feat: Replications and WAF alignment for App Store - `avm/res/app-con…

…figuration/configuration-store` (#1696) ## Description - Added replicas - Update settings per pester results - ReadMes Update - Configured replicas for WAF alignment - Removed orphan Markdown Fixes #1502 Closes #1502 --> ## Pipeline Reference  | Pipeline | | -------- | | [![avm.res.app-configuration.configuration-store](https://github.com/JFolberth/bicep-registry-modules/actions/workflows/avm.res.app-configuration.configuration-store.yml/badge.svg)](https://github.com/JFolberth/bicep-registry-modules/actions/workflows/avm.res.app-configuration.configuration-store.yml)| ## Type of Change  - [ ] Update to CI Environment or utlities (Non-module effecting changes) - [x] Azure Verified Module updates: - [ ] Bugfix containing backwards compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [ ] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [x] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] Breaking changes and I have bumped the MAJOR version in `version.json`. - [x] Update to documentation ## Checklist - [x] I'm sure there are no other open Pull Requests for the same update/change - [x] I have run `Set-AVMModule` locally to generate the supporting module files. - [x] My corresponding pipelines / checks run clean and green without any errors or warnings  --------- Co-authored-by: Erika Gressi <56914614+eriqua@users.noreply.github.com>
Azure · May 1, 2024 · 817153b · 817153b
1 parent 17bc023
commit 817153b
Show file tree

Hide file tree

Showing 16 changed files with 368 additions and 53 deletions.
diff --git a/avm/res/app-configuration/configuration-store/ORPHANED.md b/avm/res/app-configuration/configuration-store/ORPHANED.md
diff --git a/avm/res/app-configuration/configuration-store/README.md b/avm/res/app-configuration/configuration-store/README.md
@@ -1,10 +1,5 @@
 # App Configuration Stores `[Microsoft.AppConfiguration/configurationStores]`
 
-> ⚠️THIS MODULE IS CURRENTLY ORPHANED.⚠️
-> 
-> - Only security and bug fixes are being handled by the AVM core team at present.
-> - If interested in becoming the module owner of this orphaned module (must be Microsoft FTE), please look for the related "orphaned module" GitHub issue [here](https://aka.ms/AVM/OrphanedModules)!
-
 This module deploys an App Configuration Store.
 
 ## Navigation
@@ -22,6 +17,7 @@ This module deploys an App Configuration Store.
 | :-- | :-- |
 | `Microsoft.AppConfiguration/configurationStores` | [2023-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.AppConfiguration/2023-03-01/configurationStores) |
 | `Microsoft.AppConfiguration/configurationStores/keyValues` | [2023-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.AppConfiguration/2023-03-01/configurationStores/keyValues) |
+| `Microsoft.AppConfiguration/configurationStores/replicas` | [2023-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.AppConfiguration/2023-03-01/configurationStores/replicas) |
 | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
 | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
 | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
@@ -58,6 +54,7 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto
  // Required parameters
  name: 'accmin001'
  // Non-required parameters
+ enablePurgeProtection: '<enablePurgeProtection>'
  location: '<location>'
  }
 }
@@ -80,6 +77,9 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto
  "value": "accmin001"
  },
  // Non-required parameters
+ "enablePurgeProtection": {
+ "value": "<enablePurgeProtection>"
+ },
  "location": {
  "value": "<location>"
  }
@@ -112,8 +112,8 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto
  keyVaultResourceId: '<keyVaultResourceId>'
  userAssignedIdentityResourceId: '<userAssignedIdentityResourceId>'
  }
- disableLocalAuth: false
- enablePurgeProtection: false
+ disableLocalAuth: '<disableLocalAuth>'
+ enablePurgeProtection: '<enablePurgeProtection>'
  keyValues: [
  {
  contentType: 'contentType'
@@ -167,10 +167,10 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto
  }
  },
  "disableLocalAuth": {
- "value": false
+ "value": "<disableLocalAuth>"
  },
  "enablePurgeProtection": {
- "value": false
+ "value": "<enablePurgeProtection>"
  },
  "keyValues": {
  "value": [
@@ -239,8 +239,8 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto
  workspaceResourceId: '<workspaceResourceId>'
  }
  ]
- disableLocalAuth: false
- enablePurgeProtection: false
+ disableLocalAuth: '<disableLocalAuth>'
+ enablePurgeProtection: '<enablePurgeProtection>'
  keyValues: [
  {
  contentType: 'contentType'
@@ -270,6 +270,10 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto
  '<managedIdentityResourceId>'
  ]
  }
+ replicaLocations: [
+ 'centralus'
+ 'westus'
+ ]
  roleAssignments: [
  {
  principalId: '<principalId>'
@@ -334,10 +338,10 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto
  ]
  },
  "disableLocalAuth": {
- "value": false
+ "value": "<disableLocalAuth>"
  },
  "enablePurgeProtection": {
- "value": false
+ "value": "<enablePurgeProtection>"
  },
  "keyValues": {
  "value": [
@@ -376,6 +380,12 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto
  ]
  }
  },
+ "replicaLocations": {
+ "value": [
+ "centralus",
+ "westus"
+ ]
+ },
  "roleAssignments": {
  "value": [
  {
@@ -429,8 +439,7 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto
  name: 'accpe001'
  // Non-required parameters
  createMode: 'Default'
- disableLocalAuth: false
- enablePurgeProtection: false
+ enablePurgeProtection: '<enablePurgeProtection>'
  location: '<location>'
  privateEndpoints: [
  {
@@ -476,11 +485,8 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto
  "createMode": {
  "value": "Default"
  },
- "disableLocalAuth": {
- "value": false
- },
  "enablePurgeProtection": {
- "value": false
+ "value": "<enablePurgeProtection>"
  },
  "location": {
  "value": "<location>"
@@ -541,8 +547,8 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto
  workspaceResourceId: '<workspaceResourceId>'
  }
  ]
- disableLocalAuth: false
- enablePurgeProtection: false
+ disableLocalAuth: '<disableLocalAuth>'
+ enablePurgeProtection: '<enablePurgeProtection>'
  keyValues: [
  {
  contentType: 'contentType'
@@ -551,6 +557,10 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto
  }
  ]
  location: '<location>'
+ replicaLocations: [
+ 'centralus'
+ 'westus'
+ ]
  softDeleteRetentionInDays: 1
  tags: {
  Environment: 'Non-Prod'
@@ -592,10 +602,10 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto
  ]
  },
  "disableLocalAuth": {
- "value": false
+ "value": "<disableLocalAuth>"
  },
  "enablePurgeProtection": {
- "value": false
+ "value": "<enablePurgeProtection>"
  },
  "keyValues": {
  "value": [
@@ -609,6 +619,12 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto
  "location": {
  "value": "<location>"
  },
+ "replicaLocations": {
+ "value": [
+ "centralus",
+ "westus"
+ ]
+ },
  "softDeleteRetentionInDays": {
  "value": 1
  },
@@ -643,14 +659,15 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto
 | [`customerManagedKey`](#parameter-customermanagedkey) | object | The customer managed key definition. |
 | [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. |
 | [`disableLocalAuth`](#parameter-disablelocalauth) | bool | Disables all authentication methods other than AAD authentication. |
-| [`enablePurgeProtection`](#parameter-enablepurgeprotection) | bool | Property specifying whether protection against purge is enabled for this configuration store. |
+| [`enablePurgeProtection`](#parameter-enablepurgeprotection) | bool | Property specifying whether protection against purge is enabled for this configuration store. Defaults to true unless sku is set to Free, since purge protection is not available in Free tier. |
 | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. |
 | [`keyValues`](#parameter-keyvalues) | array | All Key / Values to create. Requires local authentication to be enabled. |
 | [`location`](#parameter-location) | string | Location for all Resources. |
 | [`lock`](#parameter-lock) | object | The lock settings of the service. |
 | [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. |
 | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. |
 | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. |
+| [`replicaLocations`](#parameter-replicalocations) | array | All Replicas to create. |
 | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. |
 | [`sku`](#parameter-sku) | string | Pricing tier of App Configuration. |
 | [`softDeleteRetentionInDays`](#parameter-softdeleteretentionindays) | int | The amount of time in days that the configuration store will be retained when it is soft deleted. |
@@ -858,15 +875,15 @@ Disables all authentication methods other than AAD authentication.
 
 - Required: No
 - Type: bool
-- Default: `False`
+- Default: `True`
 
 ### Parameter: `enablePurgeProtection`
 
-Property specifying whether protection against purge is enabled for this configuration store.
+Property specifying whether protection against purge is enabled for this configuration store. Defaults to true unless sku is set to Free, since purge protection is not available in Free tier.
 
 - Required: No
 - Type: bool
-- Default: `False`
+- Default: `True`
 
 ### Parameter: `enableTelemetry`
 
@@ -1296,6 +1313,13 @@ Whether or not public network access is allowed for this resource. For security
  ]
  ```
 
+### Parameter: `replicaLocations`
+
+All Replicas to create.
+
+- Required: No
+- Type: array
+
 ### Parameter: `roleAssignments`
 
 Array of role assignments to create.

diff --git a/avm/res/app-configuration/configuration-store/key-value/main.json b/avm/res/app-configuration/configuration-store/key-value/main.json
@@ -5,8 +5,8 @@
  "metadata": {
  "_generator": {
  "name": "bicep",
- "version": "0.26.54.24096",
- "templateHash": "8492150446155311380"
+ "version": "0.26.170.59819",
+ "templateHash": "4987655092014889247"
  },
  "name": "App Configuration Stores Key Values",
  "description": "This module deploys an App Configuration Store Key Value.",

diff --git a/avm/res/app-configuration/configuration-store/main.bicep b/avm/res/app-configuration/configuration-store/main.bicep
@@ -26,10 +26,10 @@ param sku string = 'Standard'
 param createMode string = 'Default'
 
 @description('Optional. Disables all authentication methods other than AAD authentication.')
-param disableLocalAuth bool = false
+param disableLocalAuth bool = true
 
-@description('Optional. Property specifying whether protection against purge is enabled for this configuration store.')
-param enablePurgeProtection bool = false
+@description('Optional. Property specifying whether protection against purge is enabled for this configuration store. Defaults to true unless sku is set to Free, since purge protection is not available in Free tier.')
+param enablePurgeProtection bool = true
 
 @description('Optional. Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set.')
 @allowed([
@@ -49,6 +49,9 @@ param customerManagedKey customerManagedKeyType
 @description('Optional. All Key / Values to create. Requires local authentication to be enabled.')
 param keyValues array?
 
+@description('Optional. All Replicas to create.')
+param replicaLocations array?
+
 @description('Optional. The diagnostic settings of the service.')
 param diagnosticSettings diagnosticSettingType
 
@@ -198,6 +201,16 @@ module configurationStore_keyValues 'key-value/main.bicep' = [
  }
 ]
 
+module configurationStore_replicas 'replicas/main.bicep' = [
+ for (replicaLocation, index) in (replicaLocations ?? []): {
+ name: '${uniqueString(deployment().name, location)}-AppConfig-Replicas-${index}'
+ params: {
+ appConfigurationName: configurationStore.name
+ replicaLocation: replicaLocation
+ name: '${replicaLocation}replica'
+ }
+ }
+]
 resource configurationStore_lock 'Microsoft.Authorization/locks@2020-05-01' =
  if (!empty(lock ?? {}) && lock.?kind != 'None') {
  name: lock.?name ?? 'lock-${name}'