter: `natRules`
+
+List of all the NAT Rules to associate with the gateway.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `virtualHubResourceId`
+
+The resource ID of a virtual Hub to connect to. Note: The virtual Hub and Gateway must be deployed into the same location.
+- Required: Yes
+- Type: string
+
+### Parameter: `vpnConnections`
+
+The VPN connections to create in the VPN gateway.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `vpnGatewayScaleUnit`
+
+The scale unit for this VPN gateway.
+- Required: No
+- Type: int
+- Default: `2`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the VPN gateway. |
+| `resourceGroupName` | string | The name of the resource group the VPN gateway was deployed into. |
+| `resourceId` | string | The resource ID of the VPN gateway. |
+
+## Cross-referenced modules
+
+_None_
+
## Notes
### Parameter Usage: `bgpSettings`
diff --git a/modules/network/vpn-gateway/main.json b/modules/network/vpn-gateway/main.json
index d3ab277ddd..16bd090a25 100644
--- a/modules/network/vpn-gateway/main.json
+++ b/modules/network/vpn-gateway/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "7609266096220214410"
+ "version": "0.22.6.54827",
+ "templateHash": "9631635231747205865"
},
"name": "VPN Gateways",
"description": "This module deploys a VPN Gateway.",
@@ -183,8 +183,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "6459241670864504569"
+ "version": "0.22.6.54827",
+ "templateHash": "4165642550711844737"
},
"name": "VPN Gateway NAT Rules",
"description": "This module deploys a VPN Gateway NAT Rule.",
@@ -357,8 +357,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "9210756491180563718"
+ "version": "0.22.6.54827",
+ "templateHash": "13660788048333105050"
},
"name": "VPN Gateway VPN Connections",
"description": "This module deploys a VPN Gateway VPN Connection.",
diff --git a/modules/network/vpn-gateway/nat-rule/README.md b/modules/network/vpn-gateway/nat-rule/README.md
index 6155ca0fc1..8ce3c4b7a9 100644
--- a/modules/network/vpn-gateway/nat-rule/README.md
+++ b/modules/network/vpn-gateway/nat-rule/README.md
@@ -19,31 +19,87 @@ This module deploys a VPN Gateway NAT Rule.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | The name of the NAT rule. |
+| [`name`](#parameter-name) | string | The name of the NAT rule. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `vpnGatewayName` | string | The name of the parent VPN gateway this NAT rule is associated with. Required if the template is used in a standalone deployment. |
+| [`vpnGatewayName`](#parameter-vpngatewayname) | string | The name of the parent VPN gateway this NAT rule is associated with. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `externalMappings` | array | `[]` | | An address prefix range of destination IPs on the outside network that source IPs will be mapped to. In other words, your post-NAT address prefix range. |
-| `internalMappings` | array | `[]` | | An address prefix range of source IPs on the inside network that will be mapped to a set of external IPs. In other words, your pre-NAT address prefix range. |
-| `ipConfigurationId` | string | `''` | | A NAT rule must be configured to a specific VPN Gateway instance. This is applicable to Dynamic NAT only. Static NAT rules are automatically applied to both VPN Gateway instances. |
-| `mode` | string | `''` | `['', EgressSnat, IngressSnat]` | The type of NAT rule for VPN NAT. IngressSnat mode (also known as Ingress Source NAT) is applicable to traffic entering the Azure hub's site-to-site VPN gateway. EgressSnat mode (also known as Egress Source NAT) is applicable to traffic leaving the Azure hub's Site-to-site VPN gateway. |
-| `type` | string | `''` | `['', Dynamic, Static]` | The type of NAT rule for VPN NAT. Static one-to-one NAT establishes a one-to-one relationship between an internal address and an external address while Dynamic NAT assigns an IP and port based on availability. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`externalMappings`](#parameter-externalmappings) | array | An address prefix range of destination IPs on the outside network that source IPs will be mapped to. In other words, your post-NAT address prefix range. |
+| [`internalMappings`](#parameter-internalmappings) | array | An address prefix range of source IPs on the inside network that will be mapped to a set of external IPs. In other words, your pre-NAT address prefix range. |
+| [`ipConfigurationId`](#parameter-ipconfigurationid) | string | A NAT rule must be configured to a specific VPN Gateway instance. This is applicable to Dynamic NAT only. Static NAT rules are automatically applied to both VPN Gateway instances. |
+| [`mode`](#parameter-mode) | string | The type of NAT rule for VPN NAT. IngressSnat mode (also known as Ingress Source NAT) is applicable to traffic entering the Azure hub's site-to-site VPN gateway. EgressSnat mode (also known as Egress Source NAT) is applicable to traffic leaving the Azure hub's Site-to-site VPN gateway. |
+| [`type`](#parameter-type) | string | The type of NAT rule for VPN NAT. Static one-to-one NAT establishes a one-to-one relationship between an internal address and an external address while Dynamic NAT assigns an IP and port based on availability. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `externalMappings`
+
+An address prefix range of destination IPs on the outside network that source IPs will be mapped to. In other words, your post-NAT address prefix range.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `internalMappings`
+
+An address prefix range of source IPs on the inside network that will be mapped to a set of external IPs. In other words, your pre-NAT address prefix range.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `ipConfigurationId`
+
+A NAT rule must be configured to a specific VPN Gateway instance. This is applicable to Dynamic NAT only. Static NAT rules are automatically applied to both VPN Gateway instances.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `mode`
+
+The type of NAT rule for VPN NAT. IngressSnat mode (also known as Ingress Source NAT) is applicable to traffic entering the Azure hub's site-to-site VPN gateway. EgressSnat mode (also known as Egress Source NAT) is applicable to traffic leaving the Azure hub's Site-to-site VPN gateway.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', EgressSnat, IngressSnat]`
+
+### Parameter: `name`
+
+The name of the NAT rule.
+- Required: Yes
+- Type: string
+
+### Parameter: `type`
+
+The type of NAT rule for VPN NAT. Static one-to-one NAT establishes a one-to-one relationship between an internal address and an external address while Dynamic NAT assigns an IP and port based on availability.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Dynamic, Static]`
+
+### Parameter: `vpnGatewayName`
+
+The name of the parent VPN gateway this NAT rule is associated with. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the NAT rule. |
| `resourceGroupName` | string | The name of the resource group the NAT rule was deployed into. |
diff --git a/modules/network/vpn-gateway/nat-rule/main.json b/modules/network/vpn-gateway/nat-rule/main.json
index 2bf42881b7..9be53d2e0d 100644
--- a/modules/network/vpn-gateway/nat-rule/main.json
+++ b/modules/network/vpn-gateway/nat-rule/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "6991949008498259337"
+ "version": "0.22.6.54827",
+ "templateHash": "4165642550711844737"
},
"name": "VPN Gateway NAT Rules",
"description": "This module deploys a VPN Gateway NAT Rule.",
diff --git a/modules/network/vpn-gateway/vpn-connection/README.md b/modules/network/vpn-gateway/vpn-connection/README.md
index 624aacd235..76988787ad 100644
--- a/modules/network/vpn-gateway/vpn-connection/README.md
+++ b/modules/network/vpn-gateway/vpn-connection/README.md
@@ -20,40 +20,158 @@ This module deploys a VPN Gateway VPN Connection.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | The name of the VPN connection. |
+| [`name`](#parameter-name) | string | The name of the VPN connection. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `vpnGatewayName` | string | The name of the parent VPN gateway this VPN connection is associated with. Required if the template is used in a standalone deployment. |
+| [`vpnGatewayName`](#parameter-vpngatewayname) | string | The name of the parent VPN gateway this VPN connection is associated with. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `connectionBandwidth` | int | `10` | | Expected bandwidth in MBPS. |
-| `enableBgp` | bool | `False` | | Enable BGP flag. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `enableInternetSecurity` | bool | `False` | | Enable internet security. |
-| `enableRateLimiting` | bool | `False` | | Enable rate limiting. |
-| `ipsecPolicies` | array | `[]` | | The IPSec policies to be considered by this connection. |
-| `remoteVpnSiteResourceId` | string | `''` | | Reference to a VPN site to link to. |
-| `routingConfiguration` | object | `{object}` | | Routing configuration indicating the associated and propagated route tables for this connection. |
-| `routingWeight` | int | `0` | | Routing weight for VPN connection. |
-| `sharedKey` | securestring | `''` | | SharedKey for the VPN connection. |
-| `trafficSelectorPolicies` | array | `[]` | | The traffic selector policies to be considered by this connection. |
-| `useLocalAzureIpAddress` | bool | `False` | | Use local Azure IP to initiate connection. |
-| `usePolicyBasedTrafficSelectors` | bool | `False` | | Enable policy-based traffic selectors. |
-| `vpnConnectionProtocolType` | string | `'IKEv2'` | `[IKEv1, IKEv2]` | Gateway connection protocol. |
-| `vpnLinkConnections` | array | `[]` | | List of all VPN site link connections to the gateway. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`connectionBandwidth`](#parameter-connectionbandwidth) | int | Expected bandwidth in MBPS. |
+| [`enableBgp`](#parameter-enablebgp) | bool | Enable BGP flag. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`enableInternetSecurity`](#parameter-enableinternetsecurity) | bool | Enable internet security. |
+| [`enableRateLimiting`](#parameter-enableratelimiting) | bool | Enable rate limiting. |
+| [`ipsecPolicies`](#parameter-ipsecpolicies) | array | The IPSec policies to be considered by this connection. |
+| [`remoteVpnSiteResourceId`](#parameter-remotevpnsiteresourceid) | string | Reference to a VPN site to link to. |
+| [`routingConfiguration`](#parameter-routingconfiguration) | object | Routing configuration indicating the associated and propagated route tables for this connection. |
+| [`routingWeight`](#parameter-routingweight) | int | Routing weight for VPN connection. |
+| [`sharedKey`](#parameter-sharedkey) | securestring | SharedKey for the VPN connection. |
+| [`trafficSelectorPolicies`](#parameter-trafficselectorpolicies) | array | The traffic selector policies to be considered by this connection. |
+| [`useLocalAzureIpAddress`](#parameter-uselocalazureipaddress) | bool | Use local Azure IP to initiate connection. |
+| [`usePolicyBasedTrafficSelectors`](#parameter-usepolicybasedtrafficselectors) | bool | Enable policy-based traffic selectors. |
+| [`vpnConnectionProtocolType`](#parameter-vpnconnectionprotocoltype) | string | Gateway connection protocol. |
+| [`vpnLinkConnections`](#parameter-vpnlinkconnections) | array | List of all VPN site link connections to the gateway. |
+
+### Parameter: `connectionBandwidth`
+
+Expected bandwidth in MBPS.
+- Required: No
+- Type: int
+- Default: `10`
+
+### Parameter: `enableBgp`
+
+Enable BGP flag.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableInternetSecurity`
+
+Enable internet security.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableRateLimiting`
+
+Enable rate limiting.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `ipsecPolicies`
+
+The IPSec policies to be considered by this connection.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `name`
+
+The name of the VPN connection.
+- Required: Yes
+- Type: string
+
+### Parameter: `remoteVpnSiteResourceId`
+
+Reference to a VPN site to link to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `routingConfiguration`
+
+Routing configuration indicating the associated and propagated route tables for this connection.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `routingWeight`
+
+Routing weight for VPN connection.
+- Required: No
+- Type: int
+- Default: `0`
+
+### Parameter: `sharedKey`
+
+SharedKey for the VPN connection.
+- Required: No
+- Type: securestring
+- Default: `''`
+
+### Parameter: `trafficSelectorPolicies`
+
+The traffic selector policies to be considered by this connection.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `useLocalAzureIpAddress`
+
+Use local Azure IP to initiate connection.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `usePolicyBasedTrafficSelectors`
+
+Enable policy-based traffic selectors.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `vpnConnectionProtocolType`
+
+Gateway connection protocol.
+- Required: No
+- Type: string
+- Default: `'IKEv2'`
+- Allowed: `[IKEv1, IKEv2]`
+
+### Parameter: `vpnGatewayName`
+
+The name of the parent VPN gateway this VPN connection is associated with. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `vpnLinkConnections`
+
+List of all VPN site link connections to the gateway.
+- Required: No
+- Type: array
+- Default: `[]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the VPN connection. |
| `resourceGroupName` | string | The name of the resource group the VPN connection was deployed into. |
diff --git a/modules/network/vpn-gateway/vpn-connection/main.json b/modules/network/vpn-gateway/vpn-connection/main.json
index e626d18b2a..a4ad3b7923 100644
--- a/modules/network/vpn-gateway/vpn-connection/main.json
+++ b/modules/network/vpn-gateway/vpn-connection/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "9210756491180563718"
+ "version": "0.22.6.54827",
+ "templateHash": "13660788048333105050"
},
"name": "VPN Gateway VPN Connections",
"description": "This module deploys a VPN Gateway VPN Connection.",
diff --git a/modules/network/vpn-site/.test/common/main.test.bicep b/modules/network/vpn-site/.test/common/main.test.bicep
index e1b0470cd9..bfcbcbb6ad 100644
--- a/modules/network/vpn-site/.test/common/main.test.bicep
+++ b/modules/network/vpn-site/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/network/vpn-site/.test/min/main.test.bicep b/modules/network/vpn-site/.test/min/main.test.bicep
index f20486d112..7a564ddcfa 100644
--- a/modules/network/vpn-site/.test/min/main.test.bicep
+++ b/modules/network/vpn-site/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/network/vpn-site/README.md b/modules/network/vpn-site/README.md
index ea575095be..d7d8e5300a 100644
--- a/modules/network/vpn-site/README.md
+++ b/modules/network/vpn-site/README.md
@@ -5,10 +5,10 @@ This module deploys a VPN Site.
## Navigation
- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
- [Notes](#Notes)
## Resource Types
@@ -19,66 +19,29 @@ This module deploys a VPN Site.
| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
| `Microsoft.Network/vpnSites` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/vpnSites) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Name of the VPN Site. |
-| `virtualWanId` | string | Resource ID of the virtual WAN to link to. |
-
-**Conditional parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `addressPrefixes` | array | An array of IP address ranges that can be used by subnets of the virtual network. Required if no bgpProperties or VPNSiteLinks are configured. |
-| `bgpProperties` | object | BGP settings details. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. Required if no addressPrefixes or VPNSiteLinks are configured. |
-
-**Optional parameters**
+## Usage examples
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `deviceProperties` | object | `{object}` | | List of properties of the device. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `ipAddress` | string | `''` | | The IP-address for the VPN-site. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. |
-| `isSecuritySite` | bool | `False` | | IsSecuritySite flag. |
-| `location` | string | `[resourceGroup().location]` | | Location where all resources will be created. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `o365Policy` | object | `{object}` | | The Office365 breakout policy. |
-| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `tags` | object | `{object}` | | Tags of the resource. |
-| `vpnSiteLinks` | array | `[]` | | List of all VPN site links. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the VPN site. |
-| `resourceGroupName` | string | The resource group the VPN site was deployed into. |
-| `resourceId` | string | The resource ID of the VPN site. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-## Cross-referenced modules
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-_None_
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/network.vpn-site:1.0.0`.
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
-
Example 1: Common
via Bicep module
```bicep
-module vpnSite './network/vpn-site/main.bicep' = {
+module vpnSite 'br:bicep/modules/network.vpn-site:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-nvscom'
params: {
// Required parameters
@@ -242,14 +205,17 @@ module vpnSite './network/vpn-site/main.bicep' = {
-
Example 2: Min
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module vpnSite './network/vpn-site/main.bicep' = {
+module vpnSite 'br:bicep/modules/network.vpn-site:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-nvsmin'
params: {
// Required parameters
@@ -304,6 +270,148 @@ module vpnSite './network/vpn-site/main.bicep' = {
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the VPN Site. |
+| [`virtualWanId`](#parameter-virtualwanid) | string | Resource ID of the virtual WAN to link to. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`addressPrefixes`](#parameter-addressprefixes) | array | An array of IP address ranges that can be used by subnets of the virtual network. Required if no bgpProperties or VPNSiteLinks are configured. |
+| [`bgpProperties`](#parameter-bgpproperties) | object | BGP settings details. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. Required if no addressPrefixes or VPNSiteLinks are configured. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`deviceProperties`](#parameter-deviceproperties) | object | List of properties of the device. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`ipAddress`](#parameter-ipaddress) | string | The IP-address for the VPN-site. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. |
+| [`isSecuritySite`](#parameter-issecuritysite) | bool | IsSecuritySite flag. |
+| [`location`](#parameter-location) | string | Location where all resources will be created. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`o365Policy`](#parameter-o365policy) | object | The Office365 breakout policy. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`vpnSiteLinks`](#parameter-vpnsitelinks) | array | List of all VPN site links. |
+
+### Parameter: `addressPrefixes`
+
+An array of IP address ranges that can be used by subnets of the virtual network. Required if no bgpProperties or VPNSiteLinks are configured.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `bgpProperties`
+
+BGP settings details. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. Required if no addressPrefixes or VPNSiteLinks are configured.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `deviceProperties`
+
+List of properties of the device.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `ipAddress`
+
+The IP-address for the VPN-site. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `isSecuritySite`
+
+IsSecuritySite flag.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `location`
+
+Location where all resources will be created.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+Name of the VPN Site.
+- Required: Yes
+- Type: string
+
+### Parameter: `o365Policy`
+
+The Office365 breakout policy.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `virtualWanId`
+
+Resource ID of the virtual WAN to link to.
+- Required: Yes
+- Type: string
+
+### Parameter: `vpnSiteLinks`
+
+List of all VPN site links.
+- Required: No
+- Type: array
+- Default: `[]`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the VPN site. |
+| `resourceGroupName` | string | The resource group the VPN site was deployed into. |
+| `resourceId` | string | The resource ID of the VPN site. |
+
+## Cross-referenced modules
+
+_None_
+
## Notes
### Parameter Usage `deviceProperties`
diff --git a/modules/network/vpn-site/main.json b/modules/network/vpn-site/main.json
index b90f743722..859ddc6ba1 100644
--- a/modules/network/vpn-site/main.json
+++ b/modules/network/vpn-site/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "13056643175492466003"
+ "version": "0.22.6.54827",
+ "templateHash": "1375112363272688444"
},
"name": "VPN Sites",
"description": "This module deploys a VPN Site.",
@@ -192,8 +192,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "7148202566959237079"
+ "version": "0.22.6.54827",
+ "templateHash": "13348048560732484926"
}
},
"parameters": {
diff --git a/modules/operational-insights/workspace/.test/common/main.test.bicep b/modules/operational-insights/workspace/.test/common/main.test.bicep
index 3831bb5238..2e994d7fed 100644
--- a/modules/operational-insights/workspace/.test/common/main.test.bicep
+++ b/modules/operational-insights/workspace/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/operational-insights/workspace/.test/min/main.test.bicep b/modules/operational-insights/workspace/.test/min/main.test.bicep
index 365f381b19..cb56d8a1a8 100644
--- a/modules/operational-insights/workspace/.test/min/main.test.bicep
+++ b/modules/operational-insights/workspace/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/operational-insights/workspace/README.md b/modules/operational-insights/workspace/README.md
index 1d36c0d1b3..45b90fefe0 100644
--- a/modules/operational-insights/workspace/README.md
+++ b/modules/operational-insights/workspace/README.md
@@ -4,13 +4,13 @@ This module deploys a Log Analytics Workspace.
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
@@ -27,89 +27,27 @@ This module deploys a Log Analytics Workspace.
| `Microsoft.OperationalInsights/workspaces/tables` | [2022-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2022-10-01/workspaces/tables) |
| `Microsoft.OperationsManagement/solutions` | [2015-11-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.OperationsManagement/2015-11-01-preview/solutions) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Name of the Log Analytics workspace. |
-
-**Conditional parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `linkedStorageAccounts` | array | List of Storage Accounts to be linked. Required if 'forceCmkForQuery' is set to 'true' and 'savedSearches' is not empty. |
+## Usage examples
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `dailyQuotaGb` | int | `-1` | | The workspace daily quota for ingestion. |
-| `dataExports` | array | `[]` | | LAW data export instances to be deployed. |
-| `dataRetention` | int | `365` | | Number of days data will be retained for. |
-| `dataSources` | array | `[]` | | LAW data sources to configure. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Audit]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. |
-| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". |
-| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. |
-| `diagnosticWorkspaceId` | string | `''` | | Resource ID of a log analytics workspace. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `forceCmkForQuery` | bool | `True` | | Indicates whether customer managed storage is mandatory for query management. |
-| `gallerySolutions` | array | `[]` | | List of gallerySolutions to be created in the log analytics workspace. |
-| `linkedServices` | array | `[]` | | List of services to be linked. |
-| `location` | string | `[resourceGroup().location]` | | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `publicNetworkAccessForIngestion` | string | `'Enabled'` | `[Disabled, Enabled]` | The network access type for accessing Log Analytics ingestion. |
-| `publicNetworkAccessForQuery` | string | `'Enabled'` | `[Disabled, Enabled]` | The network access type for accessing Log Analytics query. |
-| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `savedSearches` | array | `[]` | | Kusto Query Language searches to save. |
-| `skuCapacityReservationLevel` | int | `100` | | The capacity reservation level in GB for this workspace, when CapacityReservation sku is selected. Must be in increments of 100 between 100 and 5000. |
-| `skuName` | string | `'PerGB2018'` | `[CapacityReservation, Free, LACluster, PerGB2018, PerNode, Premium, Standalone, Standard]` | The name of the SKU. |
-| `storageInsightsConfigs` | array | `[]` | | List of storage accounts to be read by the workspace. |
-| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. |
-| `tables` | array | `[]` | | LAW custom tables to be deployed. |
-| `tags` | object | `{object}` | | Tags of the resource. |
-| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. |
-| `useResourcePermissions` | bool | `False` | | Set to 'true' to use resource or workspace permissions and 'false' (or leave empty) to require workspace permissions. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `logAnalyticsWorkspaceId` | string | The ID associated with the workspace. |
-| `name` | string | The name of the deployed log analytics workspace. |
-| `resourceGroupName` | string | The resource group of the deployed log analytics workspace. |
-| `resourceId` | string | The resource ID of the deployed log analytics workspace. |
-| `systemAssignedIdentityPrincipalId` | string | The principal ID of the system assigned identity. |
-
-## Cross-referenced modules
-
-This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
-
-| Reference | Type |
-| :-- | :-- |
-| `operations-management/solution` | Local reference |
-
-## Deployment examples
-
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
>**Note**: The name of each example is based on the name of the file from which it is taken.
>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-Example 1: Adv
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/operational-insights.workspace:1.0.0`.
+
+- [Adv](#example-1-adv)
+- [Using large parameter set](#example-2-using-large-parameter-set)
+- [Using only defaults](#example-3-using-only-defaults)
+
+### Example 1: _Adv_
via Bicep module
```bicep
-module workspace './operational-insights/workspace/main.bicep' = {
+module workspace 'br:bicep/modules/operational-insights.workspace:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-oiwadv'
params: {
// Required parameters
@@ -631,14 +569,17 @@ module workspace './operational-insights/workspace/main.bicep' = {
-
Example 2: Common
+### Example 2: _Using large parameter set_
+
+This instance deploys the module with most of its features enabled.
+
via Bicep module
```bicep
-module workspace './operational-insights/workspace/main.bicep' = {
+module workspace 'br:bicep/modules/operational-insights.workspace:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-oiwcom'
params: {
// Required parameters
@@ -1016,14 +957,17 @@ module workspace './operational-insights/workspace/main.bicep' = {
-
Example 3: Min
+### Example 3: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module workspace './operational-insights/workspace/main.bicep' = {
+module workspace 'br:bicep/modules/operational-insights.workspace:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-oiwmin'
params: {
// Required parameters
@@ -1060,3 +1004,294 @@ module workspace './operational-insights/workspace/main.bicep' = {
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the Log Analytics workspace. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`linkedStorageAccounts`](#parameter-linkedstorageaccounts) | array | List of Storage Accounts to be linked. Required if 'forceCmkForQuery' is set to 'true' and 'savedSearches' is not empty. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`dailyQuotaGb`](#parameter-dailyquotagb) | int | The workspace daily quota for ingestion. |
+| [`dataExports`](#parameter-dataexports) | array | LAW data export instances to be deployed. |
+| [`dataRetention`](#parameter-dataretention) | int | Number of days data will be retained for. |
+| [`dataSources`](#parameter-datasources) | array | LAW data sources to configure. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of a log analytics workspace. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`forceCmkForQuery`](#parameter-forcecmkforquery) | bool | Indicates whether customer managed storage is mandatory for query management. |
+| [`gallerySolutions`](#parameter-gallerysolutions) | array | List of gallerySolutions to be created in the log analytics workspace. |
+| [`linkedServices`](#parameter-linkedservices) | array | List of services to be linked. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`publicNetworkAccessForIngestion`](#parameter-publicnetworkaccessforingestion) | string | The network access type for accessing Log Analytics ingestion. |
+| [`publicNetworkAccessForQuery`](#parameter-publicnetworkaccessforquery) | string | The network access type for accessing Log Analytics query. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`savedSearches`](#parameter-savedsearches) | array | Kusto Query Language searches to save. |
+| [`skuCapacityReservationLevel`](#parameter-skucapacityreservationlevel) | int | The capacity reservation level in GB for this workspace, when CapacityReservation sku is selected. Must be in increments of 100 between 100 and 5000. |
+| [`skuName`](#parameter-skuname) | string | The name of the SKU. |
+| [`storageInsightsConfigs`](#parameter-storageinsightsconfigs) | array | List of storage accounts to be read by the workspace. |
+| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
+| [`tables`](#parameter-tables) | array | LAW custom tables to be deployed. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. |
+| [`useResourcePermissions`](#parameter-useresourcepermissions) | bool | Set to 'true' to use resource or workspace permissions and 'false' (or leave empty) to require workspace permissions. |
+
+### Parameter: `dailyQuotaGb`
+
+The workspace daily quota for ingestion.
+- Required: No
+- Type: int
+- Default: `-1`
+
+### Parameter: `dataExports`
+
+LAW data export instances to be deployed.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `dataRetention`
+
+Number of days data will be retained for.
+- Required: No
+- Type: int
+- Default: `365`
+
+### Parameter: `dataSources`
+
+LAW data sources to configure.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', allLogs, Audit]`
+
+### Parameter: `diagnosticMetricsToEnable`
+
+The name of metrics that will be streamed.
+- Required: No
+- Type: array
+- Default: `[AllMetrics]`
+- Allowed: `[AllMetrics]`
+
+### Parameter: `diagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of a log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `forceCmkForQuery`
+
+Indicates whether customer managed storage is mandatory for query management.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `gallerySolutions`
+
+List of gallerySolutions to be created in the log analytics workspace.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `linkedServices`
+
+List of services to be linked.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `linkedStorageAccounts`
+
+List of Storage Accounts to be linked. Required if 'forceCmkForQuery' is set to 'true' and 'savedSearches' is not empty.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+Name of the Log Analytics workspace.
+- Required: Yes
+- Type: string
+
+### Parameter: `publicNetworkAccessForIngestion`
+
+The network access type for accessing Log Analytics ingestion.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `publicNetworkAccessForQuery`
+
+The network access type for accessing Log Analytics query.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `savedSearches`
+
+Kusto Query Language searches to save.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `skuCapacityReservationLevel`
+
+The capacity reservation level in GB for this workspace, when CapacityReservation sku is selected. Must be in increments of 100 between 100 and 5000.
+- Required: No
+- Type: int
+- Default: `100`
+
+### Parameter: `skuName`
+
+The name of the SKU.
+- Required: No
+- Type: string
+- Default: `'PerGB2018'`
+- Allowed: `[CapacityReservation, Free, LACluster, PerGB2018, PerNode, Premium, Standalone, Standard]`
+
+### Parameter: `storageInsightsConfigs`
+
+List of storage accounts to be read by the workspace.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `systemAssignedIdentity`
+
+Enables system assigned managed identity on the resource.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tables`
+
+LAW custom tables to be deployed.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `userAssignedIdentities`
+
+The ID(s) to assign to the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `useResourcePermissions`
+
+Set to 'true' to use resource or workspace permissions and 'false' (or leave empty) to require workspace permissions.
+- Required: No
+- Type: bool
+- Default: `False`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `logAnalyticsWorkspaceId` | string | The ID associated with the workspace. |
+| `name` | string | The name of the deployed log analytics workspace. |
+| `resourceGroupName` | string | The resource group of the deployed log analytics workspace. |
+| `resourceId` | string | The resource ID of the deployed log analytics workspace. |
+| `systemAssignedIdentityPrincipalId` | string | The principal ID of the system assigned identity. |
+
+## Cross-referenced modules
+
+This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+
+| Reference | Type |
+| :-- | :-- |
+| `modules/operations-management/solution` | Local reference |
diff --git a/modules/operational-insights/workspace/data-export/README.md b/modules/operational-insights/workspace/data-export/README.md
index cdf8f03317..74a748b284 100644
--- a/modules/operational-insights/workspace/data-export/README.md
+++ b/modules/operational-insights/workspace/data-export/README.md
@@ -19,29 +19,69 @@ This module deploys a Log Analytics Workspace Data Export.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | The data export rule name. |
+| [`name`](#parameter-name) | string | The data export rule name. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `workspaceName` | string | The name of the parent workspaces. Required if the template is used in a standalone deployment. |
+| [`workspaceName`](#parameter-workspacename) | string | The name of the parent workspaces. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `destination` | object | `{object}` | Destination properties. |
-| `enable` | bool | `False` | Active when enabled. |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). |
-| `tableNames` | array | `[]` | An array of tables to export, for example: ['Heartbeat', 'SecurityEvent']. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`destination`](#parameter-destination) | object | Destination properties. |
+| [`enable`](#parameter-enable) | bool | Active when enabled. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). |
+| [`tableNames`](#parameter-tablenames) | array | An array of tables to export, for example: ['Heartbeat', 'SecurityEvent']. |
+
+### Parameter: `destination`
+
+Destination properties.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `enable`
+
+Active when enabled.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via the Customer Usage Attribution ID (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `name`
+
+The data export rule name.
+- Required: Yes
+- Type: string
+
+### Parameter: `tableNames`
+
+An array of tables to export, for example: ['Heartbeat', 'SecurityEvent'].
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `workspaceName`
+
+The name of the parent workspaces. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the data export. |
| `resourceGroupName` | string | The name of the resource group the data export was created in. |
diff --git a/modules/operational-insights/workspace/data-export/main.json b/modules/operational-insights/workspace/data-export/main.json
index 90194a5d43..ee5f16fa67 100644
--- a/modules/operational-insights/workspace/data-export/main.json
+++ b/modules/operational-insights/workspace/data-export/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "6853475409424559635"
+ "version": "0.22.6.54827",
+ "templateHash": "7753879701724594327"
},
"name": "Log Analytics Workspace Data Exports",
"description": "This module deploys a Log Analytics Workspace Data Export.",
diff --git a/modules/operational-insights/workspace/data-source/README.md b/modules/operational-insights/workspace/data-source/README.md
index e0d5f9f875..80b966ff99 100644
--- a/modules/operational-insights/workspace/data-source/README.md
+++ b/modules/operational-insights/workspace/data-source/README.md
@@ -19,39 +19,150 @@ This module deploys a Log Analytics Workspace Data Source.
**Required parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `kind` | string | `'AzureActivityLog'` | `[AzureActivityLog, IISLogs, LinuxPerformanceCollection, LinuxPerformanceObject, LinuxSyslog, LinuxSyslogCollection, WindowsEvent, WindowsPerformanceCounter]` | The kind of the DataSource. |
-| `name` | string | | | Name of the solution. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`kind`](#parameter-kind) | string | The kind of the DataSource. |
+| [`name`](#parameter-name) | string | Name of the solution. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `logAnalyticsWorkspaceName` | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. |
+| [`logAnalyticsWorkspaceName`](#parameter-loganalyticsworkspacename) | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `counterName` | string | `''` | Counter name to configure when kind is WindowsPerformanceCounter. |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `eventLogName` | string | `''` | Windows event log name to configure when kind is WindowsEvent. |
-| `eventTypes` | array | `[]` | Windows event types to configure when kind is WindowsEvent. |
-| `instanceName` | string | `'*'` | Name of the instance to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. |
-| `intervalSeconds` | int | `60` | Interval in seconds to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. |
-| `linkedResourceId` | string | `''` | Resource ID of the resource to be linked. |
-| `objectName` | string | `''` | Name of the object to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. |
-| `performanceCounters` | array | `[]` | List of counters to configure when the kind is LinuxPerformanceObject. |
-| `state` | string | `''` | State to configure when kind is IISLogs or LinuxSyslogCollection or LinuxPerformanceCollection. |
-| `syslogName` | string | `''` | System log to configure when kind is LinuxSyslog. |
-| `syslogSeverities` | array | `[]` | Severities to configure when kind is LinuxSyslog. |
-| `tags` | object | `{object}` | Tags to configure in the resource. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`counterName`](#parameter-countername) | string | Counter name to configure when kind is WindowsPerformanceCounter. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`eventLogName`](#parameter-eventlogname) | string | Windows event log name to configure when kind is WindowsEvent. |
+| [`eventTypes`](#parameter-eventtypes) | array | Windows event types to configure when kind is WindowsEvent. |
+| [`instanceName`](#parameter-instancename) | string | Name of the instance to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. |
+| [`intervalSeconds`](#parameter-intervalseconds) | int | Interval in seconds to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. |
+| [`linkedResourceId`](#parameter-linkedresourceid) | string | Resource ID of the resource to be linked. |
+| [`objectName`](#parameter-objectname) | string | Name of the object to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. |
+| [`performanceCounters`](#parameter-performancecounters) | array | List of counters to configure when the kind is LinuxPerformanceObject. |
+| [`state`](#parameter-state) | string | State to configure when kind is IISLogs or LinuxSyslogCollection or LinuxPerformanceCollection. |
+| [`syslogName`](#parameter-syslogname) | string | System log to configure when kind is LinuxSyslog. |
+| [`syslogSeverities`](#parameter-syslogseverities) | array | Severities to configure when kind is LinuxSyslog. |
+| [`tags`](#parameter-tags) | object | Tags to configure in the resource. |
+
+### Parameter: `counterName`
+
+Counter name to configure when kind is WindowsPerformanceCounter.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `eventLogName`
+
+Windows event log name to configure when kind is WindowsEvent.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `eventTypes`
+
+Windows event types to configure when kind is WindowsEvent.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `instanceName`
+
+Name of the instance to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject.
+- Required: No
+- Type: string
+- Default: `'*'`
+
+### Parameter: `intervalSeconds`
+
+Interval in seconds to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject.
+- Required: No
+- Type: int
+- Default: `60`
+
+### Parameter: `kind`
+
+The kind of the DataSource.
+- Required: No
+- Type: string
+- Default: `'AzureActivityLog'`
+- Allowed: `[AzureActivityLog, IISLogs, LinuxPerformanceCollection, LinuxPerformanceObject, LinuxSyslog, LinuxSyslogCollection, WindowsEvent, WindowsPerformanceCounter]`
+
+### Parameter: `linkedResourceId`
+
+Resource ID of the resource to be linked.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `logAnalyticsWorkspaceName`
+
+The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `name`
+
+Name of the solution.
+- Required: Yes
+- Type: string
+
+### Parameter: `objectName`
+
+Name of the object to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `performanceCounters`
+
+List of counters to configure when the kind is LinuxPerformanceObject.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `state`
+
+State to configure when kind is IISLogs or LinuxSyslogCollection or LinuxPerformanceCollection.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `syslogName`
+
+System log to configure when kind is LinuxSyslog.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `syslogSeverities`
+
+Severities to configure when kind is LinuxSyslog.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+Tags to configure in the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the deployed data source. |
| `resourceGroupName` | string | The resource group where the data source is deployed. |
diff --git a/modules/operational-insights/workspace/data-source/main.json b/modules/operational-insights/workspace/data-source/main.json
index 12e72aea0f..93d5aef582 100644
--- a/modules/operational-insights/workspace/data-source/main.json
+++ b/modules/operational-insights/workspace/data-source/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "526173230944614742"
+ "version": "0.22.6.54827",
+ "templateHash": "7994060758159745935"
},
"name": "Log Analytics Workspace Datasources",
"description": "This module deploys a Log Analytics Workspace Data Source.",
diff --git a/modules/operational-insights/workspace/linked-service/README.md b/modules/operational-insights/workspace/linked-service/README.md
index 57b5316e53..a05b704e17 100644
--- a/modules/operational-insights/workspace/linked-service/README.md
+++ b/modules/operational-insights/workspace/linked-service/README.md
@@ -19,29 +19,69 @@ This module deploys a Log Analytics Workspace Linked Service.
**Required parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `name` | string | | Name of the link. |
-| `resourceId` | string | `''` | The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require read access. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the link. |
+| [`resourceId`](#parameter-resourceid) | string | The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require read access. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `logAnalyticsWorkspaceName` | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. |
+| [`logAnalyticsWorkspaceName`](#parameter-loganalyticsworkspacename) | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `tags` | object | `{object}` | Tags to configure in the resource. |
-| `writeAccessResourceId` | string | `''` | The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require write access. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`tags`](#parameter-tags) | object | Tags to configure in the resource. |
+| [`writeAccessResourceId`](#parameter-writeaccessresourceid) | string | The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require write access. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `logAnalyticsWorkspaceName`
+
+The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `name`
+
+Name of the link.
+- Required: Yes
+- Type: string
+
+### Parameter: `resourceId`
+
+The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require read access.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `tags`
+
+Tags to configure in the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `writeAccessResourceId`
+
+The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require write access.
+- Required: No
+- Type: string
+- Default: `''`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the deployed linked service. |
| `resourceGroupName` | string | The resource group where the linked service is deployed. |
diff --git a/modules/operational-insights/workspace/linked-service/main.json b/modules/operational-insights/workspace/linked-service/main.json
index c66c428091..e0de836475 100644
--- a/modules/operational-insights/workspace/linked-service/main.json
+++ b/modules/operational-insights/workspace/linked-service/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "6123492600831728521"
+ "version": "0.22.6.54827",
+ "templateHash": "15022791045507209174"
},
"name": "Log Analytics Workspace Linked Services",
"description": "This module deploys a Log Analytics Workspace Linked Service.",
diff --git a/modules/operational-insights/workspace/linked-storage-account/README.md b/modules/operational-insights/workspace/linked-storage-account/README.md
index 67285fba0e..c29ee8ed40 100644
--- a/modules/operational-insights/workspace/linked-storage-account/README.md
+++ b/modules/operational-insights/workspace/linked-storage-account/README.md
@@ -19,27 +19,53 @@ This module deploys a Log Analytics Workspace Linked Storage Account.
**Required parameters**
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `name` | string | `[Alerts, AzureWatson, CustomLogs, Query]` | Name of the link. |
-| `resourceId` | string | | The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require read access. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the link. |
+| [`resourceId`](#parameter-resourceid) | string | The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require read access. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `logAnalyticsWorkspaceName` | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. |
+| [`logAnalyticsWorkspaceName`](#parameter-loganalyticsworkspacename) | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `logAnalyticsWorkspaceName`
+
+The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `name`
+
+Name of the link.
+- Required: Yes
+- Type: string
+- Allowed: `[Alerts, AzureWatson, CustomLogs, Query]`
+
+### Parameter: `resourceId`
+
+The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require read access.
+- Required: Yes
+- Type: string
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the deployed linked storage account. |
| `resourceGroupName` | string | The resource group where the linked storage account is deployed. |
diff --git a/modules/operational-insights/workspace/linked-storage-account/main.json b/modules/operational-insights/workspace/linked-storage-account/main.json
index ae62d06121..ae3c9c7965 100644
--- a/modules/operational-insights/workspace/linked-storage-account/main.json
+++ b/modules/operational-insights/workspace/linked-storage-account/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "17235548432615830542"
+ "version": "0.22.6.54827",
+ "templateHash": "2117697022066188694"
},
"name": "Log Analytics Workspace Linked Storage Accounts",
"description": "This module deploys a Log Analytics Workspace Linked Storage Account.",
diff --git a/modules/operational-insights/workspace/main.json b/modules/operational-insights/workspace/main.json
index b662e00e8b..67aba2675c 100644
--- a/modules/operational-insights/workspace/main.json
+++ b/modules/operational-insights/workspace/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "10794410731370898440"
+ "version": "0.22.6.54827",
+ "templateHash": "13390587976888913833"
},
"name": "Log Analytics Workspaces",
"description": "This module deploys a Log Analytics Workspace.",
@@ -399,8 +399,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "6875862134545079569"
+ "version": "0.22.6.54827",
+ "templateHash": "6643427484780531502"
},
"name": "Log Analytics Workspace Storage Insight Configs",
"description": "This module deploys a Log Analytics Workspace Storage Insight Config.",
@@ -546,8 +546,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "7090165993767697446"
+ "version": "0.22.6.54827",
+ "templateHash": "15022791045507209174"
},
"name": "Log Analytics Workspace Linked Services",
"description": "This module deploys a Log Analytics Workspace Linked Service.",
@@ -683,8 +683,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "4972790707212258352"
+ "version": "0.22.6.54827",
+ "templateHash": "2117697022066188694"
},
"name": "Log Analytics Workspace Linked Storage Accounts",
"description": "This module deploys a Log Analytics Workspace Linked Storage Account.",
@@ -821,8 +821,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "8574189144245494701"
+ "version": "0.22.6.54827",
+ "templateHash": "12667331360871593591"
},
"name": "Log Analytics Workspace Saved Searches",
"description": "This module deploys a Log Analytics Workspace Saved Search.",
@@ -996,8 +996,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "13008977267947771049"
+ "version": "0.22.6.54827",
+ "templateHash": "7753879701724594327"
},
"name": "Log Analytics Workspace Data Exports",
"description": "This module deploys a Log Analytics Workspace Data Export.",
@@ -1146,8 +1146,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "17869715776960241714"
+ "version": "0.22.6.54827",
+ "templateHash": "7994060758159745935"
},
"name": "Log Analytics Workspace Datasources",
"description": "This module deploys a Log Analytics Workspace Data Source.",
@@ -1376,8 +1376,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "13305914804653693951"
+ "version": "0.22.6.54827",
+ "templateHash": "9983426146462646968"
},
"name": "Log Analytics Workspace Tables",
"description": "This module deploys a Log Analytics Workspace Table.",
@@ -1548,8 +1548,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "9052763253522380709"
+ "version": "0.22.6.54827",
+ "templateHash": "2318608107759137473"
},
"name": "Operations Management Solutions",
"description": "This module deploys an Operations Management Solution.",
@@ -1702,8 +1702,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "3735355062180278453"
+ "version": "0.22.6.54827",
+ "templateHash": "17191832464911210338"
}
},
"parameters": {
diff --git a/modules/operational-insights/workspace/saved-search/README.md b/modules/operational-insights/workspace/saved-search/README.md
index 1db2ca47d5..6d8fabc766 100644
--- a/modules/operational-insights/workspace/saved-search/README.md
+++ b/modules/operational-insights/workspace/saved-search/README.md
@@ -19,34 +19,106 @@ This module deploys a Log Analytics Workspace Saved Search.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `category` | string | Query category. |
-| `displayName` | string | Display name for the search. |
-| `name` | string | Name of the saved search. |
-| `query` | string | Kusto Query to be stored. |
+| [`category`](#parameter-category) | string | Query category. |
+| [`displayName`](#parameter-displayname) | string | Display name for the search. |
+| [`name`](#parameter-name) | string | Name of the saved search. |
+| [`query`](#parameter-query) | string | Kusto Query to be stored. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `logAnalyticsWorkspaceName` | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. |
+| [`logAnalyticsWorkspaceName`](#parameter-loganalyticsworkspacename) | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `etag` | string | `'*'` | The ETag of the saved search. To override an existing saved search, use "*" or specify the current Etag. |
-| `functionAlias` | string | `''` | The function alias if query serves as a function. |
-| `functionParameters` | string | `''` | The optional function parameters if query serves as a function. Value should be in the following format: "param-name1:type1 = default_value1, param-name2:type2 = default_value2". For more examples and proper syntax please refer to /azure/kusto/query/functions/user-defined-functions. |
-| `tags` | array | `[]` | Tags to configure in the resource. |
-| `version` | int | `2` | The version number of the query language. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`etag`](#parameter-etag) | string | The ETag of the saved search. To override an existing saved search, use "*" or specify the current Etag. |
+| [`functionAlias`](#parameter-functionalias) | string | The function alias if query serves as a function. |
+| [`functionParameters`](#parameter-functionparameters) | string | The optional function parameters if query serves as a function. Value should be in the following format: "param-name1:type1 = default_value1, param-name2:type2 = default_value2". For more examples and proper syntax please refer to /azure/kusto/query/functions/user-defined-functions. |
+| [`tags`](#parameter-tags) | array | Tags to configure in the resource. |
+| [`version`](#parameter-version) | int | The version number of the query language. |
+
+### Parameter: `category`
+
+Query category.
+- Required: Yes
+- Type: string
+
+### Parameter: `displayName`
+
+Display name for the search.
+- Required: Yes
+- Type: string
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `etag`
+
+The ETag of the saved search. To override an existing saved search, use "*" or specify the current Etag.
+- Required: No
+- Type: string
+- Default: `'*'`
+
+### Parameter: `functionAlias`
+
+The function alias if query serves as a function.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `functionParameters`
+
+The optional function parameters if query serves as a function. Value should be in the following format: "param-name1:type1 = default_value1, param-name2:type2 = default_value2". For more examples and proper syntax please refer to /azure/kusto/query/functions/user-defined-functions.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `logAnalyticsWorkspaceName`
+
+The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `name`
+
+Name of the saved search.
+- Required: Yes
+- Type: string
+
+### Parameter: `query`
+
+Kusto Query to be stored.
+- Required: Yes
+- Type: string
+
+### Parameter: `tags`
+
+Tags to configure in the resource.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `version`
+
+The version number of the query language.
+- Required: No
+- Type: int
+- Default: `2`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the deployed saved search. |
| `resourceGroupName` | string | The resource group where the saved search is deployed. |
diff --git a/modules/operational-insights/workspace/saved-search/main.json b/modules/operational-insights/workspace/saved-search/main.json
index 7fc7ee5138..43332dd89b 100644
--- a/modules/operational-insights/workspace/saved-search/main.json
+++ b/modules/operational-insights/workspace/saved-search/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "8574189144245494701"
+ "version": "0.22.6.54827",
+ "templateHash": "12667331360871593591"
},
"name": "Log Analytics Workspace Saved Searches",
"description": "This module deploys a Log Analytics Workspace Saved Search.",
diff --git a/modules/operational-insights/workspace/storage-insight-config/README.md b/modules/operational-insights/workspace/storage-insight-config/README.md
index 032ee4b2c8..4d77ca61f1 100644
--- a/modules/operational-insights/workspace/storage-insight-config/README.md
+++ b/modules/operational-insights/workspace/storage-insight-config/README.md
@@ -19,30 +19,77 @@ This module deploys a Log Analytics Workspace Storage Insight Config.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `storageAccountResourceId` | string | The Azure Resource Manager ID of the storage account resource. |
+| [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | The Azure Resource Manager ID of the storage account resource. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `logAnalyticsWorkspaceName` | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. |
+| [`logAnalyticsWorkspaceName`](#parameter-loganalyticsworkspacename) | string | The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `containers` | array | `[]` | The names of the blob containers that the workspace should read. |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `name` | string | `[format('{0}-stinsconfig', last(split(parameters('storageAccountResourceId'), '/')))]` | The name of the storage insights config. |
-| `tables` | array | `[]` | The names of the Azure tables that the workspace should read. |
-| `tags` | object | `{object}` | Tags to configure in the resource. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`containers`](#parameter-containers) | array | The names of the blob containers that the workspace should read. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`name`](#parameter-name) | string | The name of the storage insights config. |
+| [`tables`](#parameter-tables) | array | The names of the Azure tables that the workspace should read. |
+| [`tags`](#parameter-tags) | object | Tags to configure in the resource. |
+
+### Parameter: `containers`
+
+The names of the blob containers that the workspace should read.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `logAnalyticsWorkspaceName`
+
+The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `name`
+
+The name of the storage insights config.
+- Required: No
+- Type: string
+- Default: `[format('{0}-stinsconfig', last(split(parameters('storageAccountResourceId'), '/')))]`
+
+### Parameter: `storageAccountResourceId`
+
+The Azure Resource Manager ID of the storage account resource.
+- Required: Yes
+- Type: string
+
+### Parameter: `tables`
+
+The names of the Azure tables that the workspace should read.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+Tags to configure in the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the storage insights configuration. |
| `resourceGroupName` | string | The resource group where the storage insight configuration is deployed. |
diff --git a/modules/operational-insights/workspace/storage-insight-config/main.json b/modules/operational-insights/workspace/storage-insight-config/main.json
index 86d2fdda8b..d5e4378634 100644
--- a/modules/operational-insights/workspace/storage-insight-config/main.json
+++ b/modules/operational-insights/workspace/storage-insight-config/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "5679144933666454393"
+ "version": "0.22.6.54827",
+ "templateHash": "6643427484780531502"
},
"name": "Log Analytics Workspace Storage Insight Configs",
"description": "This module deploys a Log Analytics Workspace Storage Insight Config.",
diff --git a/modules/operational-insights/workspace/table/README.md b/modules/operational-insights/workspace/table/README.md
index 3dde1dedf4..d3d75c4af5 100644
--- a/modules/operational-insights/workspace/table/README.md
+++ b/modules/operational-insights/workspace/table/README.md
@@ -19,32 +19,94 @@ This module deploys a Log Analytics Workspace Table.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | The name of the table. |
+| [`name`](#parameter-name) | string | The name of the table. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `workspaceName` | string | The name of the parent workspaces. Required if the template is used in a standalone deployment. |
+| [`workspaceName`](#parameter-workspacename) | string | The name of the parent workspaces. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). |
-| `plan` | string | `'Analytics'` | `[Analytics, Basic]` | Instruct the system how to handle and charge the logs ingested to this table. |
-| `restoredLogs` | object | `{object}` | | Restore parameters. |
-| `retentionInDays` | int | `-1` | | The table retention in days, between 4 and 730. Setting this property to -1 will default to the workspace retention. |
-| `schema` | object | `{object}` | | Table's schema. |
-| `searchResults` | object | `{object}` | | Parameters of the search job that initiated this table. |
-| `totalRetentionInDays` | int | `-1` | | The table total retention in days, between 4 and 2555. Setting this property to -1 will default to table retention. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). |
+| [`plan`](#parameter-plan) | string | Instruct the system how to handle and charge the logs ingested to this table. |
+| [`restoredLogs`](#parameter-restoredlogs) | object | Restore parameters. |
+| [`retentionInDays`](#parameter-retentionindays) | int | The table retention in days, between 4 and 730. Setting this property to -1 will default to the workspace retention. |
+| [`schema`](#parameter-schema) | object | Table's schema. |
+| [`searchResults`](#parameter-searchresults) | object | Parameters of the search job that initiated this table. |
+| [`totalRetentionInDays`](#parameter-totalretentionindays) | int | The table total retention in days, between 4 and 2555. Setting this property to -1 will default to table retention. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via the Customer Usage Attribution ID (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `name`
+
+The name of the table.
+- Required: Yes
+- Type: string
+
+### Parameter: `plan`
+
+Instruct the system how to handle and charge the logs ingested to this table.
+- Required: No
+- Type: string
+- Default: `'Analytics'`
+- Allowed: `[Analytics, Basic]`
+
+### Parameter: `restoredLogs`
+
+Restore parameters.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `retentionInDays`
+
+The table retention in days, between 4 and 730. Setting this property to -1 will default to the workspace retention.
+- Required: No
+- Type: int
+- Default: `-1`
+
+### Parameter: `schema`
+
+Table's schema.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `searchResults`
+
+Parameters of the search job that initiated this table.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `totalRetentionInDays`
+
+The table total retention in days, between 4 and 2555. Setting this property to -1 will default to table retention.
+- Required: No
+- Type: int
+- Default: `-1`
+
+### Parameter: `workspaceName`
+
+The name of the parent workspaces. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the table. |
| `resourceGroupName` | string | The name of the resource group the table was created in. |
diff --git a/modules/operational-insights/workspace/table/main.json b/modules/operational-insights/workspace/table/main.json
index 83bbc2a91d..91a62f8371 100644
--- a/modules/operational-insights/workspace/table/main.json
+++ b/modules/operational-insights/workspace/table/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "761158132904084297"
+ "version": "0.22.6.54827",
+ "templateHash": "9983426146462646968"
},
"name": "Log Analytics Workspace Tables",
"description": "This module deploys a Log Analytics Workspace Table.",
diff --git a/modules/operations-management/solution/.test/min/main.test.bicep b/modules/operations-management/solution/.test/min/main.test.bicep
index 4fa83443b2..0fea432bd3 100644
--- a/modules/operations-management/solution/.test/min/main.test.bicep
+++ b/modules/operations-management/solution/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/operations-management/solution/README.md b/modules/operations-management/solution/README.md
index bb0ffe8148..748f3a783e 100644
--- a/modules/operations-management/solution/README.md
+++ b/modules/operations-management/solution/README.md
@@ -5,10 +5,10 @@ This module deploys an Operations Management Solution.
## Navigation
- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
## Resource Types
@@ -16,53 +16,30 @@ This module deploys an Operations Management Solution.
| :-- | :-- |
| `Microsoft.OperationsManagement/solutions` | [2015-11-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.OperationsManagement/2015-11-01-preview/solutions) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `logAnalyticsWorkspaceName` | string | Name of the Log Analytics workspace where the solution will be deployed/enabled. |
-| `name` | string | Name of the solution. For Microsoft published gallery solution the target solution resource name will be composed as `{name}({logAnalyticsWorkspaceName})`. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[resourceGroup().location]` | Location for all resources. |
-| `product` | string | `'OMSGallery'` | The product of the deployed solution. For Microsoft published gallery solution it should be `OMSGallery` and the target solution resource product will be composed as `OMSGallery/{name}`. For third party solution, it can be anything. This is case sensitive. |
-| `publisher` | string | `'Microsoft'` | The publisher name of the deployed solution. For Microsoft published gallery solution, it is `Microsoft`. |
+## Usage examples
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the deployed solution. |
-| `resourceGroupName` | string | The resource group where the solution is deployed. |
-| `resourceId` | string | The resource ID of the deployed solution. |
-
-## Cross-referenced modules
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-_None_
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/operations-management.solution:1.0.0`.
-## Deployment examples
+- [Using only defaults](#example-1-using-only-defaults)
+- [Ms](#example-2-ms)
+- [Nonms](#example-3-nonms)
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using only defaults_
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with the minimum set of required parameters.
-Example 1: Min
via Bicep module
```bicep
-module solution './operations-management/solution/main.bicep' = {
+module solution 'br:bicep/modules/operations-management.solution:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-omsmin'
params: {
// Required parameters
@@ -104,14 +81,14 @@ module solution './operations-management/solution/main.bicep' = {
-
Example 2: Ms
+### Example 2: _Ms_
via Bicep module
```bicep
-module solution './operations-management/solution/main.bicep' = {
+module solution 'br:bicep/modules/operations-management.solution:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-omsms'
params: {
// Required parameters
@@ -161,14 +138,14 @@ module solution './operations-management/solution/main.bicep' = {
-
Example 3: Nonms
+### Example 3: _Nonms_
via Bicep module
```bicep
-module solution './operations-management/solution/main.bicep' = {
+module solution 'br:bicep/modules/operations-management.solution:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-omsnonms'
params: {
// Required parameters
@@ -217,3 +194,76 @@ module solution './operations-management/solution/main.bicep' = {
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`logAnalyticsWorkspaceName`](#parameter-loganalyticsworkspacename) | string | Name of the Log Analytics workspace where the solution will be deployed/enabled. |
+| [`name`](#parameter-name) | string | Name of the solution. For Microsoft published gallery solution the target solution resource name will be composed as `{name}({logAnalyticsWorkspaceName})`. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`product`](#parameter-product) | string | The product of the deployed solution. For Microsoft published gallery solution it should be `OMSGallery` and the target solution resource product will be composed as `OMSGallery/{name}`. For third party solution, it can be anything. This is case sensitive. |
+| [`publisher`](#parameter-publisher) | string | The publisher name of the deployed solution. For Microsoft published gallery solution, it is `Microsoft`. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `logAnalyticsWorkspaceName`
+
+Name of the Log Analytics workspace where the solution will be deployed/enabled.
+- Required: Yes
+- Type: string
+
+### Parameter: `name`
+
+Name of the solution. For Microsoft published gallery solution the target solution resource name will be composed as `{name}({logAnalyticsWorkspaceName})`.
+- Required: Yes
+- Type: string
+
+### Parameter: `product`
+
+The product of the deployed solution. For Microsoft published gallery solution it should be `OMSGallery` and the target solution resource product will be composed as `OMSGallery/{name}`. For third party solution, it can be anything. This is case sensitive.
+- Required: No
+- Type: string
+- Default: `'OMSGallery'`
+
+### Parameter: `publisher`
+
+The publisher name of the deployed solution. For Microsoft published gallery solution, it is `Microsoft`.
+- Required: No
+- Type: string
+- Default: `'Microsoft'`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the deployed solution. |
+| `resourceGroupName` | string | The resource group where the solution is deployed. |
+| `resourceId` | string | The resource ID of the deployed solution. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/operations-management/solution/main.json b/modules/operations-management/solution/main.json
index 6ff5586ce1..a2c344b5ad 100644
--- a/modules/operations-management/solution/main.json
+++ b/modules/operations-management/solution/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "9052763253522380709"
+ "version": "0.22.6.54827",
+ "templateHash": "2318608107759137473"
},
"name": "Operations Management Solutions",
"description": "This module deploys an Operations Management Solution.",
diff --git a/modules/policy-insights/remediation/README.md b/modules/policy-insights/remediation/README.md
index cb7a763830..9f0efd5897 100644
--- a/modules/policy-insights/remediation/README.md
+++ b/modules/policy-insights/remediation/README.md
@@ -5,10 +5,10 @@ This module deploys a Policy Insights Remediation.
## Navigation
- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
- [Notes](#Notes)
## Resource Types
@@ -17,59 +17,30 @@ This module deploys a Policy Insights Remediation.
| :-- | :-- |
| `Microsoft.PolicyInsights/remediations` | [2021-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.PolicyInsights/2021-10-01/remediations) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Specifies the name of the policy remediation. |
-| `policyAssignmentId` | string | The resource ID of the policy assignment that should be remediated. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `failureThresholdPercentage` | string | `'1'` | | The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. |
-| `filtersLocations` | array | `[]` | | The filters that will be applied to determine which resources to remediate. |
-| `location` | string | `[deployment().location]` | | Location deployment metadata. |
-| `managementGroupId` | string | `[managementGroup().name]` | | The target scope for the remediation. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. |
-| `parallelDeployments` | int | `10` | | Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. |
-| `policyDefinitionReferenceId` | string | `''` | | The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. |
-| `resourceCount` | int | `500` | | Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. |
-| `resourceDiscoveryMode` | string | `'ExistingNonCompliant'` | `[ExistingNonCompliant, ReEvaluateCompliance]` | The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. |
-| `resourceGroupName` | string | `''` | | The target scope for the remediation. The name of the resource group for the policy assignment. |
-| `subscriptionId` | string | `''` | | The target scope for the remediation. The subscription ID of the subscription for the policy assignment. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the remediation. |
-| `resourceId` | string | The resource ID of the remediation. |
-
-## Cross-referenced modules
+## Usage examples
-_None_
-
-## Deployment examples
-
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
>**Note**: The name of each example is based on the name of the file from which it is taken.
>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
Example 1: Mg.Common
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/policy-insights.remediation:1.0.0`.
+
+- [Mg.Common](#example-1-mgcommon)
+- [Mg.Min](#example-2-mgmin)
+- [Rg.Common](#example-3-rgcommon)
+- [Rg.Min](#example-4-rgmin)
+- [Sub.Common](#example-5-subcommon)
+- [Sub.Min](#example-6-submin)
+
+### Example 1: _Mg.Common_
via Bicep module
```bicep
-module remediation './policy-insights/remediation/main.bicep' = {
+module remediation 'br:bicep/modules/policy-insights.remediation:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-pirmgcom'
params: {
// Required parameters
@@ -143,14 +114,14 @@ module remediation './policy-insights/remediation/main.bicep' = {
-
Example 2: Mg.Min
+### Example 2: _Mg.Min_
via Bicep module
```bicep
-module remediation './policy-insights/remediation/main.bicep' = {
+module remediation 'br:bicep/modules/policy-insights.remediation:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-pirmgmin'
params: {
// Required parameters
@@ -192,14 +163,14 @@ module remediation './policy-insights/remediation/main.bicep' = {
-
Example 3: Rg.Common
+### Example 3: _Rg.Common_
via Bicep module
```bicep
-module remediation './policy-insights/remediation/main.bicep' = {
+module remediation 'br:bicep/modules/policy-insights.remediation:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-pirrgcom'
params: {
// Required parameters
@@ -273,14 +244,14 @@ module remediation './policy-insights/remediation/main.bicep' = {
-
Example 4: Rg.Min
+### Example 4: _Rg.Min_
via Bicep module
```bicep
-module remediation './policy-insights/remediation/main.bicep' = {
+module remediation 'br:bicep/modules/policy-insights.remediation:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-pirrgmin'
params: {
// Required parameters
@@ -322,14 +293,14 @@ module remediation './policy-insights/remediation/main.bicep' = {
-
Example 5: Sub.Common
+### Example 5: _Sub.Common_
via Bicep module
```bicep
-module remediation './policy-insights/remediation/main.bicep' = {
+module remediation 'br:bicep/modules/policy-insights.remediation:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-pirsubcom'
params: {
// Required parameters
@@ -403,14 +374,14 @@ module remediation './policy-insights/remediation/main.bicep' = {
-
Example 6: Sub.Min
+### Example 6: _Sub.Min_
via Bicep module
```bicep
-module remediation './policy-insights/remediation/main.bicep' = {
+module remediation 'br:bicep/modules/policy-insights.remediation:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-pirsubmin'
params: {
// Required parameters
@@ -453,6 +424,134 @@ module remediation './policy-insights/remediation/main.bicep' = {
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Specifies the name of the policy remediation. |
+| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that should be remediated. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`failureThresholdPercentage`](#parameter-failurethresholdpercentage) | string | The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. |
+| [`filtersLocations`](#parameter-filterslocations) | array | The filters that will be applied to determine which resources to remediate. |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`managementGroupId`](#parameter-managementgroupid) | string | The target scope for the remediation. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. |
+| [`parallelDeployments`](#parameter-paralleldeployments) | int | Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. |
+| [`policyDefinitionReferenceId`](#parameter-policydefinitionreferenceid) | string | The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. |
+| [`resourceCount`](#parameter-resourcecount) | int | Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. |
+| [`resourceDiscoveryMode`](#parameter-resourcediscoverymode) | string | The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. |
+| [`resourceGroupName`](#parameter-resourcegroupname) | string | The target scope for the remediation. The name of the resource group for the policy assignment. |
+| [`subscriptionId`](#parameter-subscriptionid) | string | The target scope for the remediation. The subscription ID of the subscription for the policy assignment. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `failureThresholdPercentage`
+
+The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail.
+- Required: No
+- Type: string
+- Default: `'1'`
+
+### Parameter: `filtersLocations`
+
+The filters that will be applied to determine which resources to remediate.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `managementGroupId`
+
+The target scope for the remediation. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment.
+- Required: No
+- Type: string
+- Default: `[managementGroup().name]`
+
+### Parameter: `name`
+
+Specifies the name of the policy remediation.
+- Required: Yes
+- Type: string
+
+### Parameter: `parallelDeployments`
+
+Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used.
+- Required: No
+- Type: int
+- Default: `10`
+
+### Parameter: `policyAssignmentId`
+
+The resource ID of the policy assignment that should be remediated.
+- Required: Yes
+- Type: string
+
+### Parameter: `policyDefinitionReferenceId`
+
+The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `resourceCount`
+
+Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used.
+- Required: No
+- Type: int
+- Default: `500`
+
+### Parameter: `resourceDiscoveryMode`
+
+The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified.
+- Required: No
+- Type: string
+- Default: `'ExistingNonCompliant'`
+- Allowed: `[ExistingNonCompliant, ReEvaluateCompliance]`
+
+### Parameter: `resourceGroupName`
+
+The target scope for the remediation. The name of the resource group for the policy assignment.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `subscriptionId`
+
+The target scope for the remediation. The subscription ID of the subscription for the policy assignment.
+- Required: No
+- Type: string
+- Default: `''`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the remediation. |
+| `resourceId` | string | The resource ID of the remediation. |
+
+## Cross-referenced modules
+
+_None_
+
## Notes
### Parameter Usage: `managementGroupId`
diff --git a/modules/policy-insights/remediation/main.json b/modules/policy-insights/remediation/main.json
index c87b56a9bd..cc27386cb2 100644
--- a/modules/policy-insights/remediation/main.json
+++ b/modules/policy-insights/remediation/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "9470777729167902898"
+ "version": "0.22.6.54827",
+ "templateHash": "4742101117506662139"
},
"name": "Policy Insights Remediations",
"description": "This module deploys a Policy Insights Remediation.",
@@ -179,8 +179,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "5184556478687760186"
+ "version": "0.22.6.54827",
+ "templateHash": "9807832589850582654"
},
"name": "Policy Insights Remediations (Management Group scope)",
"description": "This module deploys a Policy Insights Remediation on a Management Group scope.",
@@ -375,8 +375,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "9797290259140842527"
+ "version": "0.22.6.54827",
+ "templateHash": "8491362450892267233"
},
"name": "Policy Insights Remediations (Subscription scope)",
"description": "This module deploys a Policy Insights Remediation on a Subscription scope.",
@@ -571,8 +571,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "15508810300941948916"
+ "version": "0.22.6.54827",
+ "templateHash": "1603868954809777625"
},
"name": "Policy Insights Remediations (Resource Group scope)",
"description": "This module deploys a Policy Insights Remediation on a Resource Group scope.",
diff --git a/modules/policy-insights/remediation/management-group/README.md b/modules/policy-insights/remediation/management-group/README.md
index 7a747eb168..f7bb79c449 100644
--- a/modules/policy-insights/remediation/management-group/README.md
+++ b/modules/policy-insights/remediation/management-group/README.md
@@ -19,28 +19,97 @@ This module deploys a Policy Insights Remediation on a Management Group scope.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | Specifies the name of the policy remediation. |
-| `policyAssignmentId` | string | The resource ID of the policy assignment that should be remediated. |
+| [`name`](#parameter-name) | string | Specifies the name of the policy remediation. |
+| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that should be remediated. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `failureThresholdPercentage` | string | `'1'` | | The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. |
-| `filtersLocations` | array | `[]` | | The filters that will be applied to determine which resources to remediate. |
-| `location` | string | `[deployment().location]` | | Location deployment metadata. |
-| `parallelDeployments` | int | `10` | | Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. |
-| `policyDefinitionReferenceId` | string | `''` | | The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. |
-| `resourceCount` | int | `500` | | Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. |
-| `resourceDiscoveryMode` | string | `'ExistingNonCompliant'` | `[ExistingNonCompliant, ReEvaluateCompliance]` | The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`failureThresholdPercentage`](#parameter-failurethresholdpercentage) | string | The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. |
+| [`filtersLocations`](#parameter-filterslocations) | array | The filters that will be applied to determine which resources to remediate. |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`parallelDeployments`](#parameter-paralleldeployments) | int | Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. |
+| [`policyDefinitionReferenceId`](#parameter-policydefinitionreferenceid) | string | The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. |
+| [`resourceCount`](#parameter-resourcecount) | int | Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. |
+| [`resourceDiscoveryMode`](#parameter-resourcediscoverymode) | string | The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `failureThresholdPercentage`
+
+The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail.
+- Required: No
+- Type: string
+- Default: `'1'`
+
+### Parameter: `filtersLocations`
+
+The filters that will be applied to determine which resources to remediate.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `name`
+
+Specifies the name of the policy remediation.
+- Required: Yes
+- Type: string
+
+### Parameter: `parallelDeployments`
+
+Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used.
+- Required: No
+- Type: int
+- Default: `10`
+
+### Parameter: `policyAssignmentId`
+
+The resource ID of the policy assignment that should be remediated.
+- Required: Yes
+- Type: string
+
+### Parameter: `policyDefinitionReferenceId`
+
+The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `resourceCount`
+
+Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used.
+- Required: No
+- Type: int
+- Default: `500`
+
+### Parameter: `resourceDiscoveryMode`
+
+The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified.
+- Required: No
+- Type: string
+- Default: `'ExistingNonCompliant'`
+- Allowed: `[ExistingNonCompliant, ReEvaluateCompliance]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `location` | string | The location the resource was deployed into. |
| `name` | string | The name of the remediation. |
diff --git a/modules/policy-insights/remediation/management-group/main.json b/modules/policy-insights/remediation/management-group/main.json
index 0a87c250c0..bc27183d72 100644
--- a/modules/policy-insights/remediation/management-group/main.json
+++ b/modules/policy-insights/remediation/management-group/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "1304798094791157917"
+ "version": "0.22.6.54827",
+ "templateHash": "9807832589850582654"
},
"name": "Policy Insights Remediations (Management Group scope)",
"description": "This module deploys a Policy Insights Remediation on a Management Group scope.",
diff --git a/modules/policy-insights/remediation/resource-group/README.md b/modules/policy-insights/remediation/resource-group/README.md
index 88c4aa8f58..a354a06627 100644
--- a/modules/policy-insights/remediation/resource-group/README.md
+++ b/modules/policy-insights/remediation/resource-group/README.md
@@ -19,28 +19,97 @@ This module deploys a Policy Insights Remediation on a Resource Group scope.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | Specifies the name of the policy remediation. |
-| `policyAssignmentId` | string | The resource ID of the policy assignment that should be remediated. |
+| [`name`](#parameter-name) | string | Specifies the name of the policy remediation. |
+| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that should be remediated. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `failureThresholdPercentage` | string | `'1'` | | The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. |
-| `filtersLocations` | array | `[]` | | The filters that will be applied to determine which resources to remediate. |
-| `location` | string | `[resourceGroup().location]` | | Location deployment metadata. |
-| `parallelDeployments` | int | `10` | | Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. |
-| `policyDefinitionReferenceId` | string | `''` | | The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. |
-| `resourceCount` | int | `500` | | Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. |
-| `resourceDiscoveryMode` | string | `'ExistingNonCompliant'` | `[ExistingNonCompliant, ReEvaluateCompliance]` | The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`failureThresholdPercentage`](#parameter-failurethresholdpercentage) | string | The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. |
+| [`filtersLocations`](#parameter-filterslocations) | array | The filters that will be applied to determine which resources to remediate. |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`parallelDeployments`](#parameter-paralleldeployments) | int | Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. |
+| [`policyDefinitionReferenceId`](#parameter-policydefinitionreferenceid) | string | The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. |
+| [`resourceCount`](#parameter-resourcecount) | int | Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. |
+| [`resourceDiscoveryMode`](#parameter-resourcediscoverymode) | string | The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `failureThresholdPercentage`
+
+The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail.
+- Required: No
+- Type: string
+- Default: `'1'`
+
+### Parameter: `filtersLocations`
+
+The filters that will be applied to determine which resources to remediate.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `name`
+
+Specifies the name of the policy remediation.
+- Required: Yes
+- Type: string
+
+### Parameter: `parallelDeployments`
+
+Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used.
+- Required: No
+- Type: int
+- Default: `10`
+
+### Parameter: `policyAssignmentId`
+
+The resource ID of the policy assignment that should be remediated.
+- Required: Yes
+- Type: string
+
+### Parameter: `policyDefinitionReferenceId`
+
+The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `resourceCount`
+
+Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used.
+- Required: No
+- Type: int
+- Default: `500`
+
+### Parameter: `resourceDiscoveryMode`
+
+The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified.
+- Required: No
+- Type: string
+- Default: `'ExistingNonCompliant'`
+- Allowed: `[ExistingNonCompliant, ReEvaluateCompliance]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `location` | string | The location the resource was deployed into. |
| `name` | string | The name of the remediation. |
diff --git a/modules/policy-insights/remediation/resource-group/main.json b/modules/policy-insights/remediation/resource-group/main.json
index be6c9e58b0..ec8b34293a 100644
--- a/modules/policy-insights/remediation/resource-group/main.json
+++ b/modules/policy-insights/remediation/resource-group/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "16839903448259241444"
+ "version": "0.22.6.54827",
+ "templateHash": "1603868954809777625"
},
"name": "Policy Insights Remediations (Resource Group scope)",
"description": "This module deploys a Policy Insights Remediation on a Resource Group scope.",
diff --git a/modules/policy-insights/remediation/subscription/README.md b/modules/policy-insights/remediation/subscription/README.md
index 82a91bb72b..0ed9328e97 100644
--- a/modules/policy-insights/remediation/subscription/README.md
+++ b/modules/policy-insights/remediation/subscription/README.md
@@ -19,28 +19,97 @@ This module deploys a Policy Insights Remediation on a Subscription scope.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | Specifies the name of the policy remediation. |
-| `policyAssignmentId` | string | The resource ID of the policy assignment that should be remediated. |
+| [`name`](#parameter-name) | string | Specifies the name of the policy remediation. |
+| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that should be remediated. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `failureThresholdPercentage` | string | `'1'` | | The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. |
-| `filtersLocations` | array | `[]` | | The filters that will be applied to determine which resources to remediate. |
-| `location` | string | `[deployment().location]` | | Location deployment metadata. |
-| `parallelDeployments` | int | `10` | | Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. |
-| `policyDefinitionReferenceId` | string | `''` | | The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. |
-| `resourceCount` | int | `500` | | Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. |
-| `resourceDiscoveryMode` | string | `'ExistingNonCompliant'` | `[ExistingNonCompliant, ReEvaluateCompliance]` | The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`failureThresholdPercentage`](#parameter-failurethresholdpercentage) | string | The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. |
+| [`filtersLocations`](#parameter-filterslocations) | array | The filters that will be applied to determine which resources to remediate. |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`parallelDeployments`](#parameter-paralleldeployments) | int | Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. |
+| [`policyDefinitionReferenceId`](#parameter-policydefinitionreferenceid) | string | The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. |
+| [`resourceCount`](#parameter-resourcecount) | int | Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. |
+| [`resourceDiscoveryMode`](#parameter-resourcediscoverymode) | string | The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `failureThresholdPercentage`
+
+The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail.
+- Required: No
+- Type: string
+- Default: `'1'`
+
+### Parameter: `filtersLocations`
+
+The filters that will be applied to determine which resources to remediate.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `name`
+
+Specifies the name of the policy remediation.
+- Required: Yes
+- Type: string
+
+### Parameter: `parallelDeployments`
+
+Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used.
+- Required: No
+- Type: int
+- Default: `10`
+
+### Parameter: `policyAssignmentId`
+
+The resource ID of the policy assignment that should be remediated.
+- Required: Yes
+- Type: string
+
+### Parameter: `policyDefinitionReferenceId`
+
+The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `resourceCount`
+
+Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used.
+- Required: No
+- Type: int
+- Default: `500`
+
+### Parameter: `resourceDiscoveryMode`
+
+The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified.
+- Required: No
+- Type: string
+- Default: `'ExistingNonCompliant'`
+- Allowed: `[ExistingNonCompliant, ReEvaluateCompliance]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `location` | string | The location the resource was deployed into. |
| `name` | string | The name of the remediation. |
diff --git a/modules/policy-insights/remediation/subscription/main.json b/modules/policy-insights/remediation/subscription/main.json
index 499c963670..b7d7bb8b13 100644
--- a/modules/policy-insights/remediation/subscription/main.json
+++ b/modules/policy-insights/remediation/subscription/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "16781098206548824638"
+ "version": "0.22.6.54827",
+ "templateHash": "8491362450892267233"
},
"name": "Policy Insights Remediations (Subscription scope)",
"description": "This module deploys a Policy Insights Remediation on a Subscription scope.",
diff --git a/modules/power-bi-dedicated/capacity/.test/common/main.test.bicep b/modules/power-bi-dedicated/capacity/.test/common/main.test.bicep
index 8a9b62ee77..e2222db5b8 100644
--- a/modules/power-bi-dedicated/capacity/.test/common/main.test.bicep
+++ b/modules/power-bi-dedicated/capacity/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/power-bi-dedicated/capacity/.test/min/main.test.bicep b/modules/power-bi-dedicated/capacity/.test/min/main.test.bicep
index fee53d9951..dea599ae13 100644
--- a/modules/power-bi-dedicated/capacity/.test/min/main.test.bicep
+++ b/modules/power-bi-dedicated/capacity/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/power-bi-dedicated/capacity/README.md b/modules/power-bi-dedicated/capacity/README.md
index a5f670d0ad..042fee54b2 100644
--- a/modules/power-bi-dedicated/capacity/README.md
+++ b/modules/power-bi-dedicated/capacity/README.md
@@ -5,10 +5,10 @@ This module deploys a Power BI Dedicated Capacity.
## Navigation
- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
## Resource Types
@@ -18,58 +18,29 @@ This module deploys a Power BI Dedicated Capacity.
| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
| `Microsoft.PowerBIDedicated/capacities` | [2021-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.PowerBIDedicated/2021-01-01/capacities) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `members` | array | Members of the resource. |
-| `name` | string | Name of the PowerBI Embedded. |
-| `skuCapacity` | int | SkuCapacity of the resource. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[resourceGroup().location]` | | Location for all Resources. |
-| `lock` | string | `''` | `['', CanNotDelete, NotSpecified, ReadOnly]` | Specify the type of lock. |
-| `mode` | string | `'Gen2'` | `[Gen1, Gen2]` | Mode of the resource. |
-| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `skuName` | string | `'A1'` | `[A1, A2, A3, A4, A5, A6]` | SkuCapacity of the resource. |
-| `skuTier` | string | `'PBIE_Azure'` | `[AutoPremiumHost, PBIE_Azure, Premium]` | SkuCapacity of the resource. |
-| `tags` | object | `{object}` | | Tags of the resource. |
-
+## Usage examples
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The Name of the PowerBi Embedded. |
-| `resourceGroupName` | string | The name of the resource group the PowerBi Embedded was created in. |
-| `resourceId` | string | The resource ID of the PowerBi Embedded. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-## Cross-referenced modules
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-_None_
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/power-bi-dedicated.capacity:1.0.0`.
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
-
Example 1: Common
via Bicep module
```bicep
-module capacity './power-bi-dedicated/capacity/main.bicep' = {
+module capacity 'br:bicep/modules/power-bi-dedicated.capacity:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-pbdcapcom'
params: {
// Required parameters
@@ -155,14 +126,17 @@ module capacity './power-bi-dedicated/capacity/main.bicep' = {
-
Example 2: Min
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module capacity './power-bi-dedicated/capacity/main.bicep' = {
+module capacity 'br:bicep/modules/power-bi-dedicated.capacity:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-pbdcapmin'
params: {
// Required parameters
@@ -211,3 +185,119 @@ module capacity './power-bi-dedicated/capacity/main.bicep' = {
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`members`](#parameter-members) | array | Members of the resource. |
+| [`name`](#parameter-name) | string | Name of the PowerBI Embedded. |
+| [`skuCapacity`](#parameter-skucapacity) | int | SkuCapacity of the resource. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location for all Resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`mode`](#parameter-mode) | string | Mode of the resource. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`skuName`](#parameter-skuname) | string | SkuCapacity of the resource. |
+| [`skuTier`](#parameter-skutier) | string | SkuCapacity of the resource. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location for all Resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, NotSpecified, ReadOnly]`
+
+### Parameter: `members`
+
+Members of the resource.
+- Required: Yes
+- Type: array
+
+### Parameter: `mode`
+
+Mode of the resource.
+- Required: No
+- Type: string
+- Default: `'Gen2'`
+- Allowed: `[Gen1, Gen2]`
+
+### Parameter: `name`
+
+Name of the PowerBI Embedded.
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `skuCapacity`
+
+SkuCapacity of the resource.
+- Required: Yes
+- Type: int
+
+### Parameter: `skuName`
+
+SkuCapacity of the resource.
+- Required: No
+- Type: string
+- Default: `'A1'`
+- Allowed: `[A1, A2, A3, A4, A5, A6]`
+
+### Parameter: `skuTier`
+
+SkuCapacity of the resource.
+- Required: No
+- Type: string
+- Default: `'PBIE_Azure'`
+- Allowed: `[AutoPremiumHost, PBIE_Azure, Premium]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The Name of the PowerBi Embedded. |
+| `resourceGroupName` | string | The name of the resource group the PowerBi Embedded was created in. |
+| `resourceId` | string | The resource ID of the PowerBi Embedded. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/power-bi-dedicated/capacity/main.json b/modules/power-bi-dedicated/capacity/main.json
index 7e34e223ae..aafdb27cf3 100644
--- a/modules/power-bi-dedicated/capacity/main.json
+++ b/modules/power-bi-dedicated/capacity/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "924797605355156375"
+ "version": "0.22.6.54827",
+ "templateHash": "9399428020393768552"
},
"name": "Power BI Dedicated Capacities",
"description": "This module deploys a Power BI Dedicated Capacity.",
@@ -184,8 +184,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "18119555403422726514"
+ "version": "0.22.6.54827",
+ "templateHash": "4655209444733495279"
}
},
"parameters": {
diff --git a/modules/purview/account/.test/common/main.test.bicep b/modules/purview/account/.test/common/main.test.bicep
index c716eb8807..e2746b7ebf 100644
--- a/modules/purview/account/.test/common/main.test.bicep
+++ b/modules/purview/account/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/purview/account/.test/min/main.test.bicep b/modules/purview/account/.test/min/main.test.bicep
index bdafc9b679..8cf13684b3 100644
--- a/modules/purview/account/.test/min/main.test.bicep
+++ b/modules/purview/account/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/purview/account/README.md b/modules/purview/account/README.md
index ea412e85c2..59a456441e 100644
--- a/modules/purview/account/README.md
+++ b/modules/purview/account/README.md
@@ -5,10 +5,10 @@ This module deploys a Purview Account.
## Navigation
- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
## Resource Types
@@ -21,77 +21,29 @@ This module deploys a Purview Account.
| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) |
| `Microsoft.Purview/accounts` | [2021-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Purview/2021-07-01/accounts) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Name of the Purview Account. |
-
-**Optional parameters**
+## Usage examples
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `accountPrivateEndpoints` | array | `[]` | | Configuration details for Purview Account private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'account'. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DataSensitivity, PurviewAccountAuditEvents, ScanStatus]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. |
-| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". |
-| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
-| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `eventHubPrivateEndpoints` | array | `[]` | | Configuration details for Purview Managed Event Hub namespace private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'namespace'. |
-| `location` | string | `[resourceGroup().location]` | | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `managedResourceGroupName` | string | `[format('managed-rg-{0}', parameters('name'))]` | | The Managed Resource Group Name. A managed Storage Account, and an Event Hubs will be created in the selected subscription for catalog ingestion scenarios. Default is 'managed-rg-'. |
-| `portalPrivateEndpoints` | array | `[]` | | Configuration details for Purview Portal private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'portal'. |
-| `publicNetworkAccess` | string | `'NotSpecified'` | `[Disabled, Enabled, NotSpecified]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. |
-| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `storageBlobPrivateEndpoints` | array | `[]` | | Configuration details for Purview Managed Storage Account blob private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'blob'. |
-| `storageQueuePrivateEndpoints` | array | `[]` | | Configuration details for Purview Managed Storage Account queue private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'queue'. |
-| `tags` | object | `{object}` | | Tags of the resource. |
-| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `managedEventHubId` | string | The resource ID of the managed Event Hub Namespace. |
-| `managedResourceGroupId` | string | The resource ID of the managed resource group. |
-| `managedResourceGroupName` | string | The name of the managed resource group. |
-| `managedStorageAccountId` | string | The resource ID of the managed storage account. |
-| `name` | string | The name of the Purview Account. |
-| `resourceGroupName` | string | The resource group the Purview Account was deployed into. |
-| `resourceId` | string | The resource ID of the Purview Account. |
-| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
-
-## Cross-referenced modules
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-| Reference | Type |
-| :-- | :-- |
-| `network/private-endpoint` | Local reference |
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/purview.account:1.0.0`.
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
-Example 1: Common
via Bicep module
```bicep
-module account './purview/account/main.bicep' = {
+module account 'br:bicep/modules/purview.account:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-pvacom'
params: {
// Required parameters
@@ -387,14 +339,17 @@ module account './purview/account/main.bicep' = {
-
Example 2: Min
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module account './purview/account/main.bicep' = {
+module account 'br:bicep/modules/purview.account:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-pvamin'
params: {
// Required parameters
@@ -435,3 +390,210 @@ module account './purview/account/main.bicep' = {
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the Purview Account. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`accountPrivateEndpoints`](#parameter-accountprivateendpoints) | array | Configuration details for Purview Account private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'account'. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`eventHubPrivateEndpoints`](#parameter-eventhubprivateendpoints) | array | Configuration details for Purview Managed Event Hub namespace private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'namespace'. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`managedResourceGroupName`](#parameter-managedresourcegroupname) | string | The Managed Resource Group Name. A managed Storage Account, and an Event Hubs will be created in the selected subscription for catalog ingestion scenarios. Default is 'managed-rg-'. |
+| [`portalPrivateEndpoints`](#parameter-portalprivateendpoints) | array | Configuration details for Purview Portal private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'portal'. |
+| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`storageBlobPrivateEndpoints`](#parameter-storageblobprivateendpoints) | array | Configuration details for Purview Managed Storage Account blob private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'blob'. |
+| [`storageQueuePrivateEndpoints`](#parameter-storagequeueprivateendpoints) | array | Configuration details for Purview Managed Storage Account queue private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'queue'. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. |
+
+### Parameter: `accountPrivateEndpoints`
+
+Configuration details for Purview Account private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'account'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', allLogs, DataSensitivity, PurviewAccountAuditEvents, ScanStatus]`
+
+### Parameter: `diagnosticMetricsToEnable`
+
+The name of metrics that will be streamed.
+- Required: No
+- Type: array
+- Default: `[AllMetrics]`
+- Allowed: `[AllMetrics]`
+
+### Parameter: `diagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `eventHubPrivateEndpoints`
+
+Configuration details for Purview Managed Event Hub namespace private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'namespace'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `managedResourceGroupName`
+
+The Managed Resource Group Name. A managed Storage Account, and an Event Hubs will be created in the selected subscription for catalog ingestion scenarios. Default is 'managed-rg-'.
+- Required: No
+- Type: string
+- Default: `[format('managed-rg-{0}', parameters('name'))]`
+
+### Parameter: `name`
+
+Name of the Purview Account.
+- Required: Yes
+- Type: string
+
+### Parameter: `portalPrivateEndpoints`
+
+Configuration details for Purview Portal private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'portal'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `publicNetworkAccess`
+
+Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set.
+- Required: No
+- Type: string
+- Default: `'NotSpecified'`
+- Allowed: `[Disabled, Enabled, NotSpecified]`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `storageBlobPrivateEndpoints`
+
+Configuration details for Purview Managed Storage Account blob private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'blob'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `storageQueuePrivateEndpoints`
+
+Configuration details for Purview Managed Storage Account queue private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'queue'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `userAssignedIdentities`
+
+The ID(s) to assign to the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `managedEventHubId` | string | The resource ID of the managed Event Hub Namespace. |
+| `managedResourceGroupId` | string | The resource ID of the managed resource group. |
+| `managedResourceGroupName` | string | The name of the managed resource group. |
+| `managedStorageAccountId` | string | The resource ID of the managed storage account. |
+| `name` | string | The name of the Purview Account. |
+| `resourceGroupName` | string | The resource group the Purview Account was deployed into. |
+| `resourceId` | string | The resource ID of the Purview Account. |
+| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
+
+## Cross-referenced modules
+
+This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+
+| Reference | Type |
+| :-- | :-- |
+| `modules/network/private-endpoint` | Local reference |
diff --git a/modules/purview/account/main.json b/modules/purview/account/main.json
index 4c5a590e59..9133d24ca9 100644
--- a/modules/purview/account/main.json
+++ b/modules/purview/account/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "13858870839826071407"
+ "version": "0.22.6.54827",
+ "templateHash": "5252602419334487318"
},
"name": "Purview Accounts",
"description": "This module deploys a Purview Account.",
@@ -316,8 +316,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "14580007913383558904"
+ "version": "0.22.6.54827",
+ "templateHash": "2884140170473394983"
},
"name": "Private Endpoints",
"description": "This module deploys a Private Endpoint.",
@@ -516,8 +516,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "2469208411936339153"
+ "version": "0.22.6.54827",
+ "templateHash": "5610247137574346230"
},
"name": "Private Endpoint Private DNS Zone Groups",
"description": "This module deploys a Private Endpoint Private DNS Zone Group.",
@@ -654,8 +654,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "13032708393704093995"
+ "version": "0.22.6.54827",
+ "templateHash": "14351187799927334028"
}
},
"parameters": {
@@ -880,8 +880,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "14580007913383558904"
+ "version": "0.22.6.54827",
+ "templateHash": "2884140170473394983"
},
"name": "Private Endpoints",
"description": "This module deploys a Private Endpoint.",
@@ -1080,8 +1080,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "2469208411936339153"
+ "version": "0.22.6.54827",
+ "templateHash": "5610247137574346230"
},
"name": "Private Endpoint Private DNS Zone Groups",
"description": "This module deploys a Private Endpoint Private DNS Zone Group.",
@@ -1218,8 +1218,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "13032708393704093995"
+ "version": "0.22.6.54827",
+ "templateHash": "14351187799927334028"
}
},
"parameters": {
@@ -1444,8 +1444,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "14580007913383558904"
+ "version": "0.22.6.54827",
+ "templateHash": "2884140170473394983"
},
"name": "Private Endpoints",
"description": "This module deploys a Private Endpoint.",
@@ -1644,8 +1644,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "2469208411936339153"
+ "version": "0.22.6.54827",
+ "templateHash": "5610247137574346230"
},
"name": "Private Endpoint Private DNS Zone Groups",
"description": "This module deploys a Private Endpoint Private DNS Zone Group.",
@@ -1782,8 +1782,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "13032708393704093995"
+ "version": "0.22.6.54827",
+ "templateHash": "14351187799927334028"
}
},
"parameters": {
@@ -2008,8 +2008,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "14580007913383558904"
+ "version": "0.22.6.54827",
+ "templateHash": "2884140170473394983"
},
"name": "Private Endpoints",
"description": "This module deploys a Private Endpoint.",
@@ -2208,8 +2208,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "2469208411936339153"
+ "version": "0.22.6.54827",
+ "templateHash": "5610247137574346230"
},
"name": "Private Endpoint Private DNS Zone Groups",
"description": "This module deploys a Private Endpoint Private DNS Zone Group.",
@@ -2346,8 +2346,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "13032708393704093995"
+ "version": "0.22.6.54827",
+ "templateHash": "14351187799927334028"
}
},
"parameters": {
@@ -2572,8 +2572,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "14580007913383558904"
+ "version": "0.22.6.54827",
+ "templateHash": "2884140170473394983"
},
"name": "Private Endpoints",
"description": "This module deploys a Private Endpoint.",
@@ -2772,8 +2772,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "2469208411936339153"
+ "version": "0.22.6.54827",
+ "templateHash": "5610247137574346230"
},
"name": "Private Endpoint Private DNS Zone Groups",
"description": "This module deploys a Private Endpoint Private DNS Zone Group.",
@@ -2910,8 +2910,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "13032708393704093995"
+ "version": "0.22.6.54827",
+ "templateHash": "14351187799927334028"
}
},
"parameters": {
@@ -3124,8 +3124,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "12596337449494040710"
+ "version": "0.22.6.54827",
+ "templateHash": "15861709353924438880"
}
},
"parameters": {
diff --git a/modules/recovery-services/vault/.test/common/main.test.bicep b/modules/recovery-services/vault/.test/common/main.test.bicep
index dc9857d7c9..aa714983ad 100644
--- a/modules/recovery-services/vault/.test/common/main.test.bicep
+++ b/modules/recovery-services/vault/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/recovery-services/vault/.test/min/main.test.bicep b/modules/recovery-services/vault/.test/min/main.test.bicep
index d34d8bced4..8477f9fb08 100644
--- a/modules/recovery-services/vault/.test/min/main.test.bicep
+++ b/modules/recovery-services/vault/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/recovery-services/vault/README.md b/modules/recovery-services/vault/README.md
index 9adaee17b2..9b65242324 100644
--- a/modules/recovery-services/vault/README.md
+++ b/modules/recovery-services/vault/README.md
@@ -5,10 +5,10 @@ This module deploys a Recovery Services Vault.
## Navigation
- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
## Resource Types
@@ -31,78 +31,30 @@ This module deploys a Recovery Services Vault.
| `Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings` | [2022-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2022-10-01/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings) |
| `Microsoft.RecoveryServices/vaults/replicationPolicies` | [2022-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.RecoveryServices/2022-10-01/vaults/replicationPolicies) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Name of the Azure Recovery Service Vault. |
-
-**Optional parameters**
+## Usage examples
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `backupConfig` | _[backupConfig](backup-config/README.md)_ object | `{object}` | | The backup configuration. |
-| `backupPolicies` | array | `[]` | | List of all backup policies. |
-| `backupStorageConfig` | _[backupStorageConfig](backup-storage-config/README.md)_ object | `{object}` | | The storage configuration for the Azure Recovery Service Vault. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', AddonAzureBackupAlerts, AddonAzureBackupJobs, AddonAzureBackupPolicy, AddonAzureBackupProtectedInstance, AddonAzureBackupStorage, allLogs, AzureBackupReport, AzureSiteRecoveryEvents, AzureSiteRecoveryJobs, AzureSiteRecoveryProtectedDiskDataChurn, AzureSiteRecoveryRecoveryPoints, AzureSiteRecoveryReplicatedItems, AzureSiteRecoveryReplicationDataUploadRate, AzureSiteRecoveryReplicationStats, CoreAzureBackup]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticMetricsToEnable` | array | `[Health]` | `[Health]` | The name of metrics that will be streamed. |
-| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". |
-| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. |
-| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[resourceGroup().location]` | | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `monitoringSettings` | object | `{object}` | | Monitoring Settings of the vault. |
-| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. |
-| `protectionContainers` | array | `[]` | | List of all protection containers. |
-| `publicNetworkAccess` | string | `'Disabled'` | `[Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. |
-| `replicationAlertSettings` | object | `{object}` | | Replication alert settings. |
-| `replicationFabrics` | array | `[]` | | List of all replication fabrics. |
-| `replicationPolicies` | array | `[]` | | List of all replication policies. |
-| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `securitySettings` | object | `{object}` | | Security Settings of the vault. |
-| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. |
-| `tags` | object | `{object}` | | Tags of the Recovery Service Vault resource. |
-| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The Name of the recovery services vault. |
-| `resourceGroupName` | string | The name of the resource group the recovery services vault was created in. |
-| `resourceId` | string | The resource ID of the recovery services vault. |
-| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
-
-## Cross-referenced modules
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-| Reference | Type |
-| :-- | :-- |
-| `network/private-endpoint` | Local reference |
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/recovery-services.vault:1.0.0`.
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Dr](#example-2-dr)
+- [Using only defaults](#example-3-using-only-defaults)
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
-Example 1: Common
via Bicep module
```bicep
-module vault './recovery-services/vault/main.bicep' = {
+module vault 'br:bicep/modules/recovery-services.vault:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-rsvcom'
params: {
// Required parameters
@@ -754,14 +706,14 @@ module vault './recovery-services/vault/main.bicep' = {
-
Example 2: Dr
+### Example 2: _Dr_
via Bicep module
```bicep
-module vault './recovery-services/vault/main.bicep' = {
+module vault 'br:bicep/modules/recovery-services.vault:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-rsvdr'
params: {
// Required parameters
@@ -925,14 +877,17 @@ module vault './recovery-services/vault/main.bicep' = {
-
Example 3: Min
+### Example 3: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module vault './recovery-services/vault/main.bicep' = {
+module vault 'br:bicep/modules/recovery-services.vault:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-rsvmin'
params: {
// Required parameters
@@ -969,3 +924,246 @@ module vault './recovery-services/vault/main.bicep' = {
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the Azure Recovery Service Vault. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`backupConfig`](#parameter-backupconfig) | object | The backup configuration. |
+| [`backupPolicies`](#parameter-backuppolicies) | array | List of all backup policies. |
+| [`backupStorageConfig`](#parameter-backupstorageconfig) | object | The storage configuration for the Azure Recovery Service Vault. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`monitoringSettings`](#parameter-monitoringsettings) | object | Monitoring Settings of the vault. |
+| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. |
+| [`protectionContainers`](#parameter-protectioncontainers) | array | List of all protection containers. |
+| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. |
+| [`replicationAlertSettings`](#parameter-replicationalertsettings) | object | Replication alert settings. |
+| [`replicationFabrics`](#parameter-replicationfabrics) | array | List of all replication fabrics. |
+| [`replicationPolicies`](#parameter-replicationpolicies) | array | List of all replication policies. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`securitySettings`](#parameter-securitysettings) | object | Security Settings of the vault. |
+| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
+| [`tags`](#parameter-tags) | object | Tags of the Recovery Service Vault resource. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. |
+
+### Parameter: `backupConfig`
+
+The backup configuration.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `backupPolicies`
+
+List of all backup policies.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `backupStorageConfig`
+
+The storage configuration for the Azure Recovery Service Vault.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', AddonAzureBackupAlerts, AddonAzureBackupJobs, AddonAzureBackupPolicy, AddonAzureBackupProtectedInstance, AddonAzureBackupStorage, allLogs, AzureBackupReport, AzureSiteRecoveryEvents, AzureSiteRecoveryJobs, AzureSiteRecoveryProtectedDiskDataChurn, AzureSiteRecoveryRecoveryPoints, AzureSiteRecoveryReplicatedItems, AzureSiteRecoveryReplicationDataUploadRate, AzureSiteRecoveryReplicationStats, CoreAzureBackup]`
+
+### Parameter: `diagnosticMetricsToEnable`
+
+The name of metrics that will be streamed.
+- Required: No
+- Type: array
+- Default: `[Health]`
+- Allowed: `[Health]`
+
+### Parameter: `diagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `monitoringSettings`
+
+Monitoring Settings of the vault.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `name`
+
+Name of the Azure Recovery Service Vault.
+- Required: Yes
+- Type: string
+
+### Parameter: `privateEndpoints`
+
+Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `protectionContainers`
+
+List of all protection containers.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `publicNetworkAccess`
+
+Whether or not public network access is allowed for this resource. For security reasons it should be disabled.
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `replicationAlertSettings`
+
+Replication alert settings.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `replicationFabrics`
+
+List of all replication fabrics.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `replicationPolicies`
+
+List of all replication policies.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `securitySettings`
+
+Security Settings of the vault.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `systemAssignedIdentity`
+
+Enables system assigned managed identity on the resource.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags of the Recovery Service Vault resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `userAssignedIdentities`
+
+The ID(s) to assign to the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The Name of the recovery services vault. |
+| `resourceGroupName` | string | The name of the resource group the recovery services vault was created in. |
+| `resourceId` | string | The resource ID of the recovery services vault. |
+| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
+
+## Cross-referenced modules
+
+This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+
+| Reference | Type |
+| :-- | :-- |
+| `modules/network/private-endpoint` | Local reference |
diff --git a/modules/recovery-services/vault/backup-config/README.md b/modules/recovery-services/vault/backup-config/README.md
index 8b9118b29d..5ce1b92970 100644
--- a/modules/recovery-services/vault/backup-config/README.md
+++ b/modules/recovery-services/vault/backup-config/README.md
@@ -19,28 +19,102 @@ This module deploys a Recovery Services Vault Backup Config.
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. |
+| [`recoveryVaultName`](#parameter-recoveryvaultname) | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `enhancedSecurityState` | string | `'Enabled'` | `[Disabled, Enabled]` | Enable this setting to protect hybrid backups against accidental deletes and add additional layer of authentication for critical operations. |
-| `isSoftDeleteFeatureStateEditable` | bool | `True` | | Is soft delete feature state editable. |
-| `name` | string | `'vaultconfig'` | | Name of the Azure Recovery Service Vault Backup Policy. |
-| `resourceGuardOperationRequests` | array | `[]` | | ResourceGuard Operation Requests. |
-| `softDeleteFeatureState` | string | `'Enabled'` | `[Disabled, Enabled]` | Enable this setting to protect backup data for Azure VM, SQL Server in Azure VM and SAP HANA in Azure VM from accidental deletes. |
-| `storageModelType` | string | `'GeoRedundant'` | `[GeoRedundant, LocallyRedundant, ReadAccessGeoZoneRedundant, ZoneRedundant]` | Storage type. |
-| `storageType` | string | `'GeoRedundant'` | `[GeoRedundant, LocallyRedundant, ReadAccessGeoZoneRedundant, ZoneRedundant]` | Storage type. |
-| `storageTypeState` | string | `'Locked'` | `[Locked, Unlocked]` | Once a machine is registered against a resource, the storageTypeState is always Locked. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`enhancedSecurityState`](#parameter-enhancedsecuritystate) | string | Enable this setting to protect hybrid backups against accidental deletes and add additional layer of authentication for critical operations. |
+| [`isSoftDeleteFeatureStateEditable`](#parameter-issoftdeletefeaturestateeditable) | bool | Is soft delete feature state editable. |
+| [`name`](#parameter-name) | string | Name of the Azure Recovery Service Vault Backup Policy. |
+| [`resourceGuardOperationRequests`](#parameter-resourceguardoperationrequests) | array | ResourceGuard Operation Requests. |
+| [`softDeleteFeatureState`](#parameter-softdeletefeaturestate) | string | Enable this setting to protect backup data for Azure VM, SQL Server in Azure VM and SAP HANA in Azure VM from accidental deletes. |
+| [`storageModelType`](#parameter-storagemodeltype) | string | Storage type. |
+| [`storageType`](#parameter-storagetype) | string | Storage type. |
+| [`storageTypeState`](#parameter-storagetypestate) | string | Once a machine is registered against a resource, the storageTypeState is always Locked. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enhancedSecurityState`
+
+Enable this setting to protect hybrid backups against accidental deletes and add additional layer of authentication for critical operations.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `isSoftDeleteFeatureStateEditable`
+
+Is soft delete feature state editable.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `name`
+
+Name of the Azure Recovery Service Vault Backup Policy.
+- Required: No
+- Type: string
+- Default: `'vaultconfig'`
+
+### Parameter: `recoveryVaultName`
+
+The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `resourceGuardOperationRequests`
+
+ResourceGuard Operation Requests.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `softDeleteFeatureState`
+
+Enable this setting to protect backup data for Azure VM, SQL Server in Azure VM and SAP HANA in Azure VM from accidental deletes.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
+
+### Parameter: `storageModelType`
+
+Storage type.
+- Required: No
+- Type: string
+- Default: `'GeoRedundant'`
+- Allowed: `[GeoRedundant, LocallyRedundant, ReadAccessGeoZoneRedundant, ZoneRedundant]`
+
+### Parameter: `storageType`
+
+Storage type.
+- Required: No
+- Type: string
+- Default: `'GeoRedundant'`
+- Allowed: `[GeoRedundant, LocallyRedundant, ReadAccessGeoZoneRedundant, ZoneRedundant]`
+
+### Parameter: `storageTypeState`
+
+Once a machine is registered against a resource, the storageTypeState is always Locked.
+- Required: No
+- Type: string
+- Default: `'Locked'`
+- Allowed: `[Locked, Unlocked]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the backup config. |
| `resourceGroupName` | string | The name of the resource group the backup config was created in. |
diff --git a/modules/recovery-services/vault/backup-config/main.json b/modules/recovery-services/vault/backup-config/main.json
index 5052408a86..7ba9a5b1cb 100644
--- a/modules/recovery-services/vault/backup-config/main.json
+++ b/modules/recovery-services/vault/backup-config/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "2030776827393689599"
+ "version": "0.22.6.54827",
+ "templateHash": "7310792683713567656"
},
"name": "Recovery Services Vault Backup Config",
"description": "This module deploys a Recovery Services Vault Backup Config.",
diff --git a/modules/recovery-services/vault/backup-fabric/protection-container/README.md b/modules/recovery-services/vault/backup-fabric/protection-container/README.md
index 5c39aced8b..0c7bbeeb33 100644
--- a/modules/recovery-services/vault/backup-fabric/protection-container/README.md
+++ b/modules/recovery-services/vault/backup-fabric/protection-container/README.md
@@ -4,12 +4,12 @@ This module deploys a Recovery Services Vault Protection Container.
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
@@ -20,32 +20,95 @@ This module deploys a Recovery Services Vault Protection Container.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | Name of the Azure Recovery Service Vault Protection Container. |
+| [`name`](#parameter-name) | string | Name of the Azure Recovery Service Vault Protection Container. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. |
+| [`recoveryVaultName`](#parameter-recoveryvaultname) | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `backupManagementType` | string | `''` | `['', AzureBackupServer, AzureIaasVM, AzureSql, AzureStorage, AzureWorkload, DefaultBackup, DPM, Invalid, MAB]` | Backup management type to execute the current Protection Container job. |
-| `containerType` | string | `''` | `['', AzureBackupServerContainer, AzureSqlContainer, GenericContainer, Microsoft.ClassicCompute/virtualMachines, Microsoft.Compute/virtualMachines, SQLAGWorkLoadContainer, StorageContainer, VMAppContainer, Windows]` | Type of the container. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `friendlyName` | string | `''` | | Friendly name of the Protection Container. |
-| `location` | string | `[resourceGroup().location]` | | Location for all resources. |
-| `protectedItems` | array | `[]` | | Protected items to register in the container. |
-| `sourceResourceId` | string | `''` | | Resource ID of the target resource for the Protection Container. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`backupManagementType`](#parameter-backupmanagementtype) | string | Backup management type to execute the current Protection Container job. |
+| [`containerType`](#parameter-containertype) | string | Type of the container. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`friendlyName`](#parameter-friendlyname) | string | Friendly name of the Protection Container. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`protectedItems`](#parameter-protecteditems) | array | Protected items to register in the container. |
+| [`sourceResourceId`](#parameter-sourceresourceid) | string | Resource ID of the target resource for the Protection Container. |
+
+### Parameter: `backupManagementType`
+
+Backup management type to execute the current Protection Container job.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', AzureBackupServer, AzureIaasVM, AzureSql, AzureStorage, AzureWorkload, DefaultBackup, DPM, Invalid, MAB]`
+
+### Parameter: `containerType`
+
+Type of the container.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', AzureBackupServerContainer, AzureSqlContainer, GenericContainer, Microsoft.ClassicCompute/virtualMachines, Microsoft.Compute/virtualMachines, SQLAGWorkLoadContainer, StorageContainer, VMAppContainer, Windows]`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `friendlyName`
+
+Friendly name of the Protection Container.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `name`
+
+Name of the Azure Recovery Service Vault Protection Container.
+- Required: Yes
+- Type: string
+
+### Parameter: `protectedItems`
+
+Protected items to register in the container.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `recoveryVaultName`
+
+The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `sourceResourceId`
+
+Resource ID of the target resource for the Protection Container.
+- Required: No
+- Type: string
+- Default: `''`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The Name of the Protection Container. |
| `resourceGroupName` | string | The name of the Resource Group the Protection Container was created in. |
diff --git a/modules/recovery-services/vault/backup-fabric/protection-container/main.json b/modules/recovery-services/vault/backup-fabric/protection-container/main.json
index 86cb2e9330..ce42abbbf0 100644
--- a/modules/recovery-services/vault/backup-fabric/protection-container/main.json
+++ b/modules/recovery-services/vault/backup-fabric/protection-container/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "17832840146797285516"
+ "version": "0.22.6.54827",
+ "templateHash": "2599343254432362849"
},
"name": "Recovery Services Vault Protection Container",
"description": "This module deploys a Recovery Services Vault Protection Container.",
@@ -172,8 +172,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "6407898441503460857"
+ "version": "0.22.6.54827",
+ "templateHash": "7148492251760573310"
},
"name": "Recovery Service Vaults Protection Container Protected Item",
"description": "This module deploys a Recovery Services Vault Protection Container Protected Item.",
diff --git a/modules/recovery-services/vault/backup-fabric/protection-container/protected-item/README.md b/modules/recovery-services/vault/backup-fabric/protection-container/protected-item/README.md
index 51f5bb2b9f..64cd46a689 100644
--- a/modules/recovery-services/vault/backup-fabric/protection-container/protected-item/README.md
+++ b/modules/recovery-services/vault/backup-fabric/protection-container/protected-item/README.md
@@ -4,12 +4,12 @@ This module deploys a Recovery Services Vault Protection Container Protected Ite
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
@@ -19,31 +19,82 @@ This module deploys a Recovery Services Vault Protection Container Protected Ite
**Required parameters**
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `name` | string | | Name of the resource. |
-| `policyId` | string | | ID of the backup policy with which this item is backed up. |
-| `protectedItemType` | string | `[AzureFileShareProtectedItem, AzureVmWorkloadSAPAseDatabase, AzureVmWorkloadSAPHanaDatabase, AzureVmWorkloadSQLDatabase, DPMProtectedItem, GenericProtectedItem, MabFileFolderProtectedItem, Microsoft.ClassicCompute/virtualMachines, Microsoft.Compute/virtualMachines, Microsoft.Sql/servers/databases]` | The backup item type. |
-| `sourceResourceId` | string | | Resource ID of the resource to back up. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the resource. |
+| [`policyId`](#parameter-policyid) | string | ID of the backup policy with which this item is backed up. |
+| [`protectedItemType`](#parameter-protecteditemtype) | string | The backup item type. |
+| [`sourceResourceId`](#parameter-sourceresourceid) | string | Resource ID of the resource to back up. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `protectionContainerName` | string | Name of the Azure Recovery Service Vault Protection Container. Required if the template is used in a standalone deployment. |
-| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. |
+| [`protectionContainerName`](#parameter-protectioncontainername) | string | Name of the Azure Recovery Service Vault Protection Container. Required if the template is used in a standalone deployment. |
+| [`recoveryVaultName`](#parameter-recoveryvaultname) | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[resourceGroup().location]` | Location for all resources. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location for all resources. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `name`
+
+Name of the resource.
+- Required: Yes
+- Type: string
+
+### Parameter: `policyId`
+
+ID of the backup policy with which this item is backed up.
+- Required: Yes
+- Type: string
+
+### Parameter: `protectedItemType`
+
+The backup item type.
+- Required: Yes
+- Type: string
+- Allowed: `[AzureFileShareProtectedItem, AzureVmWorkloadSAPAseDatabase, AzureVmWorkloadSAPHanaDatabase, AzureVmWorkloadSQLDatabase, DPMProtectedItem, GenericProtectedItem, MabFileFolderProtectedItem, Microsoft.ClassicCompute/virtualMachines, Microsoft.Compute/virtualMachines, Microsoft.Sql/servers/databases]`
+
+### Parameter: `protectionContainerName`
+
+Name of the Azure Recovery Service Vault Protection Container. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `recoveryVaultName`
+
+The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `sourceResourceId`
+
+Resource ID of the resource to back up.
+- Required: Yes
+- Type: string
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The Name of the protected item. |
| `resourceGroupName` | string | The name of the Resource Group the protected item was created in. |
diff --git a/modules/recovery-services/vault/backup-fabric/protection-container/protected-item/main.json b/modules/recovery-services/vault/backup-fabric/protection-container/protected-item/main.json
index 2ccee87db2..232937bb2a 100644
--- a/modules/recovery-services/vault/backup-fabric/protection-container/protected-item/main.json
+++ b/modules/recovery-services/vault/backup-fabric/protection-container/protected-item/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "6407898441503460857"
+ "version": "0.22.6.54827",
+ "templateHash": "7148492251760573310"
},
"name": "Recovery Service Vaults Protection Container Protected Item",
"description": "This module deploys a Recovery Services Vault Protection Container Protected Item.",
diff --git a/modules/recovery-services/vault/backup-policy/README.md b/modules/recovery-services/vault/backup-policy/README.md
index 8490913844..c769d8ce08 100644
--- a/modules/recovery-services/vault/backup-policy/README.md
+++ b/modules/recovery-services/vault/backup-policy/README.md
@@ -4,12 +4,12 @@ This module deploys a Recovery Services Vault Backup Policy.
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
@@ -19,27 +19,52 @@ This module deploys a Recovery Services Vault Backup Policy.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | Name of the Azure Recovery Service Vault Backup Policy. |
-| `properties` | object | Configuration of the Azure Recovery Service Vault Backup Policy. |
+| [`name`](#parameter-name) | string | Name of the Azure Recovery Service Vault Backup Policy. |
+| [`properties`](#parameter-properties) | object | Configuration of the Azure Recovery Service Vault Backup Policy. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. |
+| [`recoveryVaultName`](#parameter-recoveryvaultname) | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `name`
+
+Name of the Azure Recovery Service Vault Backup Policy.
+- Required: Yes
+- Type: string
+
+### Parameter: `properties`
+
+Configuration of the Azure Recovery Service Vault Backup Policy.
+- Required: Yes
+- Type: object
+
+### Parameter: `recoveryVaultName`
+
+The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the backup policy. |
| `resourceGroupName` | string | The name of the resource group the backup policy was created in. |
diff --git a/modules/recovery-services/vault/backup-policy/main.json b/modules/recovery-services/vault/backup-policy/main.json
index 8a67c74af9..c6180ca142 100644
--- a/modules/recovery-services/vault/backup-policy/main.json
+++ b/modules/recovery-services/vault/backup-policy/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "13635254612288594433"
+ "version": "0.22.6.54827",
+ "templateHash": "5026084694620767555"
},
"name": "Recovery Services Vault Backup Policies",
"description": "This module deploys a Recovery Services Vault Backup Policy.",
diff --git a/modules/recovery-services/vault/backup-storage-config/README.md b/modules/recovery-services/vault/backup-storage-config/README.md
index 523244fc10..44c5b030b3 100644
--- a/modules/recovery-services/vault/backup-storage-config/README.md
+++ b/modules/recovery-services/vault/backup-storage-config/README.md
@@ -4,12 +4,12 @@ This module deploys a Recovery Service Vault Backup Storage Configuration.
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
@@ -19,23 +19,58 @@ This module deploys a Recovery Service Vault Backup Storage Configuration.
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. |
+| [`recoveryVaultName`](#parameter-recoveryvaultname) | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `crossRegionRestoreFlag` | bool | `True` | | Opt in details of Cross Region Restore feature. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `name` | string | `'vaultstorageconfig'` | | The name of the backup storage config. |
-| `storageModelType` | string | `'GeoRedundant'` | `[GeoRedundant, LocallyRedundant, ReadAccessGeoZoneRedundant, ZoneRedundant]` | Change Vault Storage Type (Works if vault has not registered any backup instance). |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`crossRegionRestoreFlag`](#parameter-crossregionrestoreflag) | bool | Opt in details of Cross Region Restore feature. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`name`](#parameter-name) | string | The name of the backup storage config. |
+| [`storageModelType`](#parameter-storagemodeltype) | string | Change Vault Storage Type (Works if vault has not registered any backup instance). |
+
+### Parameter: `crossRegionRestoreFlag`
+
+Opt in details of Cross Region Restore feature.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `name`
+
+The name of the backup storage config.
+- Required: No
+- Type: string
+- Default: `'vaultstorageconfig'`
+
+### Parameter: `recoveryVaultName`
+
+The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `storageModelType`
+
+Change Vault Storage Type (Works if vault has not registered any backup instance).
+- Required: No
+- Type: string
+- Default: `'GeoRedundant'`
+- Allowed: `[GeoRedundant, LocallyRedundant, ReadAccessGeoZoneRedundant, ZoneRedundant]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the backup storage config. |
| `resourceGroupName` | string | The name of the Resource Group the backup storage configuration was created in. |
diff --git a/modules/recovery-services/vault/backup-storage-config/main.json b/modules/recovery-services/vault/backup-storage-config/main.json
index f2d19f8d68..b3b1a961d8 100644
--- a/modules/recovery-services/vault/backup-storage-config/main.json
+++ b/modules/recovery-services/vault/backup-storage-config/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "5682567943042044037"
+ "version": "0.22.6.54827",
+ "templateHash": "11669127714287855633"
},
"name": "Recovery Services Vault Backup Storage Config",
"description": "This module deploys a Recovery Service Vault Backup Storage Configuration.",
diff --git a/modules/recovery-services/vault/main.json b/modules/recovery-services/vault/main.json
index 4dbbe27952..8a77b1b8fe 100644
--- a/modules/recovery-services/vault/main.json
+++ b/modules/recovery-services/vault/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "6227298459944107927"
+ "version": "0.22.6.54827",
+ "templateHash": "9931998458625198588"
},
"name": "Recovery Services Vaults",
"description": "This module deploys a Recovery Services Vault.",
@@ -352,8 +352,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "5163393158902461304"
+ "version": "0.22.6.54827",
+ "templateHash": "4084364932296928832"
},
"name": "Recovery Services Vault Replication Fabrics",
"description": "This module deploys a Replication Fabric for Azure to Azure disaster recovery scenario of Azure Site Recovery.\r\n\r\n> Note: this module currently support only the `instanceType: 'Azure'` scenario.",
@@ -458,8 +458,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "11778647907922523589"
+ "version": "0.22.6.54827",
+ "templateHash": "12428378308583074618"
},
"name": "Recovery Services Vault Replication Fabric Replication Protection Containers",
"description": "This module deploys a Recovery Services Vault Replication Protection Container.\r\n\r\n> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario.",
@@ -568,8 +568,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "4097117837670939230"
+ "version": "0.22.6.54827",
+ "templateHash": "13312155038829056102"
},
"name": "Recovery Services Vault Replication Fabric Replication Protection Container Replication Protection Container Mappings",
"description": "This module deploys a Recovery Services Vault (RSV) Replication Protection Container Mapping.\r\n\r\n> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario.",
@@ -801,8 +801,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "571014987628974476"
+ "version": "0.22.6.54827",
+ "templateHash": "4881591174035362600"
},
"name": "Recovery Services Vault Replication Policies",
"description": "This module deploys a Recovery Services Vault Replication Policy for Disaster Recovery scenario.\r\n\r\n> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario.",
@@ -950,8 +950,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "9320127696130777627"
+ "version": "0.22.6.54827",
+ "templateHash": "11669127714287855633"
},
"name": "Recovery Services Vault Backup Storage Config",
"description": "This module deploys a Recovery Service Vault Backup Storage Configuration.",
@@ -1099,8 +1099,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "18051870481312741885"
+ "version": "0.22.6.54827",
+ "templateHash": "2599343254432362849"
},
"name": "Recovery Services Vault Protection Container",
"description": "This module deploys a Recovery Services Vault Protection Container.",
@@ -1267,8 +1267,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "10079924922844886000"
+ "version": "0.22.6.54827",
+ "templateHash": "7148492251760573310"
},
"name": "Recovery Service Vaults Protection Container Protected Item",
"description": "This module deploys a Recovery Services Vault Protection Container Protected Item.",
@@ -1457,8 +1457,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "11484548106923742925"
+ "version": "0.22.6.54827",
+ "templateHash": "5026084694620767555"
},
"name": "Recovery Services Vault Backup Policies",
"description": "This module deploys a Recovery Services Vault Backup Policy.",
@@ -1574,8 +1574,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "17044473868370755942"
+ "version": "0.22.6.54827",
+ "templateHash": "7310792683713567656"
},
"name": "Recovery Services Vault Backup Config",
"description": "This module deploys a Recovery Services Vault Backup Config.",
@@ -1765,8 +1765,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "4077813769135879734"
+ "version": "0.22.6.54827",
+ "templateHash": "326959657687879671"
},
"name": "Recovery Services Vault Replication Alert Settings",
"description": "This module deploys a Recovery Services Vault Replication Alert Settings.",
@@ -1920,8 +1920,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "14580007913383558904"
+ "version": "0.22.6.54827",
+ "templateHash": "2884140170473394983"
},
"name": "Private Endpoints",
"description": "This module deploys a Private Endpoint.",
@@ -2120,8 +2120,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "2469208411936339153"
+ "version": "0.22.6.54827",
+ "templateHash": "5610247137574346230"
},
"name": "Private Endpoint Private DNS Zone Groups",
"description": "This module deploys a Private Endpoint Private DNS Zone Group.",
@@ -2258,8 +2258,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "13032708393704093995"
+ "version": "0.22.6.54827",
+ "templateHash": "14351187799927334028"
}
},
"parameters": {
@@ -2472,8 +2472,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "14902208368944856830"
+ "version": "0.22.6.54827",
+ "templateHash": "8436896073465306731"
}
},
"parameters": {
diff --git a/modules/recovery-services/vault/replication-alert-setting/README.md b/modules/recovery-services/vault/replication-alert-setting/README.md
index b4ee9494c5..c756a3ce98 100644
--- a/modules/recovery-services/vault/replication-alert-setting/README.md
+++ b/modules/recovery-services/vault/replication-alert-setting/README.md
@@ -19,24 +19,66 @@ This module deploys a Recovery Services Vault Replication Alert Settings.
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. |
+| [`recoveryVaultName`](#parameter-recoveryvaultname) | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `customEmailAddresses` | array | `[]` | | Comma separated list of custom email address for sending alert emails. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `locale` | string | `''` | | The locale for the email notification. |
-| `name` | string | `'defaultAlertSetting'` | | The name of the replication Alert Setting. |
-| `sendToOwners` | string | `'Send'` | `[DoNotSend, Send]` | The value indicating whether to send email to subscription administrator. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`customEmailAddresses`](#parameter-customemailaddresses) | array | Comma separated list of custom email address for sending alert emails. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`locale`](#parameter-locale) | string | The locale for the email notification. |
+| [`name`](#parameter-name) | string | The name of the replication Alert Setting. |
+| [`sendToOwners`](#parameter-sendtoowners) | string | The value indicating whether to send email to subscription administrator. |
+
+### Parameter: `customEmailAddresses`
+
+Comma separated list of custom email address for sending alert emails.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `locale`
+
+The locale for the email notification.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `name`
+
+The name of the replication Alert Setting.
+- Required: No
+- Type: string
+- Default: `'defaultAlertSetting'`
+
+### Parameter: `recoveryVaultName`
+
+The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `sendToOwners`
+
+The value indicating whether to send email to subscription administrator.
+- Required: No
+- Type: string
+- Default: `'Send'`
+- Allowed: `[DoNotSend, Send]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the replication Alert Setting. |
| `resourceGroupName` | string | The name of the resource group the replication alert setting was created. |
diff --git a/modules/recovery-services/vault/replication-alert-setting/main.json b/modules/recovery-services/vault/replication-alert-setting/main.json
index f0561c50d1..27d98ff68e 100644
--- a/modules/recovery-services/vault/replication-alert-setting/main.json
+++ b/modules/recovery-services/vault/replication-alert-setting/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "14248192554679574765"
+ "version": "0.22.6.54827",
+ "templateHash": "326959657687879671"
},
"name": "Recovery Services Vault Replication Alert Settings",
"description": "This module deploys a Recovery Services Vault Replication Alert Settings.",
diff --git a/modules/recovery-services/vault/replication-fabric/README.md b/modules/recovery-services/vault/replication-fabric/README.md
index e11ecc23d5..8213e34c2a 100644
--- a/modules/recovery-services/vault/replication-fabric/README.md
+++ b/modules/recovery-services/vault/replication-fabric/README.md
@@ -23,28 +23,62 @@ This module deploys a Replication Fabric for Azure to Azure disaster recovery sc
**Required parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `location` | string | `[resourceGroup().location]` | The recovery location the fabric represents. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`location`](#parameter-location) | string | The recovery location the fabric represents. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. |
+| [`recoveryVaultName`](#parameter-recoveryvaultname) | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `name` | string | `[parameters('location')]` | The name of the fabric. |
-| `replicationContainers` | array | `[]` | Replication containers to create. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`name`](#parameter-name) | string | The name of the fabric. |
+| [`replicationContainers`](#parameter-replicationcontainers) | array | Replication containers to create. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+The recovery location the fabric represents.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `name`
+
+The name of the fabric.
+- Required: No
+- Type: string
+- Default: `[parameters('location')]`
+
+### Parameter: `recoveryVaultName`
+
+The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `replicationContainers`
+
+Replication containers to create.
+- Required: No
+- Type: array
+- Default: `[]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the replication fabric. |
| `resourceGroupName` | string | The name of the resource group the replication fabric was created in. |
diff --git a/modules/recovery-services/vault/replication-fabric/main.json b/modules/recovery-services/vault/replication-fabric/main.json
index 11e29ab771..695123e7e7 100644
--- a/modules/recovery-services/vault/replication-fabric/main.json
+++ b/modules/recovery-services/vault/replication-fabric/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "8280438435310104866"
+ "version": "0.22.6.54827",
+ "templateHash": "4084364932296928832"
},
"name": "Recovery Services Vault Replication Fabrics",
"description": "This module deploys a Replication Fabric for Azure to Azure disaster recovery scenario of Azure Site Recovery.\r\n\r\n> Note: this module currently support only the `instanceType: 'Azure'` scenario.",
@@ -110,8 +110,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "1196918307822554260"
+ "version": "0.22.6.54827",
+ "templateHash": "12428378308583074618"
},
"name": "Recovery Services Vault Replication Fabric Replication Protection Containers",
"description": "This module deploys a Recovery Services Vault Replication Protection Container.\r\n\r\n> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario.",
@@ -220,8 +220,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "2149629411962083695"
+ "version": "0.22.6.54827",
+ "templateHash": "13312155038829056102"
},
"name": "Recovery Services Vault Replication Fabric Replication Protection Container Replication Protection Container Mappings",
"description": "This module deploys a Recovery Services Vault (RSV) Replication Protection Container Mapping.\r\n\r\n> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario.",
diff --git a/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md b/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md
index 23b6656e50..841d221908 100644
--- a/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md
+++ b/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md
@@ -22,28 +22,60 @@ This module deploys a Recovery Services Vault Replication Protection Container.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | The name of the replication container. |
+| [`name`](#parameter-name) | string | The name of the replication container. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. |
-| `replicationFabricName` | string | The name of the parent Replication Fabric. Required if the template is used in a standalone deployment. |
+| [`recoveryVaultName`](#parameter-recoveryvaultname) | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. |
+| [`replicationFabricName`](#parameter-replicationfabricname) | string | The name of the parent Replication Fabric. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `replicationContainerMappings` | array | `[]` | Replication containers mappings to create. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`replicationContainerMappings`](#parameter-replicationcontainermappings) | array | Replication containers mappings to create. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `name`
+
+The name of the replication container.
+- Required: Yes
+- Type: string
+
+### Parameter: `recoveryVaultName`
+
+The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `replicationContainerMappings`
+
+Replication containers mappings to create.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `replicationFabricName`
+
+The name of the parent Replication Fabric. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the replication container. |
| `resourceGroupName` | string | The name of the resource group the replication container was created in. |
diff --git a/modules/recovery-services/vault/replication-fabric/replication-protection-container/main.json b/modules/recovery-services/vault/replication-fabric/replication-protection-container/main.json
index 9a5aeba687..1dac942bdb 100644
--- a/modules/recovery-services/vault/replication-fabric/replication-protection-container/main.json
+++ b/modules/recovery-services/vault/replication-fabric/replication-protection-container/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "1196918307822554260"
+ "version": "0.22.6.54827",
+ "templateHash": "12428378308583074618"
},
"name": "Recovery Services Vault Replication Fabric Replication Protection Containers",
"description": "This module deploys a Recovery Services Vault Replication Protection Container.\r\n\r\n> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario.",
@@ -114,8 +114,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "2149629411962083695"
+ "version": "0.22.6.54827",
+ "templateHash": "13312155038829056102"
},
"name": "Recovery Services Vault Replication Fabric Replication Protection Container Replication Protection Container Mappings",
"description": "This module deploys a Recovery Services Vault (RSV) Replication Protection Container Mapping.\r\n\r\n> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario.",
diff --git a/modules/recovery-services/vault/replication-fabric/replication-protection-container/replication-protection-container-mapping/README.md b/modules/recovery-services/vault/replication-fabric/replication-protection-container/replication-protection-container-mapping/README.md
index f2351c5c46..e409532d3e 100644
--- a/modules/recovery-services/vault/replication-fabric/replication-protection-container/replication-protection-container-mapping/README.md
+++ b/modules/recovery-services/vault/replication-fabric/replication-protection-container/replication-protection-container-mapping/README.md
@@ -21,28 +21,95 @@ This module deploys a Recovery Services Vault (RSV) Replication Protection Conta
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. |
-| `replicationFabricName` | string | The name of the parent Replication Fabric. Required if the template is used in a standalone deployment. |
-| `sourceProtectionContainerName` | string | The name of the parent source Replication container. Required if the template is used in a standalone deployment. |
+| [`recoveryVaultName`](#parameter-recoveryvaultname) | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. |
+| [`replicationFabricName`](#parameter-replicationfabricname) | string | The name of the parent Replication Fabric. Required if the template is used in a standalone deployment. |
+| [`sourceProtectionContainerName`](#parameter-sourceprotectioncontainername) | string | The name of the parent source Replication container. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `name` | string | `''` | The name of the replication container mapping. If not provided, it will be automatically generated as `-`. |
-| `policyId` | string | `''` | Resource ID of the replication policy. If defined, policyName will be ignored. |
-| `policyName` | string | `''` | Name of the replication policy. Will be ignored if policyId is also specified. |
-| `targetContainerFabricName` | string | `[parameters('replicationFabricName')]` | Name of the fabric containing the target container. If targetProtectionContainerId is specified, this parameter will be ignored. |
-| `targetContainerName` | string | `''` | Name of the target container. Must be specified if targetProtectionContainerId is not. If targetProtectionContainerId is specified, this parameter will be ignored. |
-| `targetProtectionContainerId` | string | `''` | Resource ID of the target Replication container. Must be specified if targetContainerName is not. If specified, targetContainerFabricName and targetContainerName will be ignored. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`name`](#parameter-name) | string | The name of the replication container mapping. If not provided, it will be automatically generated as `-`. |
+| [`policyId`](#parameter-policyid) | string | Resource ID of the replication policy. If defined, policyName will be ignored. |
+| [`policyName`](#parameter-policyname) | string | Name of the replication policy. Will be ignored if policyId is also specified. |
+| [`targetContainerFabricName`](#parameter-targetcontainerfabricname) | string | Name of the fabric containing the target container. If targetProtectionContainerId is specified, this parameter will be ignored. |
+| [`targetContainerName`](#parameter-targetcontainername) | string | Name of the target container. Must be specified if targetProtectionContainerId is not. If targetProtectionContainerId is specified, this parameter will be ignored. |
+| [`targetProtectionContainerId`](#parameter-targetprotectioncontainerid) | string | Resource ID of the target Replication container. Must be specified if targetContainerName is not. If specified, targetContainerFabricName and targetContainerName will be ignored. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `name`
+
+The name of the replication container mapping. If not provided, it will be automatically generated as `-`.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `policyId`
+
+Resource ID of the replication policy. If defined, policyName will be ignored.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `policyName`
+
+Name of the replication policy. Will be ignored if policyId is also specified.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `recoveryVaultName`
+
+The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `replicationFabricName`
+
+The name of the parent Replication Fabric. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `sourceProtectionContainerName`
+
+The name of the parent source Replication container. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `targetContainerFabricName`
+
+Name of the fabric containing the target container. If targetProtectionContainerId is specified, this parameter will be ignored.
+- Required: No
+- Type: string
+- Default: `[parameters('replicationFabricName')]`
+
+### Parameter: `targetContainerName`
+
+Name of the target container. Must be specified if targetProtectionContainerId is not. If targetProtectionContainerId is specified, this parameter will be ignored.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `targetProtectionContainerId`
+
+Resource ID of the target Replication container. Must be specified if targetContainerName is not. If specified, targetContainerFabricName and targetContainerName will be ignored.
+- Required: No
+- Type: string
+- Default: `''`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the replication container. |
| `resourceGroupName` | string | The name of the resource group the replication container was created in. |
diff --git a/modules/recovery-services/vault/replication-fabric/replication-protection-container/replication-protection-container-mapping/main.json b/modules/recovery-services/vault/replication-fabric/replication-protection-container/replication-protection-container-mapping/main.json
index 6d189a871f..8e5a371f40 100644
--- a/modules/recovery-services/vault/replication-fabric/replication-protection-container/replication-protection-container-mapping/main.json
+++ b/modules/recovery-services/vault/replication-fabric/replication-protection-container/replication-protection-container-mapping/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "2149629411962083695"
+ "version": "0.22.6.54827",
+ "templateHash": "13312155038829056102"
},
"name": "Recovery Services Vault Replication Fabric Replication Protection Container Replication Protection Container Mappings",
"description": "This module deploys a Recovery Services Vault (RSV) Replication Protection Container Mapping.\r\n\r\n> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario.",
diff --git a/modules/recovery-services/vault/replication-policy/README.md b/modules/recovery-services/vault/replication-policy/README.md
index 9e7fd1421d..81a72c1aa8 100644
--- a/modules/recovery-services/vault/replication-policy/README.md
+++ b/modules/recovery-services/vault/replication-policy/README.md
@@ -21,30 +21,78 @@ This module deploys a Recovery Services Vault Replication Policy for Disaster Re
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | The name of the replication policy. |
+| [`name`](#parameter-name) | string | The name of the replication policy. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `recoveryVaultName` | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. |
+| [`recoveryVaultName`](#parameter-recoveryvaultname) | string | The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `appConsistentFrequencyInMinutes` | int | `60` | | The app consistent snapshot frequency (in minutes). |
-| `crashConsistentFrequencyInMinutes` | int | `5` | | The crash consistent snapshot frequency (in minutes). |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `multiVmSyncStatus` | string | `'Enable'` | `[Disable, Enable]` | A value indicating whether multi-VM sync has to be enabled. |
-| `recoveryPointHistory` | int | `1440` | | The duration in minutes until which the recovery points need to be stored. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`appConsistentFrequencyInMinutes`](#parameter-appconsistentfrequencyinminutes) | int | The app consistent snapshot frequency (in minutes). |
+| [`crashConsistentFrequencyInMinutes`](#parameter-crashconsistentfrequencyinminutes) | int | The crash consistent snapshot frequency (in minutes). |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`multiVmSyncStatus`](#parameter-multivmsyncstatus) | string | A value indicating whether multi-VM sync has to be enabled. |
+| [`recoveryPointHistory`](#parameter-recoverypointhistory) | int | The duration in minutes until which the recovery points need to be stored. |
+
+### Parameter: `appConsistentFrequencyInMinutes`
+
+The app consistent snapshot frequency (in minutes).
+- Required: No
+- Type: int
+- Default: `60`
+
+### Parameter: `crashConsistentFrequencyInMinutes`
+
+The crash consistent snapshot frequency (in minutes).
+- Required: No
+- Type: int
+- Default: `5`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `multiVmSyncStatus`
+
+A value indicating whether multi-VM sync has to be enabled.
+- Required: No
+- Type: string
+- Default: `'Enable'`
+- Allowed: `[Disable, Enable]`
+
+### Parameter: `name`
+
+The name of the replication policy.
+- Required: Yes
+- Type: string
+
+### Parameter: `recoveryPointHistory`
+
+The duration in minutes until which the recovery points need to be stored.
+- Required: No
+- Type: int
+- Default: `1440`
+
+### Parameter: `recoveryVaultName`
+
+The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the replication policy. |
| `resourceGroupName` | string | The name of the resource group the replication policy was created in. |
diff --git a/modules/recovery-services/vault/replication-policy/main.json b/modules/recovery-services/vault/replication-policy/main.json
index d91fe34f95..783b758258 100644
--- a/modules/recovery-services/vault/replication-policy/main.json
+++ b/modules/recovery-services/vault/replication-policy/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "11896184761533167738"
+ "version": "0.22.6.54827",
+ "templateHash": "4881591174035362600"
},
"name": "Recovery Services Vault Replication Policies",
"description": "This module deploys a Recovery Services Vault Replication Policy for Disaster Recovery scenario.\r\n\r\n> **Note**: this version of the module only supports the `instanceType: 'A2A'` scenario.",
diff --git a/modules/relay/namespace/.test/common/main.test.bicep b/modules/relay/namespace/.test/common/main.test.bicep
index 3dd433d28f..219a764842 100644
--- a/modules/relay/namespace/.test/common/main.test.bicep
+++ b/modules/relay/namespace/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/relay/namespace/.test/min/main.test.bicep b/modules/relay/namespace/.test/min/main.test.bicep
index 3553a10c28..25c3225ee0 100644
--- a/modules/relay/namespace/.test/min/main.test.bicep
+++ b/modules/relay/namespace/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/relay/namespace/README.md b/modules/relay/namespace/README.md
index 4d6c984338..d70c85905e 100644
--- a/modules/relay/namespace/README.md
+++ b/modules/relay/namespace/README.md
@@ -4,13 +4,13 @@ This module deploys a Relay Namespace
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
@@ -27,70 +27,30 @@ This module deploys a Relay Namespace
| `Microsoft.Relay/namespaces/wcfRelays` | [2021-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Relay/2021-11-01/namespaces/wcfRelays) |
| `Microsoft.Relay/namespaces/wcfRelays/authorizationRules` | [2021-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Relay/2021-11-01/namespaces/wcfRelays/authorizationRules) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Name of the Relay Namespace. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `authorizationRules` | array | `[System.Management.Automation.OrderedHashtable]` | | Authorization Rules for the Relay namespace. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs, hybridConnectionsEvent]` | `['', allLogs, hybridConnectionsEvent, OperationalLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. |
-| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". |
-| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. |
-| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `hybridConnections` | array | `[]` | | The hybrid connections to create in the relay namespace. |
-| `location` | string | `[resourceGroup().location]` | | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `networkRuleSets` | object | `{object}` | | Configure networking options for Relay. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. |
-| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. |
-| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `skuName` | string | `'Standard'` | `[Standard]` | Name of this SKU. |
-| `tags` | object | `{object}` | | Tags of the resource. |
-| `wcfRelays` | array | `[]` | | The wcf relays to create in the relay namespace. |
-
+## Usage examples
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the deployed relay namespace. |
-| `resourceGroupName` | string | The resource group of the deployed relay namespace. |
-| `resourceId` | string | The resource ID of the deployed relay namespace. |
-
-## Cross-referenced modules
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-| Reference | Type |
-| :-- | :-- |
-| `network/private-endpoint` | Local reference |
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/relay.namespace:1.0.0`.
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
+- [Pe](#example-3-pe)
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
-Example 1: Common
via Bicep module
```bicep
-module namespace './relay/namespace/main.bicep' = {
+module namespace 'br:bicep/modules/relay.namespace:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-rncom'
params: {
// Required parameters
@@ -364,14 +324,17 @@ module namespace './relay/namespace/main.bicep' = {
-
Example 2: Min
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module namespace './relay/namespace/main.bicep' = {
+module namespace 'br:bicep/modules/relay.namespace:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-rnmin'
params: {
// Required parameters
@@ -409,14 +372,14 @@ module namespace './relay/namespace/main.bicep' = {
-
Example 3: Pe
+### Example 3: _Pe_
via Bicep module
```bicep
-module namespace './relay/namespace/main.bicep' = {
+module namespace 'br:bicep/modules/relay.namespace:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-rnpe'
params: {
// Required parameters
@@ -503,3 +466,189 @@ module namespace './relay/namespace/main.bicep' = {
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the Relay Namespace. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`authorizationRules`](#parameter-authorizationrules) | array | Authorization Rules for the Relay namespace. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`hybridConnections`](#parameter-hybridconnections) | array | The hybrid connections to create in the relay namespace. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`networkRuleSets`](#parameter-networkrulesets) | object | Configure networking options for Relay. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. |
+| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`skuName`](#parameter-skuname) | string | Name of this SKU. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`wcfRelays`](#parameter-wcfrelays) | array | The wcf relays to create in the relay namespace. |
+
+### Parameter: `authorizationRules`
+
+Authorization Rules for the Relay namespace.
+- Required: No
+- Type: array
+- Default: `[System.Management.Automation.OrderedHashtable]`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs, hybridConnectionsEvent]`
+- Allowed: `['', allLogs, hybridConnectionsEvent, OperationalLogs]`
+
+### Parameter: `diagnosticMetricsToEnable`
+
+The name of metrics that will be streamed.
+- Required: No
+- Type: array
+- Default: `[AllMetrics]`
+- Allowed: `[AllMetrics]`
+
+### Parameter: `diagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `hybridConnections`
+
+The hybrid connections to create in the relay namespace.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+Name of the Relay Namespace.
+- Required: Yes
+- Type: string
+
+### Parameter: `networkRuleSets`
+
+Configure networking options for Relay. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `privateEndpoints`
+
+Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `skuName`
+
+Name of this SKU.
+- Required: No
+- Type: string
+- Default: `'Standard'`
+- Allowed: `[Standard]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `wcfRelays`
+
+The wcf relays to create in the relay namespace.
+- Required: No
+- Type: array
+- Default: `[]`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the deployed relay namespace. |
+| `resourceGroupName` | string | The resource group of the deployed relay namespace. |
+| `resourceId` | string | The resource ID of the deployed relay namespace. |
+
+## Cross-referenced modules
+
+This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+
+| Reference | Type |
+| :-- | :-- |
+| `modules/network/private-endpoint` | Local reference |
diff --git a/modules/relay/namespace/authorization-rule/README.md b/modules/relay/namespace/authorization-rule/README.md
index 44420982c3..c66fadfdbe 100644
--- a/modules/relay/namespace/authorization-rule/README.md
+++ b/modules/relay/namespace/authorization-rule/README.md
@@ -19,27 +19,54 @@ This module deploys a Relay Namespace Authorization Rule.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | The name of the authorization rule. |
+| [`name`](#parameter-name) | string | The name of the authorization rule. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `namespaceName` | string | The name of the parent Relay Namespace for the Relay Hybrid Connection. Required if the template is used in a standalone deployment. |
+| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Relay Namespace for the Relay Hybrid Connection. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `rights` | array | `[]` | `[Listen, Manage, Send]` | The rights associated with the rule. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`rights`](#parameter-rights) | array | The rights associated with the rule. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `name`
+
+The name of the authorization rule.
+- Required: Yes
+- Type: string
+
+### Parameter: `namespaceName`
+
+The name of the parent Relay Namespace for the Relay Hybrid Connection. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `rights`
+
+The rights associated with the rule.
+- Required: No
+- Type: array
+- Default: `[]`
+- Allowed: `[Listen, Manage, Send]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the authorization rule. |
| `resourceGroupName` | string | The name of the Resource Group the authorization rule was created in. |
diff --git a/modules/relay/namespace/authorization-rule/main.json b/modules/relay/namespace/authorization-rule/main.json
index 838638b05f..6969a1416e 100644
--- a/modules/relay/namespace/authorization-rule/main.json
+++ b/modules/relay/namespace/authorization-rule/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "2910468169645277295"
+ "version": "0.22.6.54827",
+ "templateHash": "8947023489504947393"
},
"name": "Relay Namespace Authorization Rules",
"description": "This module deploys a Relay Namespace Authorization Rule.",
diff --git a/modules/relay/namespace/hybrid-connection/README.md b/modules/relay/namespace/hybrid-connection/README.md
index 03ee068530..c2b68a3256 100644
--- a/modules/relay/namespace/hybrid-connection/README.md
+++ b/modules/relay/namespace/hybrid-connection/README.md
@@ -4,12 +4,12 @@ This module deploys a Relay Namespace Hybrid Connection.
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
@@ -22,31 +22,85 @@ This module deploys a Relay Namespace Hybrid Connection.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | The name of the hybrid connection. |
-| `userMetadata` | string | The user metadata is a placeholder to store user-defined string data for the hybrid connection endpoint. For example, it can be used to store descriptive data, such as a list of teams and their contact information. Also, user-defined configuration settings can be stored. |
+| [`name`](#parameter-name) | string | The name of the hybrid connection. |
+| [`userMetadata`](#parameter-usermetadata) | string | The user metadata is a placeholder to store user-defined string data for the hybrid connection endpoint. For example, it can be used to store descriptive data, such as a list of teams and their contact information. Also, user-defined configuration settings can be stored. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `namespaceName` | string | The name of the parent Relay Namespace for the Relay Hybrid Connection. Required if the template is used in a standalone deployment. |
+| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Relay Namespace for the Relay Hybrid Connection. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `authorizationRules` | array | `[System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable]` | | Authorization Rules for the Relay Hybrid Connection. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `requiresClientAuthorization` | bool | `True` | | A value indicating if this hybrid connection requires client authorization. |
-| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`authorizationRules`](#parameter-authorizationrules) | array | Authorization Rules for the Relay Hybrid Connection. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`requiresClientAuthorization`](#parameter-requiresclientauthorization) | bool | A value indicating if this hybrid connection requires client authorization. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+
+### Parameter: `authorizationRules`
+
+Authorization Rules for the Relay Hybrid Connection.
+- Required: No
+- Type: array
+- Default: `[System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable]`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+The name of the hybrid connection.
+- Required: Yes
+- Type: string
+
+### Parameter: `namespaceName`
+
+The name of the parent Relay Namespace for the Relay Hybrid Connection. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `requiresClientAuthorization`
+
+A value indicating if this hybrid connection requires client authorization.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `userMetadata`
+
+The user metadata is a placeholder to store user-defined string data for the hybrid connection endpoint. For example, it can be used to store descriptive data, such as a list of teams and their contact information. Also, user-defined configuration settings can be stored.
+- Required: Yes
+- Type: string
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the deployed hybrid connection. |
| `resourceGroupName` | string | The resource group of the deployed hybrid connection. |
diff --git a/modules/relay/namespace/hybrid-connection/authorization-rule/README.md b/modules/relay/namespace/hybrid-connection/authorization-rule/README.md
index cd97c6739b..38f6f986a1 100644
--- a/modules/relay/namespace/hybrid-connection/authorization-rule/README.md
+++ b/modules/relay/namespace/hybrid-connection/authorization-rule/README.md
@@ -19,28 +19,61 @@ This module deploys a Hybrid Connection Authorization Rule.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | The name of the authorization rule. |
+| [`name`](#parameter-name) | string | The name of the authorization rule. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `hybridConnectionName` | string | The name of the parent Relay Namespace Hybrid Connection. Required if the template is used in a standalone deployment. |
-| `namespaceName` | string | The name of the parent Relay Namespace. Required if the template is used in a standalone deployment. |
+| [`hybridConnectionName`](#parameter-hybridconnectionname) | string | The name of the parent Relay Namespace Hybrid Connection. Required if the template is used in a standalone deployment. |
+| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Relay Namespace. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `rights` | array | `[]` | `[Listen, Manage, Send]` | The rights associated with the rule. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`rights`](#parameter-rights) | array | The rights associated with the rule. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `hybridConnectionName`
+
+The name of the parent Relay Namespace Hybrid Connection. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `name`
+
+The name of the authorization rule.
+- Required: Yes
+- Type: string
+
+### Parameter: `namespaceName`
+
+The name of the parent Relay Namespace. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `rights`
+
+The rights associated with the rule.
+- Required: No
+- Type: array
+- Default: `[]`
+- Allowed: `[Listen, Manage, Send]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the authorization rule. |
| `resourceGroupName` | string | The name of the Resource Group the authorization rule was created in. |
diff --git a/modules/relay/namespace/hybrid-connection/authorization-rule/main.json b/modules/relay/namespace/hybrid-connection/authorization-rule/main.json
index e9e3874815..7f723b5086 100644
--- a/modules/relay/namespace/hybrid-connection/authorization-rule/main.json
+++ b/modules/relay/namespace/hybrid-connection/authorization-rule/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "9718423441307347496"
+ "version": "0.22.6.54827",
+ "templateHash": "2105813068659609285"
},
"name": "Hybrid Connection Authorization Rules",
"description": "This module deploys a Hybrid Connection Authorization Rule.",
diff --git a/modules/relay/namespace/hybrid-connection/main.json b/modules/relay/namespace/hybrid-connection/main.json
index 2a4a626c8c..0056c9f29a 100644
--- a/modules/relay/namespace/hybrid-connection/main.json
+++ b/modules/relay/namespace/hybrid-connection/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "5587843022604046042"
+ "version": "0.22.6.54827",
+ "templateHash": "8795172246215834185"
},
"name": "Relay Namespace Hybrid Connections",
"description": "This module deploys a Relay Namespace Hybrid Connection.",
@@ -171,8 +171,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "9718423441307347496"
+ "version": "0.22.6.54827",
+ "templateHash": "2105813068659609285"
},
"name": "Hybrid Connection Authorization Rules",
"description": "This module deploys a Hybrid Connection Authorization Rule.",
@@ -304,8 +304,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "5814555714153100571"
+ "version": "0.22.6.54827",
+ "templateHash": "9757505768958218088"
}
},
"parameters": {
diff --git a/modules/relay/namespace/main.json b/modules/relay/namespace/main.json
index 7d448f54f2..cc816b07e5 100644
--- a/modules/relay/namespace/main.json
+++ b/modules/relay/namespace/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "6784238447129641700"
+ "version": "0.22.6.54827",
+ "templateHash": "14563908102814128404"
},
"name": "Relay Namespaces",
"description": "This module deploys a Relay Namespace",
@@ -290,8 +290,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "17576060128370228409"
+ "version": "0.22.6.54827",
+ "templateHash": "8947023489504947393"
},
"name": "Relay Namespace Authorization Rules",
"description": "This module deploys a Relay Namespace Authorization Rule.",
@@ -412,8 +412,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "12482510131982064246"
+ "version": "0.22.6.54827",
+ "templateHash": "4617716666405561945"
},
"name": "Relay Namespace Network Rules Sets",
"description": "This module deploys a Relay Namespace Network Rule Set.",
@@ -555,8 +555,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "10449982661635472758"
+ "version": "0.22.6.54827",
+ "templateHash": "8795172246215834185"
},
"name": "Relay Namespace Hybrid Connections",
"description": "This module deploys a Relay Namespace Hybrid Connection.",
@@ -722,8 +722,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "15090003948629562677"
+ "version": "0.22.6.54827",
+ "templateHash": "2105813068659609285"
},
"name": "Hybrid Connection Authorization Rules",
"description": "This module deploys a Hybrid Connection Authorization Rule.",
@@ -855,8 +855,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "8710257990438329269"
+ "version": "0.22.6.54827",
+ "templateHash": "9757505768958218088"
}
},
"parameters": {
@@ -1040,8 +1040,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "16399405169577171151"
+ "version": "0.22.6.54827",
+ "templateHash": "16339805298138761905"
},
"name": "Relay Namespace WCF Relays",
"description": "This module deploys a Relay Namespace WCF Relay.",
@@ -1227,8 +1227,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "1819166015438260663"
+ "version": "0.22.6.54827",
+ "templateHash": "9905508445063497603"
},
"name": "WCF Relay Authorization Rules",
"description": "This module deploys a WCF Relay Authorization Rule.",
@@ -1360,8 +1360,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "5004576418567807599"
+ "version": "0.22.6.54827",
+ "templateHash": "3790701104073520156"
}
},
"parameters": {
@@ -1554,8 +1554,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "14580007913383558904"
+ "version": "0.22.6.54827",
+ "templateHash": "2884140170473394983"
},
"name": "Private Endpoints",
"description": "This module deploys a Private Endpoint.",
@@ -1754,8 +1754,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "2469208411936339153"
+ "version": "0.22.6.54827",
+ "templateHash": "5610247137574346230"
},
"name": "Private Endpoint Private DNS Zone Groups",
"description": "This module deploys a Private Endpoint Private DNS Zone Group.",
@@ -1892,8 +1892,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "13032708393704093995"
+ "version": "0.22.6.54827",
+ "templateHash": "14351187799927334028"
}
},
"parameters": {
@@ -2106,8 +2106,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "15050721890066924646"
+ "version": "0.22.6.54827",
+ "templateHash": "7170472647175450772"
}
},
"parameters": {
diff --git a/modules/relay/namespace/network-rule-set/README.md b/modules/relay/namespace/network-rule-set/README.md
index dbca72dddb..999a9f0bd2 100644
--- a/modules/relay/namespace/network-rule-set/README.md
+++ b/modules/relay/namespace/network-rule-set/README.md
@@ -19,23 +19,59 @@ This module deploys a Relay Namespace Network Rule Set.
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `namespaceName` | string | The name of the parent Relay Namespace for the Relay Network Rule Set. Required if the template is used in a standalone deployment. |
+| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Relay Namespace for the Relay Network Rule Set. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `defaultAction` | string | `'Allow'` | `[Allow, Deny]` | Default Action for Network Rule Set. Default is "Allow". It will not be set if publicNetworkAccess is "Disabled". Otherwise, it will be set to "Deny" if ipRules or virtualNetworkRules are being used. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `ipRules` | array | `[]` | | List of IpRules. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". |
-| `publicNetworkAccess` | string | `'Enabled'` | `[Disabled, Enabled]` | This determines if traffic is allowed over public network. Default is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only and network rules will not be applied. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`defaultAction`](#parameter-defaultaction) | string | Default Action for Network Rule Set. Default is "Allow". It will not be set if publicNetworkAccess is "Disabled". Otherwise, it will be set to "Deny" if ipRules or virtualNetworkRules are being used. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`ipRules`](#parameter-iprules) | array | List of IpRules. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". |
+| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | This determines if traffic is allowed over public network. Default is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only and network rules will not be applied. |
+
+### Parameter: `defaultAction`
+
+Default Action for Network Rule Set. Default is "Allow". It will not be set if publicNetworkAccess is "Disabled". Otherwise, it will be set to "Deny" if ipRules or virtualNetworkRules are being used.
+- Required: No
+- Type: string
+- Default: `'Allow'`
+- Allowed: `[Allow, Deny]`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `ipRules`
+
+List of IpRules. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny".
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `namespaceName`
+
+The name of the parent Relay Namespace for the Relay Network Rule Set. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `publicNetworkAccess`
+
+This determines if traffic is allowed over public network. Default is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only and network rules will not be applied.
+- Required: No
+- Type: string
+- Default: `'Enabled'`
+- Allowed: `[Disabled, Enabled]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the network rule set. |
| `resourceGroupName` | string | The name of the resource group the network rule set was created in. |
diff --git a/modules/relay/namespace/network-rule-set/main.json b/modules/relay/namespace/network-rule-set/main.json
index 0a2577851e..d7742ddf49 100644
--- a/modules/relay/namespace/network-rule-set/main.json
+++ b/modules/relay/namespace/network-rule-set/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "319020533136370885"
+ "version": "0.22.6.54827",
+ "templateHash": "4617716666405561945"
},
"name": "Relay Namespace Network Rules Sets",
"description": "This module deploys a Relay Namespace Network Rule Set.",
diff --git a/modules/relay/namespace/wcf-relay/README.md b/modules/relay/namespace/wcf-relay/README.md
index 3a4b841219..bb155573b1 100644
--- a/modules/relay/namespace/wcf-relay/README.md
+++ b/modules/relay/namespace/wcf-relay/README.md
@@ -4,12 +4,12 @@ This module deploys a Relay Namespace WCF Relay.
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
@@ -22,33 +22,102 @@ This module deploys a Relay Namespace WCF Relay.
**Required parameters**
-| Parameter Name | Type | Allowed Values | Description |
-| :-- | :-- | :-- | :-- |
-| `name` | string | | Name of the WCF Relay. |
-| `relayType` | string | `[Http, NetTcp]` | Type of WCF Relay. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the WCF Relay. |
+| [`relayType`](#parameter-relaytype) | string | Type of WCF Relay. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `namespaceName` | string | The name of the parent Relay Namespace for the WCF Relay. Required if the template is used in a standalone deployment. |
+| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Relay Namespace for the WCF Relay. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `authorizationRules` | array | `[System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable]` | | Authorization Rules for the WCF Relay. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `requiresClientAuthorization` | bool | `True` | | A value indicating if this relay requires client authorization. |
-| `requiresTransportSecurity` | bool | `True` | | A value indicating if this relay requires transport security. |
-| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `userMetadata` | string | `''` | | User-defined string data for the WCF Relay. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`authorizationRules`](#parameter-authorizationrules) | array | Authorization Rules for the WCF Relay. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`requiresClientAuthorization`](#parameter-requiresclientauthorization) | bool | A value indicating if this relay requires client authorization. |
+| [`requiresTransportSecurity`](#parameter-requirestransportsecurity) | bool | A value indicating if this relay requires transport security. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`userMetadata`](#parameter-usermetadata) | string | User-defined string data for the WCF Relay. |
+
+### Parameter: `authorizationRules`
+
+Authorization Rules for the WCF Relay.
+- Required: No
+- Type: array
+- Default: `[System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable, System.Management.Automation.OrderedHashtable]`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+Name of the WCF Relay.
+- Required: Yes
+- Type: string
+
+### Parameter: `namespaceName`
+
+The name of the parent Relay Namespace for the WCF Relay. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `relayType`
+
+Type of WCF Relay.
+- Required: Yes
+- Type: string
+- Allowed: `[Http, NetTcp]`
+
+### Parameter: `requiresClientAuthorization`
+
+A value indicating if this relay requires client authorization.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `requiresTransportSecurity`
+
+A value indicating if this relay requires transport security.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `userMetadata`
+
+User-defined string data for the WCF Relay.
+- Required: No
+- Type: string
+- Default: `''`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the deployed wcf relay. |
| `resourceGroupName` | string | The resource group of the deployed wcf relay. |
diff --git a/modules/relay/namespace/wcf-relay/authorization-rule/README.md b/modules/relay/namespace/wcf-relay/authorization-rule/README.md
index bbdd6020cd..4fbcc69f86 100644
--- a/modules/relay/namespace/wcf-relay/authorization-rule/README.md
+++ b/modules/relay/namespace/wcf-relay/authorization-rule/README.md
@@ -19,28 +19,61 @@ This module deploys a WCF Relay Authorization Rule.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | The name of the authorization rule. |
+| [`name`](#parameter-name) | string | The name of the authorization rule. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `namespaceName` | string | The name of the parent Relay Namespace. Required if the template is used in a standalone deployment. |
-| `wcfRelayName` | string | The name of the parent Relay Namespace WCF Relay. Required if the template is used in a standalone deployment. |
+| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Relay Namespace. Required if the template is used in a standalone deployment. |
+| [`wcfRelayName`](#parameter-wcfrelayname) | string | The name of the parent Relay Namespace WCF Relay. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `rights` | array | `[]` | `[Listen, Manage, Send]` | The rights associated with the rule. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`rights`](#parameter-rights) | array | The rights associated with the rule. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `name`
+
+The name of the authorization rule.
+- Required: Yes
+- Type: string
+
+### Parameter: `namespaceName`
+
+The name of the parent Relay Namespace. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `rights`
+
+The rights associated with the rule.
+- Required: No
+- Type: array
+- Default: `[]`
+- Allowed: `[Listen, Manage, Send]`
+
+### Parameter: `wcfRelayName`
+
+The name of the parent Relay Namespace WCF Relay. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the authorization rule. |
| `resourceGroupName` | string | The name of the Resource Group the authorization rule was created in. |
diff --git a/modules/relay/namespace/wcf-relay/authorization-rule/main.json b/modules/relay/namespace/wcf-relay/authorization-rule/main.json
index 17285b2410..2ab62ecde8 100644
--- a/modules/relay/namespace/wcf-relay/authorization-rule/main.json
+++ b/modules/relay/namespace/wcf-relay/authorization-rule/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "13141425566828642958"
+ "version": "0.22.6.54827",
+ "templateHash": "9905508445063497603"
},
"name": "WCF Relay Authorization Rules",
"description": "This module deploys a WCF Relay Authorization Rule.",
diff --git a/modules/relay/namespace/wcf-relay/main.json b/modules/relay/namespace/wcf-relay/main.json
index 309e400e0b..4ad90c10ee 100644
--- a/modules/relay/namespace/wcf-relay/main.json
+++ b/modules/relay/namespace/wcf-relay/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "18205555090536788516"
+ "version": "0.22.6.54827",
+ "templateHash": "16339805298138761905"
},
"name": "Relay Namespace WCF Relays",
"description": "This module deploys a Relay Namespace WCF Relay.",
@@ -191,8 +191,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "13141425566828642958"
+ "version": "0.22.6.54827",
+ "templateHash": "9905508445063497603"
},
"name": "WCF Relay Authorization Rules",
"description": "This module deploys a WCF Relay Authorization Rule.",
@@ -324,8 +324,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "8507868775083821058"
+ "version": "0.22.6.54827",
+ "templateHash": "3790701104073520156"
}
},
"parameters": {
diff --git a/modules/resource-graph/query/.test/common/main.test.bicep b/modules/resource-graph/query/.test/common/main.test.bicep
index 3c64dc9dba..77af84a74d 100644
--- a/modules/resource-graph/query/.test/common/main.test.bicep
+++ b/modules/resource-graph/query/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/resource-graph/query/.test/min/main.test.bicep b/modules/resource-graph/query/.test/min/main.test.bicep
index 9a81477569..f03ce1a8a9 100644
--- a/modules/resource-graph/query/.test/min/main.test.bicep
+++ b/modules/resource-graph/query/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/resource-graph/query/README.md b/modules/resource-graph/query/README.md
index 9cec40305f..592a09f066 100644
--- a/modules/resource-graph/query/README.md
+++ b/modules/resource-graph/query/README.md
@@ -4,13 +4,13 @@ This module deploys a Resource Graph Query.
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
@@ -18,55 +18,29 @@ This module deploys a Resource Graph Query.
| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
| `Microsoft.ResourceGraph/queries` | [2018-09-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ResourceGraph/2018-09-01-preview/queries) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Name of the Resource Graph Query. |
-| `query` | string | KQL query that will be graph. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[resourceGroup().location]` | | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `queryDescription` | string | `''` | | The description of a graph query. |
-| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `tags` | object | `{object}` | | Tags of the resource. |
+## Usage examples
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the query. |
-| `resourceGroupName` | string | The resource group the query was deployed into. |
-| `resourceId` | string | The resource ID of the query. |
-
-## Cross-referenced modules
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-_None_
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/resource-graph.query:1.0.0`.
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
-Example 1: Common
via Bicep module
```bicep
-module query './resource-graph/query/main.bicep' = {
+module query 'br:bicep/modules/resource-graph.query:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-rgqcom'
params: {
// Required parameters
@@ -148,14 +122,17 @@ module query './resource-graph/query/main.bicep' = {
-
Example 2: Min
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module query './resource-graph/query/main.bicep' = {
+module query 'br:bicep/modules/resource-graph.query:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-rgqmin'
params: {
// Required parameters
@@ -196,3 +173,93 @@ module query './resource-graph/query/main.bicep' = {
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the Resource Graph Query. |
+| [`query`](#parameter-query) | string | KQL query that will be graph. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`queryDescription`](#parameter-querydescription) | string | The description of a graph query. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+Name of the Resource Graph Query.
+- Required: Yes
+- Type: string
+
+### Parameter: `query`
+
+KQL query that will be graph.
+- Required: Yes
+- Type: string
+
+### Parameter: `queryDescription`
+
+The description of a graph query.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the query. |
+| `resourceGroupName` | string | The resource group the query was deployed into. |
+| `resourceId` | string | The resource ID of the query. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/resource-graph/query/main.json b/modules/resource-graph/query/main.json
index 301af9810f..637ac21f0a 100644
--- a/modules/resource-graph/query/main.json
+++ b/modules/resource-graph/query/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "15324622694106945222"
+ "version": "0.22.6.54827",
+ "templateHash": "5318766686585928680"
},
"name": "Resource Graph Queries",
"description": "This module deploys a Resource Graph Query.",
@@ -146,8 +146,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "5203431571109680712"
+ "version": "0.22.6.54827",
+ "templateHash": "11432335123187448929"
}
},
"parameters": {
diff --git a/modules/resources/deployment-script/README.md b/modules/resources/deployment-script/README.md
index 98aca51078..1129b13cba 100644
--- a/modules/resources/deployment-script/README.md
+++ b/modules/resources/deployment-script/README.md
@@ -4,87 +4,39 @@ This module deploys a Deployment Script.
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
| `Microsoft.Resources/deploymentScripts` | [2020-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Resources/2020-10-01/deploymentScripts) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Display name of the script to be run. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `arguments` | string | `''` | | Command-line arguments to pass to the script. Arguments are separated by spaces. |
-| `azCliVersion` | string | `''` | | Azure CLI module version to be used. |
-| `azPowerShellVersion` | string | `'3.0'` | | Azure PowerShell module version to be used. |
-| `cleanupPreference` | string | `'Always'` | `[Always, OnExpiration, OnSuccess]` | The clean up preference when the script execution gets in a terminal state. Specify the preference on when to delete the deployment script resources. The default value is Always, which means the deployment script resources are deleted despite the terminal state (Succeeded, Failed, canceled). |
-| `containerGroupName` | string | `''` | | Container group name, if not specified then the name will get auto-generated. Not specifying a 'containerGroupName' indicates the system to generate a unique name which might end up flagging an Azure Policy as non-compliant. Use 'containerGroupName' when you have an Azure Policy that expects a specific naming convention or when you want to fully control the name. 'containerGroupName' property must be between 1 and 63 characters long, must contain only lowercase letters, numbers, and dashes and it cannot start or end with a dash and consecutive dashes are not allowed. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `environmentVariables` | secureObject | `{object}` | | The environment variables to pass over to the script. The list is passed as an object with a key name "secureList" and the value is the list of environment variables (array). The list must have a 'name' and a 'value' or a 'secretValue' property for each object. |
-| `kind` | string | `'AzurePowerShell'` | `[AzureCLI, AzurePowerShell]` | Type of the script. AzurePowerShell, AzureCLI. |
-| `location` | string | `[resourceGroup().location]` | | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `primaryScriptUri` | string | `''` | | Uri for the external script. This is the entry point for the external script. To run an internal script, use the scriptContent instead. |
-| `retentionInterval` | string | `'P1D'` | | Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P7D means one week). |
-| `runOnce` | bool | `False` | | When set to false, script will run every time the template is deployed. When set to true, the script will only run once. |
-| `scriptContent` | string | `''` | | Script body. Max length: 32000 characters. To run an external script, use primaryScriptURI instead. |
-| `storageAccountResourceId` | string | `''` | | The resource ID of the storage account to use for this deployment script. If none is provided, the deployment script uses a temporary, managed storage account. |
-| `supportingScriptUris` | array | `[]` | | List of supporting files for the external script (defined in primaryScriptUri). Does not work with internal scripts (code defined in scriptContent). |
-| `tags` | object | `{object}` | | Tags of the resource. |
-| `timeout` | string | `'PT1H'` | | Maximum allowed script execution time specified in ISO 8601 format. Default value is PT1H - 1 hour; 'PT30M' - 30 minutes; 'P5D' - 5 days; 'P1Y' 1 year. |
-| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. |
-
-**Generated parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `baseTime` | string | `[utcNow('yyyy-MM-dd-HH-mm-ss')]` | Do not provide a value! This date value is used to make sure the script run every time the template is deployed. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the deployment script. |
-| `outputs` | object | The output of the deployment script. |
-| `resourceGroupName` | string | The resource group the deployment script was deployed into. |
-| `resourceId` | string | The resource ID of the deployment script. |
-
-## Cross-referenced modules
-
-_None_
+## Usage examples
-## Deployment examples
-
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
>**Note**: The name of each example is based on the name of the file from which it is taken.
>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
Example 1: Cli
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/resources.deployment-script:1.0.0`.
+
+- [Cli](#example-1-cli)
+- [Ps](#example-2-ps)
+
+### Example 1: _Cli_
via Bicep module
```bicep
-module deploymentScript './resources/deployment-script/main.bicep' = {
+module deploymentScript 'br:bicep/modules/resources.deployment-script:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-rdscli'
params: {
// Required parameters
@@ -200,14 +152,14 @@ module deploymentScript './resources/deployment-script/main.bicep' = {
-
Example 2: Ps
+### Example 2: _Ps_
via Bicep module
```bicep
-module deploymentScript './resources/deployment-script/main.bicep' = {
+module deploymentScript 'br:bicep/modules/resources.deployment-script:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-rdsps'
params: {
// Required parameters
@@ -300,3 +252,206 @@ module deploymentScript './resources/deployment-script/main.bicep' = {
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Display name of the script to be run. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`arguments`](#parameter-arguments) | string | Command-line arguments to pass to the script. Arguments are separated by spaces. |
+| [`azCliVersion`](#parameter-azcliversion) | string | Azure CLI module version to be used. |
+| [`azPowerShellVersion`](#parameter-azpowershellversion) | string | Azure PowerShell module version to be used. |
+| [`cleanupPreference`](#parameter-cleanuppreference) | string | The clean up preference when the script execution gets in a terminal state. Specify the preference on when to delete the deployment script resources. The default value is Always, which means the deployment script resources are deleted despite the terminal state (Succeeded, Failed, canceled). |
+| [`containerGroupName`](#parameter-containergroupname) | string | Container group name, if not specified then the name will get auto-generated. Not specifying a 'containerGroupName' indicates the system to generate a unique name which might end up flagging an Azure Policy as non-compliant. Use 'containerGroupName' when you have an Azure Policy that expects a specific naming convention or when you want to fully control the name. 'containerGroupName' property must be between 1 and 63 characters long, must contain only lowercase letters, numbers, and dashes and it cannot start or end with a dash and consecutive dashes are not allowed. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`environmentVariables`](#parameter-environmentvariables) | secureObject | The environment variables to pass over to the script. The list is passed as an object with a key name "secureList" and the value is the list of environment variables (array). The list must have a 'name' and a 'value' or a 'secretValue' property for each object. |
+| [`kind`](#parameter-kind) | string | Type of the script. AzurePowerShell, AzureCLI. |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`primaryScriptUri`](#parameter-primaryscripturi) | string | Uri for the external script. This is the entry point for the external script. To run an internal script, use the scriptContent instead. |
+| [`retentionInterval`](#parameter-retentioninterval) | string | Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P7D means one week). |
+| [`runOnce`](#parameter-runonce) | bool | When set to false, script will run every time the template is deployed. When set to true, the script will only run once. |
+| [`scriptContent`](#parameter-scriptcontent) | string | Script body. Max length: 32000 characters. To run an external script, use primaryScriptURI instead. |
+| [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | The resource ID of the storage account to use for this deployment script. If none is provided, the deployment script uses a temporary, managed storage account. |
+| [`supportingScriptUris`](#parameter-supportingscripturis) | array | List of supporting files for the external script (defined in primaryScriptUri). Does not work with internal scripts (code defined in scriptContent). |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`timeout`](#parameter-timeout) | string | Maximum allowed script execution time specified in ISO 8601 format. Default value is PT1H - 1 hour; 'PT30M' - 30 minutes; 'P5D' - 5 days; 'P1Y' 1 year. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. |
+
+**Generated parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to make sure the script run every time the template is deployed. |
+
+### Parameter: `arguments`
+
+Command-line arguments to pass to the script. Arguments are separated by spaces.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `azCliVersion`
+
+Azure CLI module version to be used.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `azPowerShellVersion`
+
+Azure PowerShell module version to be used.
+- Required: No
+- Type: string
+- Default: `'3.0'`
+
+### Parameter: `baseTime`
+
+Do not provide a value! This date value is used to make sure the script run every time the template is deployed.
+- Required: No
+- Type: string
+- Default: `[utcNow('yyyy-MM-dd-HH-mm-ss')]`
+
+### Parameter: `cleanupPreference`
+
+The clean up preference when the script execution gets in a terminal state. Specify the preference on when to delete the deployment script resources. The default value is Always, which means the deployment script resources are deleted despite the terminal state (Succeeded, Failed, canceled).
+- Required: No
+- Type: string
+- Default: `'Always'`
+- Allowed: `[Always, OnExpiration, OnSuccess]`
+
+### Parameter: `containerGroupName`
+
+Container group name, if not specified then the name will get auto-generated. Not specifying a 'containerGroupName' indicates the system to generate a unique name which might end up flagging an Azure Policy as non-compliant. Use 'containerGroupName' when you have an Azure Policy that expects a specific naming convention or when you want to fully control the name. 'containerGroupName' property must be between 1 and 63 characters long, must contain only lowercase letters, numbers, and dashes and it cannot start or end with a dash and consecutive dashes are not allowed.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `environmentVariables`
+
+The environment variables to pass over to the script. The list is passed as an object with a key name "secureList" and the value is the list of environment variables (array). The list must have a 'name' and a 'value' or a 'secretValue' property for each object.
+- Required: No
+- Type: secureObject
+- Default: `{object}`
+
+### Parameter: `kind`
+
+Type of the script. AzurePowerShell, AzureCLI.
+- Required: No
+- Type: string
+- Default: `'AzurePowerShell'`
+- Allowed: `[AzureCLI, AzurePowerShell]`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+Display name of the script to be run.
+- Required: Yes
+- Type: string
+
+### Parameter: `primaryScriptUri`
+
+Uri for the external script. This is the entry point for the external script. To run an internal script, use the scriptContent instead.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `retentionInterval`
+
+Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P7D means one week).
+- Required: No
+- Type: string
+- Default: `'P1D'`
+
+### Parameter: `runOnce`
+
+When set to false, script will run every time the template is deployed. When set to true, the script will only run once.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `scriptContent`
+
+Script body. Max length: 32000 characters. To run an external script, use primaryScriptURI instead.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `storageAccountResourceId`
+
+The resource ID of the storage account to use for this deployment script. If none is provided, the deployment script uses a temporary, managed storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `supportingScriptUris`
+
+List of supporting files for the external script (defined in primaryScriptUri). Does not work with internal scripts (code defined in scriptContent).
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `timeout`
+
+Maximum allowed script execution time specified in ISO 8601 format. Default value is PT1H - 1 hour; 'PT30M' - 30 minutes; 'P5D' - 5 days; 'P1Y' 1 year.
+- Required: No
+- Type: string
+- Default: `'PT1H'`
+
+### Parameter: `userAssignedIdentities`
+
+The ID(s) to assign to the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the deployment script. |
+| `outputs` | object | The output of the deployment script. |
+| `resourceGroupName` | string | The resource group the deployment script was deployed into. |
+| `resourceId` | string | The resource ID of the deployment script. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/resources/deployment-script/main.json b/modules/resources/deployment-script/main.json
index 0a7d0d9090..2f4d4f4a0d 100644
--- a/modules/resources/deployment-script/main.json
+++ b/modules/resources/deployment-script/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "8110228844611454639"
+ "version": "0.22.6.54827",
+ "templateHash": "13171333688007785690"
},
"name": "Deployment Scripts",
"description": "This module deploys a Deployment Script.",
diff --git a/modules/resources/resource-group/.test/common/main.test.bicep b/modules/resources/resource-group/.test/common/main.test.bicep
index 7cbc7f6c16..0090211eb1 100644
--- a/modules/resources/resource-group/.test/common/main.test.bicep
+++ b/modules/resources/resource-group/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/resources/resource-group/.test/min/main.test.bicep b/modules/resources/resource-group/.test/min/main.test.bicep
index dc9625823a..04d75955c0 100644
--- a/modules/resources/resource-group/.test/min/main.test.bicep
+++ b/modules/resources/resource-group/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/resources/resource-group/README.md b/modules/resources/resource-group/README.md
index 4c341910e3..ef11098499 100644
--- a/modules/resources/resource-group/README.md
+++ b/modules/resources/resource-group/README.md
@@ -4,13 +4,13 @@ This module deploys a Resource Group.
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
@@ -18,57 +18,29 @@ This module deploys a Resource Group.
| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
| `Microsoft.Resources/resourceGroups` | [2021-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Resources/2021-04-01/resourceGroups) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the Resource Group. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[deployment().location]` | | Location of the Resource Group. It uses the deployment's location when not provided. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `managedBy` | string | `''` | | The ID of the resource that manages this resource group. |
-| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `tags` | object | `{object}` | | Tags of the storage account resource. |
-
+## Usage examples
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the resource group. |
-| `resourceId` | string | The resource ID of the resource group. |
-
-## Cross-referenced modules
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-| Reference | Type |
-| :-- | :-- |
-| `authorization/lock/resource-group` | Local reference |
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/resources.resource-group:1.0.0`.
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
-
Example 1: Common
via Bicep module
```bicep
-module resourceGroup './resources/resource-group/main.bicep' = {
+module resourceGroup 'br:bicep/modules/resources.resource-group:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-rrgcom'
params: {
// Required parameters
@@ -142,14 +114,17 @@ module resourceGroup './resources/resource-group/main.bicep' = {
-
Example 2: Min
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module resourceGroup './resources/resource-group/main.bicep' = {
+module resourceGroup 'br:bicep/modules/resources.resource-group:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-rrgmin'
params: {
// Required parameters
@@ -186,3 +161,89 @@ module resourceGroup './resources/resource-group/main.bicep' = {
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the Resource Group. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location of the Resource Group. It uses the deployment's location when not provided. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`managedBy`](#parameter-managedby) | string | The ID of the resource that manages this resource group. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`tags`](#parameter-tags) | object | Tags of the storage account resource. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location of the Resource Group. It uses the deployment's location when not provided.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `managedBy`
+
+The ID of the resource that manages this resource group.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `name`
+
+The name of the Resource Group.
+- Required: Yes
+- Type: string
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `tags`
+
+Tags of the storage account resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the resource group. |
+| `resourceId` | string | The resource ID of the resource group. |
+
+## Cross-referenced modules
+
+This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+
+| Reference | Type |
+| :-- | :-- |
+| `modules/authorization/lock/resource-group` | Local reference |
diff --git a/modules/resources/resource-group/main.json b/modules/resources/resource-group/main.json
index 2e9a71ba0e..311d143451 100644
--- a/modules/resources/resource-group/main.json
+++ b/modules/resources/resource-group/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "3729995632350323768"
+ "version": "0.22.6.54827",
+ "templateHash": "698589074683460032"
},
"name": "Resource Groups",
"description": "This module deploys a Resource Group.",
@@ -116,8 +116,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "10420976827552614779"
+ "version": "0.22.6.54827",
+ "templateHash": "8961143332409950444"
},
"name": "Authorization Locks (Resource Group scope)",
"description": "This module deploys an Authorization Lock at a Resource Group scope.",
@@ -249,8 +249,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "1146156557420886689"
+ "version": "0.22.6.54827",
+ "templateHash": "9238529270860750175"
}
},
"parameters": {
diff --git a/modules/resources/tags/.test/min/main.test.bicep b/modules/resources/tags/.test/min/main.test.bicep
index bd4d81cfe3..4afd22e26f 100644
--- a/modules/resources/tags/.test/min/main.test.bicep
+++ b/modules/resources/tags/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/resources/tags/README.md b/modules/resources/tags/README.md
index 8c84394fa8..623e5eb9e5 100644
--- a/modules/resources/tags/README.md
+++ b/modules/resources/tags/README.md
@@ -5,10 +5,10 @@ This module deploys a Resource Tag at a Subscription or Resource Group scope.
## Navigation
- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
## Resource Types
@@ -16,47 +16,30 @@ This module deploys a Resource Tag at a Subscription or Resource Group scope.
| :-- | :-- |
| `Microsoft.Resources/tags` | [2021-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Resources/2021-04-01/tags) |
-## Parameters
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[deployment().location]` | Location deployment metadata. |
-| `onlyUpdate` | bool | `False` | Instead of overwriting the existing tags, combine them with the new tags. |
-| `resourceGroupName` | string | `''` | Name of the Resource Group to assign the tags to. If no Resource Group name is provided, and Subscription ID is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription. |
-| `subscriptionId` | string | `[subscription().id]` | Subscription ID of the subscription to assign the tags to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription. |
-| `tags` | object | `{object}` | Tags for the resource group. If not provided, removes existing tags. |
-
-
-## Outputs
+## Usage examples
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the tags resource. |
-| `resourceId` | string | The resource ID of the applied tags. |
-| `tags` | object | The applied tags. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-## Cross-referenced modules
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-_None_
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/resources.tags:1.0.0`.
-## Deployment examples
+- [Using only defaults](#example-1-using-only-defaults)
+- [Rg](#example-2-rg)
+- [Sub](#example-3-sub)
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using only defaults_
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with the minimum set of required parameters.
-
Example 1: Min
via Bicep module
```bicep
-module tags './resources/tags/main.bicep' = {
+module tags 'br:bicep/modules/resources.tags:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-rtmin'
params: {
enableDefaultTelemetry: ''
@@ -86,14 +69,14 @@ module tags './resources/tags/main.bicep' = {
-
Example 2: Rg
+### Example 2: _Rg_
via Bicep module
```bicep
-module tags './resources/tags/main.bicep' = {
+module tags 'br:bicep/modules/resources.tags:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-rtrg'
params: {
enableDefaultTelemetry: ''
@@ -143,14 +126,14 @@ module tags './resources/tags/main.bicep' = {
-
Example 3: Sub
+### Example 3: _Sub_
via Bicep module
```bicep
-module tags './resources/tags/main.bicep' = {
+module tags 'br:bicep/modules/resources.tags:1.0.0' = {
name: '${uniqueString(deployment().name)}-test-rtsub'
params: {
enableDefaultTelemetry: ''
@@ -195,3 +178,72 @@ module tags './resources/tags/main.bicep' = {
+
+
+## Parameters
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`onlyUpdate`](#parameter-onlyupdate) | bool | Instead of overwriting the existing tags, combine them with the new tags. |
+| [`resourceGroupName`](#parameter-resourcegroupname) | string | Name of the Resource Group to assign the tags to. If no Resource Group name is provided, and Subscription ID is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription. |
+| [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the tags to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription. |
+| [`tags`](#parameter-tags) | object | Tags for the resource group. If not provided, removes existing tags. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `onlyUpdate`
+
+Instead of overwriting the existing tags, combine them with the new tags.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `resourceGroupName`
+
+Name of the Resource Group to assign the tags to. If no Resource Group name is provided, and Subscription ID is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `subscriptionId`
+
+Subscription ID of the subscription to assign the tags to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription.
+- Required: No
+- Type: string
+- Default: `[subscription().id]`
+
+### Parameter: `tags`
+
+Tags for the resource group. If not provided, removes existing tags.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the tags resource. |
+| `resourceId` | string | The resource ID of the applied tags. |
+| `tags` | object | The applied tags. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/resources/tags/main.json b/modules/resources/tags/main.json
index 4458dbbe53..85a73c4674 100644
--- a/modules/resources/tags/main.json
+++ b/modules/resources/tags/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "15623552838363512630"
+ "version": "0.22.6.54827",
+ "templateHash": "17959459334247355830"
},
"name": "Resources Tags",
"description": "This module deploys a Resource Tag at a Subscription or Resource Group scope.",
@@ -105,8 +105,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "791889452516757013"
+ "version": "0.22.6.54827",
+ "templateHash": "17975356792950377604"
},
"name": "Resources Tags Subscription Scope",
"description": "This module deploys a Resource Tag on a Subscription scope.",
@@ -186,8 +186,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "9008008606560089334"
+ "version": "0.22.6.54827",
+ "templateHash": "18269006446765776342"
}
},
"parameters": {
@@ -267,8 +267,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "11114375852398740809"
+ "version": "0.22.6.54827",
+ "templateHash": "8701740381622545052"
},
"name": "Resources Tags Resource Group",
"description": "This module deploys a Resource Tag on a Resource Group scope.",
@@ -339,8 +339,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "4678848348426348914"
+ "version": "0.22.6.54827",
+ "templateHash": "8737749583083645128"
}
},
"parameters": {
diff --git a/modules/resources/tags/resource-group/README.md b/modules/resources/tags/resource-group/README.md
index b01512e657..678fc74561 100644
--- a/modules/resources/tags/resource-group/README.md
+++ b/modules/resources/tags/resource-group/README.md
@@ -19,16 +19,37 @@ This module deploys a Resource Tag on a Resource Group scope.
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `onlyUpdate` | bool | `False` | Instead of overwriting the existing tags, combine them with the new tags. |
-| `tags` | object | `{object}` | Tags for the resource group. If not provided, removes existing tags. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`onlyUpdate`](#parameter-onlyupdate) | bool | Instead of overwriting the existing tags, combine them with the new tags. |
+| [`tags`](#parameter-tags) | object | Tags for the resource group. If not provided, removes existing tags. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `onlyUpdate`
+
+Instead of overwriting the existing tags, combine them with the new tags.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags for the resource group. If not provided, removes existing tags.
+- Required: No
+- Type: object
+- Default: `{object}`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the tags resource. |
| `resourceGroupName` | string | The name of the resource group the tags were applied to. |
diff --git a/modules/resources/tags/resource-group/main.json b/modules/resources/tags/resource-group/main.json
index fabaa09756..8e1a7b8b39 100644
--- a/modules/resources/tags/resource-group/main.json
+++ b/modules/resources/tags/resource-group/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "4275347865908810280"
+ "version": "0.22.6.54827",
+ "templateHash": "8701740381622545052"
},
"name": "Resources Tags Resource Group",
"description": "This module deploys a Resource Tag on a Resource Group scope.",
@@ -76,8 +76,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "5447313974004996573"
+ "version": "0.22.6.54827",
+ "templateHash": "8737749583083645128"
}
},
"parameters": {
diff --git a/modules/resources/tags/subscription/README.md b/modules/resources/tags/subscription/README.md
index 384fb2c7e9..48c7d355a0 100644
--- a/modules/resources/tags/subscription/README.md
+++ b/modules/resources/tags/subscription/README.md
@@ -19,17 +19,45 @@ This module deploys a Resource Tag on a Subscription scope.
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[deployment().location]` | Location deployment metadata. |
-| `onlyUpdate` | bool | `False` | Instead of overwriting the existing tags, combine them with the new tags. |
-| `tags` | object | `{object}` | Tags for the resource group. If not provided, removes existing tags. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`onlyUpdate`](#parameter-onlyupdate) | bool | Instead of overwriting the existing tags, combine them with the new tags. |
+| [`tags`](#parameter-tags) | object | Tags for the resource group. If not provided, removes existing tags. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `onlyUpdate`
+
+Instead of overwriting the existing tags, combine them with the new tags.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags for the resource group. If not provided, removes existing tags.
+- Required: No
+- Type: object
+- Default: `{object}`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the tags resource. |
| `resourceId` | string | The resource ID of the applied tags. |
diff --git a/modules/resources/tags/subscription/main.json b/modules/resources/tags/subscription/main.json
index 615fd9ce66..467d62828b 100644
--- a/modules/resources/tags/subscription/main.json
+++ b/modules/resources/tags/subscription/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "17445460813956994133"
+ "version": "0.22.6.54827",
+ "templateHash": "17975356792950377604"
},
"name": "Resources Tags Subscription Scope",
"description": "This module deploys a Resource Tag on a Subscription scope.",
@@ -85,8 +85,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "373680921396677494"
+ "version": "0.22.6.54827",
+ "templateHash": "18269006446765776342"
}
},
"parameters": {
diff --git a/modules/search/search-service/.test/common/main.test.bicep b/modules/search/search-service/.test/common/main.test.bicep
index a57241f341..299cc6438a 100644
--- a/modules/search/search-service/.test/common/main.test.bicep
+++ b/modules/search/search-service/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/search/search-service/.test/min/main.test.bicep b/modules/search/search-service/.test/min/main.test.bicep
index 6a2b1474fb..4f66e7b2e4 100644
--- a/modules/search/search-service/.test/min/main.test.bicep
+++ b/modules/search/search-service/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/search/search-service/README.md b/modules/search/search-service/README.md
index ab526edefb..95678ffa64 100644
--- a/modules/search/search-service/README.md
+++ b/modules/search/search-service/README.md
@@ -5,10 +5,10 @@ This module deploys a Search Service.
## Navigation
- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
## Resource Types
@@ -22,76 +22,30 @@ This module deploys a Search Service.
| `Microsoft.Search/searchServices` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Search/2022-09-01/searchServices) |
| `Microsoft.Search/searchServices/sharedPrivateLinkResources` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Search/2022-09-01/searchServices/sharedPrivateLinkResources) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the Azure Cognitive Search service to create or update. Search service names must only contain lowercase letters, digits or dashes, cannot use dash as the first two or last one characters, cannot contain consecutive dashes, and must be between 2 and 60 characters in length. Search service names must be globally unique since they are part of the service URI (https://.search.windows.net). You cannot change the service name after the service is created. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `authOptions` | object | `{object}` | | Defines the options for how the data plane API of a Search service authenticates requests. Must remain an empty object {} if 'disableLocalAuth' is set to true. |
-| `cmkEnforcement` | string | `'Unspecified'` | `[Disabled, Enabled, Unspecified]` | Describes a policy that determines how resources within the search service are to be encrypted with Customer Managed Keys. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
-| `diagnosticLogCategoriesToEnable` | array | `[OperationLogs]` | `[OperationLogs]` | The name of logs that will be streamed. |
-| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. |
-| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". |
-| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
-| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
-| `disableLocalAuth` | bool | `True` | | When set to true, calls to the search service will not be permitted to utilize API keys for authentication. This cannot be set to true if 'authOptions' are defined. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). |
-| `hostingMode` | string | `'default'` | `[default, highDensity]` | Applicable only for the standard3 SKU. You can set this property to enable up to 3 high density partitions that allow up to 1000 indexes, which is much higher than the maximum indexes allowed for any other SKU. For the standard3 SKU, the value is either 'default' or 'highDensity'. For all other SKUs, this value must be 'default'. |
-| `location` | string | `[resourceGroup().location]` | | Location for all Resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `networkRuleSet` | object | `{object}` | | Network specific rules that determine how the Azure Cognitive Search service may be reached. |
-| `partitionCount` | int | `1` | | The number of partitions in the search service; if specified, it can be 1, 2, 3, 4, 6, or 12. Values greater than 1 are only valid for standard SKUs. For 'standard3' services with hostingMode set to 'highDensity', the allowed values are between 1 and 3. |
-| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. |
-| `publicNetworkAccess` | string | `'enabled'` | `[disabled, enabled]` | This value can be set to 'enabled' to avoid breaking changes on existing customer resources and templates. If set to 'disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method. |
-| `replicaCount` | int | `1` | | The number of replicas in the search service. If specified, it must be a value between 1 and 12 inclusive for standard SKUs or between 1 and 3 inclusive for basic SKU. |
-| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `sharedPrivateLinkResources` | array | `[]` | | The sharedPrivateLinkResources to create as part of the search Service. |
-| `sku` | string | `'standard'` | `[basic, free, standard, standard2, standard3, storage_optimized_l1, storage_optimized_l2]` | Defines the SKU of an Azure Cognitive Search Service, which determines price tier and capacity limits. |
-| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. |
-| `tags` | object | `{object}` | | Tags to help categorize the resource in the Azure portal. |
-
-
-## Outputs
+## Usage examples
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the search service. |
-| `resourceGroupName` | string | The name of the resource group the search service was created in. |
-| `resourceId` | string | The resource ID of the search service. |
-
-## Cross-referenced modules
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-| Reference | Type |
-| :-- | :-- |
-| `network/private-endpoint` | Local reference |
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/search.search-service:1.0.0`.
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Using only defaults](#example-2-using-only-defaults)
+- [Pe](#example-3-pe)
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
-Example 1: Common
via Bicep module
```bicep
-module searchService './search/search-service/main.bicep' = {
+module searchService 'br:bicep/modules/search.search-service:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-ssscom'
params: {
// Required parameters
@@ -257,14 +211,17 @@ module searchService './search/search-service/main.bicep' = {
-
Example 2: Min
+### Example 2: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module searchService './search/search-service/main.bicep' = {
+module searchService 'br:bicep/modules/search.search-service:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-sssmin'
params: {
// Required parameters
@@ -302,14 +259,14 @@ module searchService './search/search-service/main.bicep' = {
-
Example 3: Pe
+### Example 3: _Pe_
via Bicep module
```bicep
-module searchService './search/search-service/main.bicep' = {
+module searchService 'br:bicep/modules/search.search-service:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-ssspe'
params: {
// Required parameters
@@ -432,3 +389,240 @@ module searchService './search/search-service/main.bicep' = {
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The name of the Azure Cognitive Search service to create or update. Search service names must only contain lowercase letters, digits or dashes, cannot use dash as the first two or last one characters, cannot contain consecutive dashes, and must be between 2 and 60 characters in length. Search service names must be globally unique since they are part of the service URI (https://.search.windows.net). You cannot change the service name after the service is created. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`authOptions`](#parameter-authoptions) | object | Defines the options for how the data plane API of a Search service authenticates requests. Must remain an empty object {} if 'disableLocalAuth' is set to true. |
+| [`cmkEnforcement`](#parameter-cmkenforcement) | string | Describes a policy that determines how resources within the search service are to be encrypted with Customer Managed Keys. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
+| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | When set to true, calls to the search service will not be permitted to utilize API keys for authentication. This cannot be set to true if 'authOptions' are defined. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). |
+| [`hostingMode`](#parameter-hostingmode) | string | Applicable only for the standard3 SKU. You can set this property to enable up to 3 high density partitions that allow up to 1000 indexes, which is much higher than the maximum indexes allowed for any other SKU. For the standard3 SKU, the value is either 'default' or 'highDensity'. For all other SKUs, this value must be 'default'. |
+| [`location`](#parameter-location) | string | Location for all Resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`networkRuleSet`](#parameter-networkruleset) | object | Network specific rules that determine how the Azure Cognitive Search service may be reached. |
+| [`partitionCount`](#parameter-partitioncount) | int | The number of partitions in the search service; if specified, it can be 1, 2, 3, 4, 6, or 12. Values greater than 1 are only valid for standard SKUs. For 'standard3' services with hostingMode set to 'highDensity', the allowed values are between 1 and 3. |
+| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. |
+| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | This value can be set to 'enabled' to avoid breaking changes on existing customer resources and templates. If set to 'disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method. |
+| [`replicaCount`](#parameter-replicacount) | int | The number of replicas in the search service. If specified, it must be a value between 1 and 12 inclusive for standard SKUs or between 1 and 3 inclusive for basic SKU. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`sharedPrivateLinkResources`](#parameter-sharedprivatelinkresources) | array | The sharedPrivateLinkResources to create as part of the search Service. |
+| [`sku`](#parameter-sku) | string | Defines the SKU of an Azure Cognitive Search Service, which determines price tier and capacity limits. |
+| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
+| [`tags`](#parameter-tags) | object | Tags to help categorize the resource in the Azure portal. |
+
+### Parameter: `authOptions`
+
+Defines the options for how the data plane API of a Search service authenticates requests. Must remain an empty object {} if 'disableLocalAuth' is set to true.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `cmkEnforcement`
+
+Describes a policy that determines how resources within the search service are to be encrypted with Customer Managed Keys.
+- Required: No
+- Type: string
+- Default: `'Unspecified'`
+- Allowed: `[Disabled, Enabled, Unspecified]`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed.
+- Required: No
+- Type: array
+- Default: `[OperationLogs]`
+- Allowed: `[OperationLogs]`
+
+### Parameter: `diagnosticMetricsToEnable`
+
+The name of metrics that will be streamed.
+- Required: No
+- Type: array
+- Default: `[AllMetrics]`
+- Allowed: `[AllMetrics]`
+
+### Parameter: `diagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `disableLocalAuth`
+
+When set to true, calls to the search service will not be permitted to utilize API keys for authentication. This cannot be set to true if 'authOptions' are defined.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via the Customer Usage Attribution ID (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `hostingMode`
+
+Applicable only for the standard3 SKU. You can set this property to enable up to 3 high density partitions that allow up to 1000 indexes, which is much higher than the maximum indexes allowed for any other SKU. For the standard3 SKU, the value is either 'default' or 'highDensity'. For all other SKUs, this value must be 'default'.
+- Required: No
+- Type: string
+- Default: `'default'`
+- Allowed: `[default, highDensity]`
+
+### Parameter: `location`
+
+Location for all Resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `name`
+
+The name of the Azure Cognitive Search service to create or update. Search service names must only contain lowercase letters, digits or dashes, cannot use dash as the first two or last one characters, cannot contain consecutive dashes, and must be between 2 and 60 characters in length. Search service names must be globally unique since they are part of the service URI (https://.search.windows.net). You cannot change the service name after the service is created.
+- Required: Yes
+- Type: string
+
+### Parameter: `networkRuleSet`
+
+Network specific rules that determine how the Azure Cognitive Search service may be reached.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `partitionCount`
+
+The number of partitions in the search service; if specified, it can be 1, 2, 3, 4, 6, or 12. Values greater than 1 are only valid for standard SKUs. For 'standard3' services with hostingMode set to 'highDensity', the allowed values are between 1 and 3.
+- Required: No
+- Type: int
+- Default: `1`
+
+### Parameter: `privateEndpoints`
+
+Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `publicNetworkAccess`
+
+This value can be set to 'enabled' to avoid breaking changes on existing customer resources and templates. If set to 'disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method.
+- Required: No
+- Type: string
+- Default: `'enabled'`
+- Allowed: `[disabled, enabled]`
+
+### Parameter: `replicaCount`
+
+The number of replicas in the search service. If specified, it must be a value between 1 and 12 inclusive for standard SKUs or between 1 and 3 inclusive for basic SKU.
+- Required: No
+- Type: int
+- Default: `1`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `sharedPrivateLinkResources`
+
+The sharedPrivateLinkResources to create as part of the search Service.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `sku`
+
+Defines the SKU of an Azure Cognitive Search Service, which determines price tier and capacity limits.
+- Required: No
+- Type: string
+- Default: `'standard'`
+- Allowed: `[basic, free, standard, standard2, standard3, storage_optimized_l1, storage_optimized_l2]`
+
+### Parameter: `systemAssignedIdentity`
+
+Enables system assigned managed identity on the resource.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags to help categorize the resource in the Azure portal.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the search service. |
+| `resourceGroupName` | string | The name of the resource group the search service was created in. |
+| `resourceId` | string | The resource ID of the search service. |
+
+## Cross-referenced modules
+
+This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+
+| Reference | Type |
+| :-- | :-- |
+| `modules/network/private-endpoint` | Local reference |
diff --git a/modules/search/search-service/main.json b/modules/search/search-service/main.json
index 395192b732..7a348d26c6 100644
--- a/modules/search/search-service/main.json
+++ b/modules/search/search-service/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "10072822591333511170"
+ "version": "0.22.6.54827",
+ "templateHash": "6550974299074570161"
},
"name": "Search Services",
"description": "This module deploys a Search Service.",
@@ -356,8 +356,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "11875440755487903509"
+ "version": "0.22.6.54827",
+ "templateHash": "18375388175912544361"
}
},
"parameters": {
@@ -520,8 +520,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "14580007913383558904"
+ "version": "0.22.6.54827",
+ "templateHash": "2884140170473394983"
},
"name": "Private Endpoints",
"description": "This module deploys a Private Endpoint.",
@@ -720,8 +720,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "2469208411936339153"
+ "version": "0.22.6.54827",
+ "templateHash": "5610247137574346230"
},
"name": "Private Endpoint Private DNS Zone Groups",
"description": "This module deploys a Private Endpoint Private DNS Zone Group.",
@@ -858,8 +858,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "13032708393704093995"
+ "version": "0.22.6.54827",
+ "templateHash": "14351187799927334028"
}
},
"parameters": {
@@ -1074,8 +1074,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "11160181254796997108"
+ "version": "0.22.6.54827",
+ "templateHash": "13590696020139320386"
},
"name": "Search Services Private Link Resources",
"description": "This module deploys a Search Service Private Link Resource.",
diff --git a/modules/search/search-service/shared-private-link-resource/README.md b/modules/search/search-service/shared-private-link-resource/README.md
index 130c6c31ef..1edd330b70 100644
--- a/modules/search/search-service/shared-private-link-resource/README.md
+++ b/modules/search/search-service/shared-private-link-resource/README.md
@@ -19,30 +19,74 @@ This module deploys a Search Service Private Link Resource.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `groupId` | string | The group ID from the provider of resource the shared private link resource is for. |
-| `name` | string | The name of the shared private link resource managed by the Azure Cognitive Search service within the specified resource group. |
-| `privateLinkResourceId` | string | The resource ID of the resource the shared private link resource is for. |
-| `requestMessage` | string | The request message for requesting approval of the shared private link resource. |
+| [`groupId`](#parameter-groupid) | string | The group ID from the provider of resource the shared private link resource is for. |
+| [`name`](#parameter-name) | string | The name of the shared private link resource managed by the Azure Cognitive Search service within the specified resource group. |
+| [`privateLinkResourceId`](#parameter-privatelinkresourceid) | string | The resource ID of the resource the shared private link resource is for. |
+| [`requestMessage`](#parameter-requestmessage) | string | The request message for requesting approval of the shared private link resource. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `searchServiceName` | string | The name of the parent searchServices. Required if the template is used in a standalone deployment. |
+| [`searchServiceName`](#parameter-searchservicename) | string | The name of the parent searchServices. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). |
-| `resourceRegion` | string | `''` | Can be used to specify the Azure Resource Manager location of the resource to which a shared private link is to be created. This is only required for those resources whose DNS configuration are regional (such as Azure Kubernetes Service). |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). |
+| [`resourceRegion`](#parameter-resourceregion) | string | Can be used to specify the Azure Resource Manager location of the resource to which a shared private link is to be created. This is only required for those resources whose DNS configuration are regional (such as Azure Kubernetes Service). |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via the Customer Usage Attribution ID (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `groupId`
+
+The group ID from the provider of resource the shared private link resource is for.
+- Required: Yes
+- Type: string
+
+### Parameter: `name`
+
+The name of the shared private link resource managed by the Azure Cognitive Search service within the specified resource group.
+- Required: Yes
+- Type: string
+
+### Parameter: `privateLinkResourceId`
+
+The resource ID of the resource the shared private link resource is for.
+- Required: Yes
+- Type: string
+
+### Parameter: `requestMessage`
+
+The request message for requesting approval of the shared private link resource.
+- Required: Yes
+- Type: string
+
+### Parameter: `resourceRegion`
+
+Can be used to specify the Azure Resource Manager location of the resource to which a shared private link is to be created. This is only required for those resources whose DNS configuration are regional (such as Azure Kubernetes Service).
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `searchServiceName`
+
+The name of the parent searchServices. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the shared private link resource. |
| `resourceGroupName` | string | The name of the resource group the shared private link resource was created in. |
diff --git a/modules/search/search-service/shared-private-link-resource/main.json b/modules/search/search-service/shared-private-link-resource/main.json
index 0c83833c1a..aa59a81fa9 100644
--- a/modules/search/search-service/shared-private-link-resource/main.json
+++ b/modules/search/search-service/shared-private-link-resource/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "13822392072513993341"
+ "version": "0.22.6.54827",
+ "templateHash": "13590696020139320386"
},
"name": "Search Services Private Link Resources",
"description": "This module deploys a Search Service Private Link Resource.",
diff --git a/modules/security/azure-security-center/.test/common/main.test.bicep b/modules/security/azure-security-center/.test/common/main.test.bicep
index 1ad4a24cdd..a1caae0519 100644
--- a/modules/security/azure-security-center/.test/common/main.test.bicep
+++ b/modules/security/azure-security-center/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/security/azure-security-center/README.md b/modules/security/azure-security-center/README.md
index 98bd54bdda..c567f6f48a 100644
--- a/modules/security/azure-security-center/README.md
+++ b/modules/security/azure-security-center/README.md
@@ -4,13 +4,13 @@ This module deploys an Azure Security Center (Defender for Cloud) Configuration.
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
@@ -21,66 +21,28 @@ This module deploys an Azure Security Center (Defender for Cloud) Configuration.
| `Microsoft.Security/securityContacts` | [2017-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Security/2017-08-01-preview/securityContacts) |
| `Microsoft.Security/workspaceSettings` | [2017-08-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Security/2017-08-01-preview/workspaceSettings) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `scope` | string | All the VMs in this scope will send their security data to the mentioned workspace unless overridden by a setting with more specific scope. |
-| `workspaceId` | string | The full Azure ID of the workspace to save the data in. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `appServicesPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for AppServices. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
-| `armPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for ARM. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
-| `autoProvision` | string | `'On'` | `[Off, On]` | Describes what kind of security agent provisioning action to take. - On or Off. |
-| `containerRegistryPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for ContainerRegistry. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
-| `containersTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for containers. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
-| `cosmosDbsTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for CosmosDbs. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
-| `deviceSecurityGroupProperties` | object | `{object}` | | Device Security group data. |
-| `dnsPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for DNS. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `ioTSecuritySolutionProperties` | object | `{object}` | | Security Solution data. |
-| `keyVaultsPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for KeyVaults. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
-| `kubernetesServicePricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for KubernetesService. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
-| `location` | string | `[deployment().location]` | | Location deployment metadata. |
-| `openSourceRelationalDatabasesTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for OpenSourceRelationalDatabases. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
-| `securityContactProperties` | object | `{object}` | | Security contact data. |
-| `sqlServersPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for SqlServers. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
-| `sqlServerVirtualMachinesPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for SqlServerVirtualMachines. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
-| `storageAccountsPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for StorageAccounts. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
-| `virtualMachinesPricingTier` | string | `'Free'` | `[Free, Standard]` | The pricing tier value for VMs. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
-
-
-## Outputs
+## Usage examples
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | The name of the security center. |
-| `workspaceId` | string | The resource ID of the used log analytics workspace. |
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-## Cross-referenced modules
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-_None_
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/security.azure-security-center:1.0.0`.
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
-Example 1: Common
via Bicep module
```bicep
-module azureSecurityCenter './security/azure-security-center/main.bicep' = {
+module azureSecurityCenter 'br:bicep/modules/security.azure-security-center:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-sasccom'
params: {
// Required parameters
@@ -131,3 +93,208 @@ module azureSecurityCenter './security/azure-security-center/main.bicep' = {
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`scope`](#parameter-scope) | string | All the VMs in this scope will send their security data to the mentioned workspace unless overridden by a setting with more specific scope. |
+| [`workspaceId`](#parameter-workspaceid) | string | The full Azure ID of the workspace to save the data in. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`appServicesPricingTier`](#parameter-appservicespricingtier) | string | The pricing tier value for AppServices. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
+| [`armPricingTier`](#parameter-armpricingtier) | string | The pricing tier value for ARM. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
+| [`autoProvision`](#parameter-autoprovision) | string | Describes what kind of security agent provisioning action to take. - On or Off. |
+| [`containerRegistryPricingTier`](#parameter-containerregistrypricingtier) | string | The pricing tier value for ContainerRegistry. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
+| [`containersTier`](#parameter-containerstier) | string | The pricing tier value for containers. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
+| [`cosmosDbsTier`](#parameter-cosmosdbstier) | string | The pricing tier value for CosmosDbs. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
+| [`deviceSecurityGroupProperties`](#parameter-devicesecuritygroupproperties) | object | Device Security group data. |
+| [`dnsPricingTier`](#parameter-dnspricingtier) | string | The pricing tier value for DNS. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`ioTSecuritySolutionProperties`](#parameter-iotsecuritysolutionproperties) | object | Security Solution data. |
+| [`keyVaultsPricingTier`](#parameter-keyvaultspricingtier) | string | The pricing tier value for KeyVaults. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
+| [`kubernetesServicePricingTier`](#parameter-kubernetesservicepricingtier) | string | The pricing tier value for KubernetesService. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
+| [`location`](#parameter-location) | string | Location deployment metadata. |
+| [`openSourceRelationalDatabasesTier`](#parameter-opensourcerelationaldatabasestier) | string | The pricing tier value for OpenSourceRelationalDatabases. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
+| [`securityContactProperties`](#parameter-securitycontactproperties) | object | Security contact data. |
+| [`sqlServersPricingTier`](#parameter-sqlserverspricingtier) | string | The pricing tier value for SqlServers. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
+| [`sqlServerVirtualMachinesPricingTier`](#parameter-sqlservervirtualmachinespricingtier) | string | The pricing tier value for SqlServerVirtualMachines. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
+| [`storageAccountsPricingTier`](#parameter-storageaccountspricingtier) | string | The pricing tier value for StorageAccounts. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
+| [`virtualMachinesPricingTier`](#parameter-virtualmachinespricingtier) | string | The pricing tier value for VMs. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. |
+
+### Parameter: `appServicesPricingTier`
+
+The pricing tier value for AppServices. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.
+- Required: No
+- Type: string
+- Default: `'Free'`
+- Allowed: `[Free, Standard]`
+
+### Parameter: `armPricingTier`
+
+The pricing tier value for ARM. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.
+- Required: No
+- Type: string
+- Default: `'Free'`
+- Allowed: `[Free, Standard]`
+
+### Parameter: `autoProvision`
+
+Describes what kind of security agent provisioning action to take. - On or Off.
+- Required: No
+- Type: string
+- Default: `'On'`
+- Allowed: `[Off, On]`
+
+### Parameter: `containerRegistryPricingTier`
+
+The pricing tier value for ContainerRegistry. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.
+- Required: No
+- Type: string
+- Default: `'Free'`
+- Allowed: `[Free, Standard]`
+
+### Parameter: `containersTier`
+
+The pricing tier value for containers. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.
+- Required: No
+- Type: string
+- Default: `'Free'`
+- Allowed: `[Free, Standard]`
+
+### Parameter: `cosmosDbsTier`
+
+The pricing tier value for CosmosDbs. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.
+- Required: No
+- Type: string
+- Default: `'Free'`
+- Allowed: `[Free, Standard]`
+
+### Parameter: `deviceSecurityGroupProperties`
+
+Device Security group data.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `dnsPricingTier`
+
+The pricing tier value for DNS. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.
+- Required: No
+- Type: string
+- Default: `'Free'`
+- Allowed: `[Free, Standard]`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `ioTSecuritySolutionProperties`
+
+Security Solution data.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `keyVaultsPricingTier`
+
+The pricing tier value for KeyVaults. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.
+- Required: No
+- Type: string
+- Default: `'Free'`
+- Allowed: `[Free, Standard]`
+
+### Parameter: `kubernetesServicePricingTier`
+
+The pricing tier value for KubernetesService. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.
+- Required: No
+- Type: string
+- Default: `'Free'`
+- Allowed: `[Free, Standard]`
+
+### Parameter: `location`
+
+Location deployment metadata.
+- Required: No
+- Type: string
+- Default: `[deployment().location]`
+
+### Parameter: `openSourceRelationalDatabasesTier`
+
+The pricing tier value for OpenSourceRelationalDatabases. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.
+- Required: No
+- Type: string
+- Default: `'Free'`
+- Allowed: `[Free, Standard]`
+
+### Parameter: `scope`
+
+All the VMs in this scope will send their security data to the mentioned workspace unless overridden by a setting with more specific scope.
+- Required: Yes
+- Type: string
+
+### Parameter: `securityContactProperties`
+
+Security contact data.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `sqlServersPricingTier`
+
+The pricing tier value for SqlServers. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.
+- Required: No
+- Type: string
+- Default: `'Free'`
+- Allowed: `[Free, Standard]`
+
+### Parameter: `sqlServerVirtualMachinesPricingTier`
+
+The pricing tier value for SqlServerVirtualMachines. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.
+- Required: No
+- Type: string
+- Default: `'Free'`
+- Allowed: `[Free, Standard]`
+
+### Parameter: `storageAccountsPricingTier`
+
+The pricing tier value for StorageAccounts. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.
+- Required: No
+- Type: string
+- Default: `'Free'`
+- Allowed: `[Free, Standard]`
+
+### Parameter: `virtualMachinesPricingTier`
+
+The pricing tier value for VMs. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard.
+- Required: No
+- Type: string
+- Default: `'Free'`
+- Allowed: `[Free, Standard]`
+
+### Parameter: `workspaceId`
+
+The full Azure ID of the workspace to save the data in.
+- Required: Yes
+- Type: string
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the security center. |
+| `workspaceId` | string | The resource ID of the used log analytics workspace. |
+
+## Cross-referenced modules
+
+_None_
diff --git a/modules/security/azure-security-center/main.json b/modules/security/azure-security-center/main.json
index d9d382b69c..cf4fce1f0b 100644
--- a/modules/security/azure-security-center/main.json
+++ b/modules/security/azure-security-center/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "11416260825097629257"
+ "version": "0.22.6.54827",
+ "templateHash": "5337788890835022528"
},
"name": "Azure Security Center (Defender for Cloud)",
"description": "This module deploys an Azure Security Center (Defender for Cloud) Configuration.",
@@ -364,8 +364,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.21.1.54444",
- "templateHash": "13016057569340125747"
+ "version": "0.22.6.54827",
+ "templateHash": "15519935694361963633"
}
},
"parameters": {
diff --git a/modules/service-bus/namespace/.test/common/main.test.bicep b/modules/service-bus/namespace/.test/common/main.test.bicep
index e0ad9fc570..b7ffb57b2a 100644
--- a/modules/service-bus/namespace/.test/common/main.test.bicep
+++ b/modules/service-bus/namespace/.test/common/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using large parameter set'
+metadata description = 'This instance deploys the module with most of its features enabled.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/service-bus/namespace/.test/min/main.test.bicep b/modules/service-bus/namespace/.test/min/main.test.bicep
index 0656221b4e..81c5af272a 100644
--- a/modules/service-bus/namespace/.test/min/main.test.bicep
+++ b/modules/service-bus/namespace/.test/min/main.test.bicep
@@ -1,5 +1,8 @@
targetScope = 'subscription'
+metadata name = 'Using only defaults'
+metadata description = 'This instance deploys the module with the minimum set of required parameters.'
+
// ========== //
// Parameters //
// ========== //
diff --git a/modules/service-bus/namespace/README.md b/modules/service-bus/namespace/README.md
index eb97303df4..67292d6834 100644
--- a/modules/service-bus/namespace/README.md
+++ b/modules/service-bus/namespace/README.md
@@ -4,13 +4,13 @@ This module deploys a Service Bus Namespace.
## Navigation
-- [Resource types](#Resource-types)
+- [Resource Types](#Resource-Types)
+- [Usage examples](#Usage-examples)
- [Parameters](#Parameters)
- [Outputs](#Outputs)
- [Cross-referenced modules](#Cross-referenced-modules)
-- [Deployment examples](#Deployment-examples)
-## Resource types
+## Resource Types
| Resource Type | API Version |
| :-- | :-- |
@@ -29,92 +29,31 @@ This module deploys a Service Bus Namespace.
| `Microsoft.ServiceBus/namespaces/topics` | [2022-10-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2022-10-01-preview/namespaces/topics) |
| `Microsoft.ServiceBus/namespaces/topics/authorizationRules` | [2022-10-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2022-10-01-preview/namespaces/topics/authorizationRules) |
-## Parameters
-
-**Required parameters**
-
-| Parameter Name | Type | Description |
-| :-- | :-- | :-- |
-| `name` | string | Name of the Service Bus Namespace. |
-
-**Conditional parameters**
-
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. |
-
-**Optional parameters**
-
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `alternateName` | string | `''` | | Alternate name for namespace. |
-| `authorizationRules` | array | `[System.Management.Automation.OrderedHashtable]` | | Authorization Rules for the Service Bus namespace. |
-| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. If not provided, encryption is automatically enabled with a Microsoft-managed key. |
-| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
-| `cMKUserAssignedIdentityResourceId` | string | `''` | | User assigned identity to use when fetching the customer managed key. If not provided, a system-assigned identity can be used - but must be given access to the referenced key vault first. |
-| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
-| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
-| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, OperationalLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
-| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. |
-| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". |
-| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. |
-| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. |
-| `disableLocalAuth` | bool | `True` | | This property disables SAS authentication for the Service Bus namespace. |
-| `disasterRecoveryConfigs` | object | `{object}` | | The disaster recovery configuration. |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `location` | string | `[resourceGroup().location]` | | Location for all resources. |
-| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. |
-| `migrationConfigurations` | object | `{object}` | | The migration configuration. |
-| `minimumTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | The minimum TLS version for the cluster to support. |
-| `networkRuleSets` | object | `{object}` | | Configure networking options for Premium SKU Service Bus. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. |
-| `premiumMessagingPartitions` | int | `1` | | The number of partitions of a Service Bus namespace. This property is only applicable to Premium SKU namespaces. The default value is 1 and possible values are 1, 2 and 4. |
-| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. |
-| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled, SecuredByPerimeter]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. |
-| `queues` | array | `[]` | | The queues to create in the service bus namespace. |
-| `requireInfrastructureEncryption` | bool | `True` | | Enable infrastructure encryption (double encryption). Note, this setting requires the configuration of Customer-Managed-Keys (CMK) via the corresponding module parameters. |
-| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
-| `skuCapacity` | int | `1` | `[1, 2, 4, 8, 16, 32]` | The specified messaging units for the tier. Only used for Premium Sku tier. |
-| `skuName` | string | `'Basic'` | `[Basic, Premium, Standard]` | Name of this SKU. - Basic, Standard, Premium. |
-| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. |
-| `tags` | object | `{object}` | | Tags of the resource. |
-| `topics` | array | `[]` | | The topics to create in the service bus namespace. |
-| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. |
-| `zoneRedundant` | bool | `False` | | Enabling this property creates a Premium Service Bus Namespace in regions supported availability zones. |
-
-
-## Outputs
-
-| Output Name | Type | Description |
-| :-- | :-- | :-- |
-| `location` | string | The location the resource was deployed into. |
-| `name` | string | The name of the deployed service bus namespace. |
-| `resourceGroupName` | string | The resource group of the deployed service bus namespace. |
-| `resourceId` | string | The resource ID of the deployed service bus namespace. |
-| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
+## Usage examples
-## Cross-referenced modules
+The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository.
+ >**Note**: The name of each example is based on the name of the file from which it is taken.
-This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+ >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-| Reference | Type |
-| :-- | :-- |
-| `network/private-endpoint` | Local reference |
+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/service-bus.namespace:1.0.0`.
-## Deployment examples
+- [Using large parameter set](#example-1-using-large-parameter-set)
+- [Encr](#example-2-encr)
+- [Using only defaults](#example-3-using-only-defaults)
+- [Pe](#example-4-pe)
-The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder.
- >**Note**: The name of each example is based on the name of the file from which it is taken.
+### Example 1: _Using large parameter set_
- >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
+This instance deploys the module with most of its features enabled.
-Example 1: Common
via Bicep module
```bicep
-module namespace './service-bus/namespace/main.bicep' = {
+module namespace 'br:bicep/modules/service-bus.namespace:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-sbncom'
params: {
// Required parameters
@@ -488,14 +427,14 @@ module namespace './service-bus/namespace/main.bicep' = {
-
Example 2: Encr
+### Example 2: _Encr_
via Bicep module
```bicep
-module namespace './service-bus/namespace/main.bicep' = {
+module namespace 'br:bicep/modules/service-bus.namespace:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-sbnencr'
params: {
// Required parameters
@@ -671,14 +610,17 @@ module namespace './service-bus/namespace/main.bicep' = {
-
Example 3: Min
+### Example 3: _Using only defaults_
+
+This instance deploys the module with the minimum set of required parameters.
+
via Bicep module
```bicep
-module namespace './service-bus/namespace/main.bicep' = {
+module namespace 'br:bicep/modules/service-bus.namespace:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-sbnmin'
params: {
// Required parameters
@@ -716,14 +658,14 @@ module namespace './service-bus/namespace/main.bicep' = {
-
Example 4: Pe
+### Example 4: _Pe_
via Bicep module
```bicep
-module namespace './service-bus/namespace/main.bicep' = {
+module namespace 'br:bicep/modules/service-bus.namespace:1.0.0' = {
name: '${uniqueString(deployment().name, location)}-test-sbnpe'
params: {
// Required parameters
@@ -814,3 +756,326 @@ module namespace './service-bus/namespace/main.bicep' = {
+
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | Name of the Service Bus Namespace. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`alternateName`](#parameter-alternatename) | string | Alternate name for namespace. |
+| [`authorizationRules`](#parameter-authorizationrules) | array | Authorization Rules for the Service Bus namespace. |
+| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. If not provided, encryption is automatically enabled with a Microsoft-managed key. |
+| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
+| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. If not provided, a system-assigned identity can be used - but must be given access to the referenced key vault first. |
+| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. |
+| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. |
+| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. |
+| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. |
+| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". |
+| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. |
+| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. |
+| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | This property disables SAS authentication for the Service Bus namespace. |
+| [`disasterRecoveryConfigs`](#parameter-disasterrecoveryconfigs) | object | The disaster recovery configuration. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`location`](#parameter-location) | string | Location for all resources. |
+| [`lock`](#parameter-lock) | string | Specify the type of lock. |
+| [`migrationConfigurations`](#parameter-migrationconfigurations) | object | The migration configuration. |
+| [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | The minimum TLS version for the cluster to support. |
+| [`networkRuleSets`](#parameter-networkrulesets) | object | Configure networking options for Premium SKU Service Bus. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. |
+| [`premiumMessagingPartitions`](#parameter-premiummessagingpartitions) | int | The number of partitions of a Service Bus namespace. This property is only applicable to Premium SKU namespaces. The default value is 1 and possible values are 1, 2 and 4. |
+| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. |
+| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. |
+| [`queues`](#parameter-queues) | array | The queues to create in the service bus namespace. |
+| [`requireInfrastructureEncryption`](#parameter-requireinfrastructureencryption) | bool | Enable infrastructure encryption (double encryption). Note, this setting requires the configuration of Customer-Managed-Keys (CMK) via the corresponding module parameters. |
+| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| [`skuCapacity`](#parameter-skucapacity) | int | The specified messaging units for the tier. Only used for Premium Sku tier. |
+| [`skuName`](#parameter-skuname) | string | Name of this SKU. - Basic, Standard, Premium. |
+| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. |
+| [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`topics`](#parameter-topics) | array | The topics to create in the service bus namespace. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. |
+| [`zoneRedundant`](#parameter-zoneredundant) | bool | Enabling this property creates a Premium Service Bus Namespace in regions supported availability zones. |
+
+### Parameter: `alternateName`
+
+Alternate name for namespace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `authorizationRules`
+
+Authorization Rules for the Service Bus namespace.
+- Required: No
+- Type: array
+- Default: `[System.Management.Automation.OrderedHashtable]`
+
+### Parameter: `cMKKeyName`
+
+The name of the customer managed key to use for encryption. If not provided, encryption is automatically enabled with a Microsoft-managed key.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKKeyVaultResourceId`
+
+The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKKeyVersion`
+
+The version of the customer managed key to reference for encryption. If not provided, the latest key version is used.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `cMKUserAssignedIdentityResourceId`
+
+User assigned identity to use when fetching the customer managed key. If not provided, a system-assigned identity can be used - but must be given access to the referenced key vault first.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubAuthorizationRuleId`
+
+Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticEventHubName`
+
+Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticLogCategoriesToEnable`
+
+The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection.
+- Required: No
+- Type: array
+- Default: `[allLogs]`
+- Allowed: `['', allLogs, OperationalLogs]`
+
+### Parameter: `diagnosticMetricsToEnable`
+
+The name of metrics that will be streamed.
+- Required: No
+- Type: array
+- Default: `[AllMetrics]`
+- Allowed: `[AllMetrics]`
+
+### Parameter: `diagnosticSettingsName`
+
+The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings".
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticStorageAccountId`
+
+Resource ID of the diagnostic storage account.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `diagnosticWorkspaceId`
+
+Resource ID of the diagnostic log analytics workspace.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `disableLocalAuth`
+
+This property disables SAS authentication for the Service Bus namespace.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `disasterRecoveryConfigs`
+
+The disaster recovery configuration.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `location`
+
+Location for all resources.
+- Required: No
+- Type: string
+- Default: `[resourceGroup().location]`
+
+### Parameter: `lock`
+
+Specify the type of lock.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', CanNotDelete, ReadOnly]`
+
+### Parameter: `migrationConfigurations`
+
+The migration configuration.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `minimumTlsVersion`
+
+The minimum TLS version for the cluster to support.
+- Required: No
+- Type: string
+- Default: `'1.2'`
+- Allowed: `[1.0, 1.1, 1.2]`
+
+### Parameter: `name`
+
+Name of the Service Bus Namespace.
+- Required: Yes
+- Type: string
+
+### Parameter: `networkRuleSets`
+
+Configure networking options for Premium SKU Service Bus. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `premiumMessagingPartitions`
+
+The number of partitions of a Service Bus namespace. This property is only applicable to Premium SKU namespaces. The default value is 1 and possible values are 1, 2 and 4.
+- Required: No
+- Type: int
+- Default: `1`
+
+### Parameter: `privateEndpoints`
+
+Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `publicNetworkAccess`
+
+Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set.
+- Required: No
+- Type: string
+- Default: `''`
+- Allowed: `['', Disabled, Enabled, SecuredByPerimeter]`
+
+### Parameter: `queues`
+
+The queues to create in the service bus namespace.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `requireInfrastructureEncryption`
+
+Enable infrastructure encryption (double encryption). Note, this setting requires the configuration of Customer-Managed-Keys (CMK) via the corresponding module parameters.
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `roleAssignments`
+
+Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `skuCapacity`
+
+The specified messaging units for the tier. Only used for Premium Sku tier.
+- Required: No
+- Type: int
+- Default: `1`
+- Allowed: `[1, 2, 4, 8, 16, 32]`
+
+### Parameter: `skuName`
+
+Name of this SKU. - Basic, Standard, Premium.
+- Required: No
+- Type: string
+- Default: `'Basic'`
+- Allowed: `[Basic, Premium, Standard]`
+
+### Parameter: `systemAssignedIdentity`
+
+Enables system assigned managed identity on the resource.
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `tags`
+
+Tags of the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `topics`
+
+The topics to create in the service bus namespace.
+- Required: No
+- Type: array
+- Default: `[]`
+
+### Parameter: `userAssignedIdentities`
+
+The ID(s) to assign to the resource.
+- Required: No
+- Type: object
+- Default: `{object}`
+
+### Parameter: `zoneRedundant`
+
+Enabling this property creates a Premium Service Bus Namespace in regions supported availability zones.
+- Required: No
+- Type: bool
+- Default: `False`
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `location` | string | The location the resource was deployed into. |
+| `name` | string | The name of the deployed service bus namespace. |
+| `resourceGroupName` | string | The resource group of the deployed service bus namespace. |
+| `resourceId` | string | The resource ID of the deployed service bus namespace. |
+| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. |
+
+## Cross-referenced modules
+
+This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs).
+
+| Reference | Type |
+| :-- | :-- |
+| `modules/network/private-endpoint` | Local reference |
diff --git a/modules/service-bus/namespace/authorization-rule/README.md b/modules/service-bus/namespace/authorization-rule/README.md
index 04226f8184..b4bec73526 100644
--- a/modules/service-bus/namespace/authorization-rule/README.md
+++ b/modules/service-bus/namespace/authorization-rule/README.md
@@ -19,27 +19,54 @@ This module deploys a Service Bus Namespace Authorization Rule.
**Required parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `name` | string | The name of the authorization rule. |
+| [`name`](#parameter-name) | string | The name of the authorization rule. |
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `namespaceName` | string | The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. |
+| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Allowed Values | Description |
-| :-- | :-- | :-- | :-- | :-- |
-| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `rights` | array | `[]` | `[Listen, Manage, Send]` | The rights associated with the rule. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`rights`](#parameter-rights) | array | The rights associated with the rule. |
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `name`
+
+The name of the authorization rule.
+- Required: Yes
+- Type: string
+
+### Parameter: `namespaceName`
+
+The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `rights`
+
+The rights associated with the rule.
+- Required: No
+- Type: array
+- Default: `[]`
+- Allowed: `[Listen, Manage, Send]`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the authorization rule. |
| `resourceGroupName` | string | The name of the Resource Group the authorization rule was created in. |
diff --git a/modules/service-bus/namespace/disaster-recovery-config/README.md b/modules/service-bus/namespace/disaster-recovery-config/README.md
index 117b394910..f018bb7277 100644
--- a/modules/service-bus/namespace/disaster-recovery-config/README.md
+++ b/modules/service-bus/namespace/disaster-recovery-config/README.md
@@ -19,23 +19,57 @@ This module deploys a Service Bus Namespace Disaster Recovery Config
**Conditional parameters**
-| Parameter Name | Type | Description |
+| Parameter | Type | Description |
| :-- | :-- | :-- |
-| `namespaceName` | string | The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. |
+| [`namespaceName`](#parameter-namespacename) | string | The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. |
**Optional parameters**
-| Parameter Name | Type | Default Value | Description |
-| :-- | :-- | :-- | :-- |
-| `alternateName` | string | `''` | Primary/Secondary eventhub namespace name, which is part of GEO DR pairing. |
-| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). |
-| `name` | string | `'default'` | The name of the disaster recovery config. |
-| `partnerNamespaceResourceID` | string | `''` | Resource ID of the Primary/Secondary event hub namespace name, which is part of GEO DR pairing. |
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`alternateName`](#parameter-alternatename) | string | Primary/Secondary eventhub namespace name, which is part of GEO DR pairing. |
+| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). |
+| [`name`](#parameter-name) | string | The name of the disaster recovery config. |
+| [`partnerNamespaceResourceID`](#parameter-partnernamespaceresourceid) | string | Resource ID of the Primary/Secondary event hub namespace name, which is part of GEO DR pairing. |
+
+### Parameter: `alternateName`
+
+Primary/Secondary eventhub namespace name, which is part of GEO DR pairing.
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `enableDefaultTelemetry`
+
+Enable telemetry via a Globally Unique Identifier (GUID).
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `name`
+
+The name of the disaster recovery config.
+- Required: No
+- Type: string
+- Default: `'default'`
+
+### Parameter: `namespaceName`
+
+The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment.
+- Required: Yes
+- Type: string
+
+### Parameter: `partnerNamespaceResourceID`
+
+Resource ID of the Primary/Secondary event hub namespace name, which is part of GEO DR pairing.
+- Required: No
+- Type: string
+- Default: `''`
## Outputs
-| Output Name | Type | Description |
+| Output | Type | Description |
| :-- | :-- | :-- |
| `name` | string | The name of the disaster recovery config. |
| `resourceGroupName` | string | The name of the Resource Group the disaster recovery config was created in. |