module update

Azure · Sep 20, 2024 · 4f21744 · 4f21744
1 parent 07a0593
commit 4f21744
Show file tree

Hide file tree

Showing 5 changed files with 299 additions and 178 deletions.
diff --git a/avm/res/sql/server/README.md b/avm/res/sql/server/README.md
@@ -1139,6 +1139,7 @@ module server 'br/public:avm/res/sql/server:<version>' = {
 | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. |
 | [`encryptionProtectorObj`](#parameter-encryptionprotectorobj) | object | The encryption protection configuration. |
 | [`firewallRules`](#parameter-firewallrules) | array | The firewall rules to create in the server. |
+| [`isIPv6Enabled`](#parameter-isipv6enabled) | string | Whether or not to enable IPv6 support for this server. |
 | [`keys`](#parameter-keys) | array | The keys to configure. |
 | [`location`](#parameter-location) | string | Location for all resources. |
 | [`lock`](#parameter-lock) | object | The lock settings of the service. |
@@ -1336,6 +1337,21 @@ The firewall rules to create in the server.
 - Type: array
 - Default: `[]`
 
+### Parameter: `isIPv6Enabled`
+
+Whether or not to enable IPv6 support for this server.
+
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+- Allowed:
+ ```Bicep
+ [
+ 'Disabled'
+ 'Enabled'
+ ]
+ ```
+
 ### Parameter: `keys`
 
 The keys to configure.
@@ -1429,6 +1445,7 @@ Minimal TLS version allowed.
  '1.0'
  '1.1'
  '1.2'
+ '1.3'
  ]
  ```
 
@@ -1851,6 +1868,7 @@ Whether or not public network access is allowed for this resource. For security
  ''
  'Disabled'
  'Enabled'
+ 'SecuredByPerimeter'
  ]
  ```
 

diff --git a/avm/res/sql/server/database/main.bicep b/avm/res/sql/server/database/main.bicep
@@ -211,12 +211,8 @@ module database_backupShortTermRetentionPolicy 'backup-short-term-retention-poli
  params: {
  serverName: serverName
  databaseName: database.name
- diffBackupIntervalInHours: contains(backupShortTermRetentionPolicy, 'diffBackupIntervalInHours')
- ? backupShortTermRetentionPolicy.diffBackupIntervalInHours
- : 24
- retentionDays: contains(backupShortTermRetentionPolicy, 'retentionDays')
- ? backupShortTermRetentionPolicy.retentionDays
- : 7
+ diffBackupIntervalInHours: backupShortTermRetentionPolicy.?diffBackupIntervalInHours ?? 24
+ retentionDays: backupShortTermRetentionPolicy.?retentionDays ?? 7
  }
 }
 
@@ -225,16 +221,10 @@ module database_backupLongTermRetentionPolicy 'backup-long-term-retention-policy
  params: {
  serverName: serverName
  databaseName: database.name
- weeklyRetention: contains(backupLongTermRetentionPolicy, 'weeklyRetention')
- ? backupLongTermRetentionPolicy.weeklyRetention
- : ''
- monthlyRetention: contains(backupLongTermRetentionPolicy, 'monthlyRetention')
- ? backupLongTermRetentionPolicy.monthlyRetention
- : ''
- yearlyRetention: contains(backupLongTermRetentionPolicy, 'yearlyRetention')
- ? backupLongTermRetentionPolicy.yearlyRetention
- : ''
- weekOfYear: contains(backupLongTermRetentionPolicy, 'weekOfYear') ? backupLongTermRetentionPolicy.weekOfYear : 1
+ weeklyRetention: backupLongTermRetentionPolicy.?weeklyRetention ?? ''
+ monthlyRetention: backupLongTermRetentionPolicy.?monthlyRetention ?? ''
+ yearlyRetention: backupLongTermRetentionPolicy.?yearlyRetention ?? ''
+ weekOfYear: backupLongTermRetentionPolicy.?weekOfYear ?? 1
  }
 }
 

diff --git a/avm/res/sql/server/database/main.json b/avm/res/sql/server/database/main.json
@@ -6,7 +6,7 @@
  "_generator": {
  "name": "bicep",
  "version": "0.29.47.4906",
- "templateHash": "6019999815954957727"
+ "templateHash": "1805182723135951408"
  },
  "name": "SQL Server Database",
  "description": "This module deploys an Azure SQL Server Database.",
@@ -474,8 +474,12 @@
  "databaseName": {
  "value": "[parameters('name')]"
  },
- "diffBackupIntervalInHours": "[if(contains(parameters('backupShortTermRetentionPolicy'), 'diffBackupIntervalInHours'), createObject('value', parameters('backupShortTermRetentionPolicy').diffBackupIntervalInHours), createObject('value', 24))]",
- "retentionDays": "[if(contains(parameters('backupShortTermRetentionPolicy'), 'retentionDays'), createObject('value', parameters('backupShortTermRetentionPolicy').retentionDays), createObject('value', 7))]"
+ "diffBackupIntervalInHours": {
+ "value": "[coalesce(tryGet(parameters('backupShortTermRetentionPolicy'), 'diffBackupIntervalInHours'), 24)]"
+ },
+ "retentionDays": {
+ "value": "[coalesce(tryGet(parameters('backupShortTermRetentionPolicy'), 'retentionDays'), 7)]"
+ }
  },
  "template": {
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -574,10 +578,18 @@
  "databaseName": {
  "value": "[parameters('name')]"
  },
- "weeklyRetention": "[if(contains(parameters('backupLongTermRetentionPolicy'), 'weeklyRetention'), createObject('value', parameters('backupLongTermRetentionPolicy').weeklyRetention), createObject('value', ''))]",
- "monthlyRetention": "[if(contains(parameters('backupLongTermRetentionPolicy'), 'monthlyRetention'), createObject('value', parameters('backupLongTermRetentionPolicy').monthlyRetention), createObject('value', ''))]",
- "yearlyRetention": "[if(contains(parameters('backupLongTermRetentionPolicy'), 'yearlyRetention'), createObject('value', parameters('backupLongTermRetentionPolicy').yearlyRetention), createObject('value', ''))]",
- "weekOfYear": "[if(contains(parameters('backupLongTermRetentionPolicy'), 'weekOfYear'), createObject('value', parameters('backupLongTermRetentionPolicy').weekOfYear), createObject('value', 1))]"
+ "weeklyRetention": {
+ "value": "[coalesce(tryGet(parameters('backupLongTermRetentionPolicy'), 'weeklyRetention'), '')]"
+ },
+ "monthlyRetention": {
+ "value": "[coalesce(tryGet(parameters('backupLongTermRetentionPolicy'), 'monthlyRetention'), '')]"
+ },
+ "yearlyRetention": {
+ "value": "[coalesce(tryGet(parameters('backupLongTermRetentionPolicy'), 'yearlyRetention'), '')]"
+ },
+ "weekOfYear": {
+ "value": "[coalesce(tryGet(parameters('backupLongTermRetentionPolicy'), 'weekOfYear'), 1)]"
+ }
  },
  "template": {
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",

diff --git a/avm/res/sql/server/main.bicep b/avm/res/sql/server/main.bicep
@@ -58,10 +58,18 @@ param administrators object = {}
  '1.0'
  '1.1'
  '1.2'
+ '1.3'
 ])
 @description('Optional. Minimal TLS version allowed.')
 param minimalTlsVersion string = '1.2'
 
+@allowed([
+ 'Disabled'
+ 'Enabled'
+])
+@description('Optional. Whether or not to enable IPv6 support for this server.')
+param isIPv6Enabled string = 'Disabled'
+
 @description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.')
 param privateEndpoints privateEndpointType
 
@@ -70,6 +78,7 @@ param privateEndpoints privateEndpointType
  ''
  'Enabled'
  'Disabled'
+ 'SecuredByPerimeter'
 ])
 param publicNetworkAccess string = ''
 
@@ -199,9 +208,10 @@ resource server 'Microsoft.Sql/servers@2023-08-01-preview' = {
  minimalTlsVersion: minimalTlsVersion
  primaryUserAssignedIdentityId: !empty(primaryUserAssignedIdentityId) ? primaryUserAssignedIdentityId : null
  publicNetworkAccess: !empty(publicNetworkAccess)
- ? any(publicNetworkAccess)
+ ? publicNetworkAccess
  : (!empty(privateEndpoints) && empty(firewallRules) && empty(virtualNetworkRules) ? 'Disabled' : null)
  restrictOutboundNetworkAccess: !empty(restrictOutboundNetworkAccess) ? restrictOutboundNetworkAccess : null
+ isIPv6Enabled: isIPv6Enabled
  }
 }
 
@@ -238,48 +248,34 @@ module server_databases 'database/main.bicep' = [
  params: {
  name: database.name
  serverName: server.name
- skuTier: contains(database, 'skuTier') ? database.skuTier : 'GeneralPurpose'
- skuName: contains(database, 'skuName') ? database.skuName : 'GP_Gen5_2'
+ skuTier: database.?skuTier ?? 'GeneralPurpose'
+ skuName: database.?skuName ?? 'GP_Gen5_2'
  skuCapacity: database.?skuCapacity
- skuFamily: contains(database, 'skuFamily') ? database.skuFamily : ''
- skuSize: contains(database, 'skuSize') ? database.skuSize : ''
- collation: contains(database, 'collation') ? database.collation : 'SQL_Latin1_General_CP1_CI_AS'
- maxSizeBytes: contains(database, 'maxSizeBytes') ? database.maxSizeBytes : 34359738368
- autoPauseDelay: contains(database, 'autoPauseDelay') ? database.autoPauseDelay : 0
+ skuFamily: database.?skuFamily ?? ''
+ skuSize: database.?skuSize ?? ''
+ collation: database.?collation ?? 'SQL_Latin1_General_CP1_CI_AS'
+ maxSizeBytes: database.?maxSizeBytes ?? 34359738368
+ autoPauseDelay: database.?autoPauseDelay ?? 0
  diagnosticSettings: database.?diagnosticSettings
- isLedgerOn: contains(database, 'isLedgerOn') ? database.isLedgerOn : false
+ isLedgerOn: database.?isLedgerOn ?? false
  location: location
- licenseType: contains(database, 'licenseType') ? database.licenseType : ''
- maintenanceConfigurationId: contains(database, 'maintenanceConfigurationId')
- ? database.maintenanceConfigurationId
- : ''
- minCapacity: contains(database, 'minCapacity') ? database.minCapacity : ''
- highAvailabilityReplicaCount: contains(database, 'highAvailabilityReplicaCount')
- ? database.highAvailabilityReplicaCount
- : 0
- readScale: contains(database, 'readScale') ? database.readScale : 'Disabled'
- requestedBackupStorageRedundancy: contains(database, 'requestedBackupStorageRedundancy')
- ? database.requestedBackupStorageRedundancy
- : ''
- sampleName: contains(database, 'sampleName') ? database.sampleName : ''
+ licenseType: database.?licenseType ?? ''
+ maintenanceConfigurationId: database.?maintenanceConfigurationId ?? ''
+ minCapacity: database.?minCapacity ?? ''
+ highAvailabilityReplicaCount: database.?highAvailabilityReplicaCount ?? 0
+ readScale: database.?readScale ?? 'Disabled'
+ requestedBackupStorageRedundancy: database.?requestedBackupStorageRedundancy ?? ''
+ sampleName: database.?sampleName ?? ''
  tags: database.?tags ?? tags
- zoneRedundant: contains(database, 'zoneRedundant') ? database.zoneRedundant : true
- elasticPoolId: contains(database, 'elasticPoolId') ? database.elasticPoolId : ''
- backupShortTermRetentionPolicy: contains(database, 'backupShortTermRetentionPolicy')
- ? database.backupShortTermRetentionPolicy
- : {}
- backupLongTermRetentionPolicy: contains(database, 'backupLongTermRetentionPolicy')
- ? database.backupLongTermRetentionPolicy
- : {}
- createMode: contains(database, 'createMode') ? database.createMode : 'Default'
- sourceDatabaseResourceId: contains(database, 'sourceDatabaseResourceId') ? database.sourceDatabaseResourceId : ''
- sourceDatabaseDeletionDate: contains(database, 'sourceDatabaseDeletionDate')
- ? database.sourceDatabaseDeletionDate
- : ''
- recoveryServicesRecoveryPointResourceId: contains(database, 'recoveryServicesRecoveryPointResourceId')
- ? database.recoveryServicesRecoveryPointResourceId
- : ''
- restorePointInTime: contains(database, 'restorePointInTime') ? database.restorePointInTime : ''
+ zoneRedundant: database.?zoneRedundant ?? true
+ elasticPoolId: database.?elasticPoolId ?? ''
+ backupShortTermRetentionPolicy: database.?backupShortTermRetentionPolicy ?? {}
+ backupLongTermRetentionPolicy: database.?backupLongTermRetentionPolicy ?? {}
+ createMode: database.?createMode ?? 'Default'
+ sourceDatabaseResourceId: database.?sourceDatabaseResourceId ?? ''
+ sourceDatabaseDeletionDate: database.?sourceDatabaseDeletionDate ?? ''
+ recoveryServicesRecoveryPointResourceId: database.?recoveryServicesRecoveryPointResourceId ?? ''
+ restorePointInTime: database.?restorePointInTime ?? ''
  }
  dependsOn: [
  server_elasticPools // Enables us to add databases to existing elastic pools
@@ -293,19 +289,17 @@ module server_elasticPools 'elastic-pool/main.bicep' = [
  params: {
  name: elasticPool.name
  serverName: server.name
- databaseMaxCapacity: contains(elasticPool, 'databaseMaxCapacity') ? elasticPool.databaseMaxCapacity : 2
- databaseMinCapacity: contains(elasticPool, 'databaseMinCapacity') ? elasticPool.databaseMinCapacity : 0
+ databaseMaxCapacity: elasticPool.?databaseMaxCapacity ?? 2
+ databaseMinCapacity: elasticPool.?databaseMinCapacity ?? 0
  highAvailabilityReplicaCount: elasticPool.?highAvailabilityReplicaCount
- licenseType: contains(elasticPool, 'licenseType') ? elasticPool.licenseType : 'LicenseIncluded'
- maintenanceConfigurationId: contains(elasticPool, 'maintenanceConfigurationId')
- ? elasticPool.maintenanceConfigurationId
- : ''
- maxSizeBytes: contains(elasticPool, 'maxSizeBytes') ? elasticPool.maxSizeBytes : 34359738368
+ licenseType: elasticPool.?licenseType ?? 'LicenseIncluded'
+ maintenanceConfigurationId: elasticPool.?maintenanceConfigurationId ?? ''
+ maxSizeBytes: elasticPool.?maxSizeBytes ?? 34359738368
  minCapacity: elasticPool.?minCapacity
- skuCapacity: contains(elasticPool, 'skuCapacity') ? elasticPool.skuCapacity : 2
- skuName: contains(elasticPool, 'skuName') ? elasticPool.skuName : 'GP_Gen5'
- skuTier: contains(elasticPool, 'skuTier') ? elasticPool.skuTier : 'GeneralPurpose'
- zoneRedundant: contains(elasticPool, 'zoneRedundant') ? elasticPool.zoneRedundant : true
+ skuCapacity: elasticPool.?skuCapacity ?? 2
+ skuName: elasticPool.?skuName ?? 'GP_Gen5'
+ skuTier: elasticPool.?skuTier ?? 'GeneralPurpose'
+ zoneRedundant: elasticPool.?zoneRedundant ?? true
  location: location
  tags: elasticPool.?tags ?? tags
  }
@@ -370,8 +364,8 @@ module server_firewallRules 'firewall-rule/main.bicep' = [
  params: {
  name: firewallRule.name
  serverName: server.name
- endIpAddress: contains(firewallRule, 'endIpAddress') ? firewallRule.endIpAddress : '0.0.0.0'
- startIpAddress: contains(firewallRule, 'startIpAddress') ? firewallRule.startIpAddress : '0.0.0.0'
+ endIpAddress: firewallRule.?endIpAddress ?? '0.0.0.0'
+ startIpAddress: firewallRule.?startIpAddress ?? '0.0.0.0'
  }
  }
 ]
@@ -382,9 +376,7 @@ module server_virtualNetworkRules 'virtual-network-rule/main.bicep' = [
  params: {
  name: virtualNetworkRule.name
  serverName: server.name
- ignoreMissingVnetServiceEndpoint: contains(virtualNetworkRule, 'ignoreMissingVnetServiceEndpoint')
- ? virtualNetworkRule.ignoreMissingVnetServiceEndpoint
- : false
+ ignoreMissingVnetServiceEndpoint: virtualNetworkRule.?ignoreMissingVnetServiceEndpoint ?? false
  virtualNetworkSubnetId: virtualNetworkRule.virtualNetworkSubnetId
  }
  }
@@ -396,17 +388,13 @@ module server_securityAlertPolicies 'security-alert-policy/main.bicep' = [
  params: {
  name: securityAlertPolicy.name
  serverName: server.name
- disabledAlerts: contains(securityAlertPolicy, 'disabledAlerts') ? securityAlertPolicy.disabledAlerts : []
- emailAccountAdmins: contains(securityAlertPolicy, 'emailAccountAdmins')
- ? securityAlertPolicy.emailAccountAdmins
- : false
- emailAddresses: contains(securityAlertPolicy, 'emailAddresses') ? securityAlertPolicy.emailAddresses : []
- retentionDays: contains(securityAlertPolicy, 'retentionDays') ? securityAlertPolicy.retentionDays : 0
- state: contains(securityAlertPolicy, 'state') ? securityAlertPolicy.state : 'Disabled'
- storageAccountAccessKey: contains(securityAlertPolicy, 'storageAccountAccessKey')
- ? securityAlertPolicy.storageAccountAccessKey
- : ''
- storageEndpoint: contains(securityAlertPolicy, 'storageEndpoint') ? securityAlertPolicy.storageEndpoint : ''
+ disabledAlerts: securityAlertPolicy.?disabledAlerts ?? []
+ emailAccountAdmins: securityAlertPolicy.?emailAccountAdmins ?? false
+ emailAddresses: securityAlertPolicy.?emailAddresses ?? []
+ retentionDays: securityAlertPolicy.?retentionDays ?? 0
+ state: securityAlertPolicy.?state ?? 'Disabled'
+ storageAccountAccessKey: securityAlertPolicy.?storageAccountAccessKey ?? ''
+ storageEndpoint: securityAlertPolicy.?storageEndpoint ?? ''
  }
  }
 ]
@@ -416,25 +404,12 @@ module server_vulnerabilityAssessment 'vulnerability-assessment/main.bicep' = if
  params: {
  serverName: server.name
  name: vulnerabilityAssessmentsObj.name
- recurringScansEmails: contains(vulnerabilityAssessmentsObj, 'recurringScansEmails')
- ? vulnerabilityAssessmentsObj.recurringScansEmails
- : []
- recurringScansEmailSubscriptionAdmins: contains(
- vulnerabilityAssessmentsObj,
- 'recurringScansEmailSubscriptionAdmins'
- )
- ? vulnerabilityAssessmentsObj.recurringScansEmailSubscriptionAdmins
- : false
- recurringScansIsEnabled: contains(vulnerabilityAssessmentsObj, 'recurringScansIsEnabled')
- ? vulnerabilityAssessmentsObj.recurringScansIsEnabled
- : false
+ recurringScansEmails: vulnerabilityAssessmentsObj.?recurringScansEmails ?? []
+ recurringScansEmailSubscriptionAdmins: vulnerabilityAssessmentsObj.?recurringScansEmailSubscriptionAdmins ?? false
+ recurringScansIsEnabled: vulnerabilityAssessmentsObj.?recurringScansIsEnabled ?? false
  storageAccountResourceId: vulnerabilityAssessmentsObj.storageAccountResourceId
- useStorageAccountAccessKey: contains(vulnerabilityAssessmentsObj, 'useStorageAccountAccessKey')
- ? vulnerabilityAssessmentsObj.useStorageAccountAccessKey
- : false
- createStorageRoleAssignment: contains(vulnerabilityAssessmentsObj, 'createStorageRoleAssignment')
- ? vulnerabilityAssessmentsObj.createStorageRoleAssignment
- : true
+ useStorageAccountAccessKey: vulnerabilityAssessmentsObj.?useStorageAccountAccessKey ?? false
+ createStorageRoleAssignment: vulnerabilityAssessmentsObj.?createStorageRoleAssignment ?? true
  }
  dependsOn: [
  server_securityAlertPolicies
@@ -447,8 +422,8 @@ module server_keys 'key/main.bicep' = [
  params: {
  name: key.?name
  serverName: server.name
- serverKeyType: contains(key, 'serverKeyType') ? key.serverKeyType : 'ServiceManaged'
- uri: contains(key, 'uri') ? key.uri : ''
+ serverKeyType: key.?serverKeyType ?? 'ServiceManaged'
+ uri: key.?uri ?? ''
  }
  }
 ]
@@ -458,12 +433,8 @@ module server_encryptionProtector 'encryption-protector/main.bicep' = if (!empty
  params: {
  sqlServerName: server.name
  serverKeyName: encryptionProtectorObj.serverKeyName
- serverKeyType: contains(encryptionProtectorObj, 'serverKeyType')
- ? encryptionProtectorObj.serverKeyType
- : 'ServiceManaged'
- autoRotationEnabled: contains(encryptionProtectorObj, 'autoRotationEnabled')
- ? encryptionProtectorObj.autoRotationEnabled
- : true
+ serverKeyType: encryptionProtectorObj.?serverKeyType ?? 'ServiceManaged'
+ autoRotationEnabled: encryptionProtectorObj.?autoRotationEnabled ?? true
  }
  dependsOn: [
  server_keys