diff --git a/avm/res/app-configuration/configuration-store/ORPHANED.md b/avm/res/app-configuration/configuration-store/ORPHANED.md deleted file mode 100644 index ef8fa911d2..0000000000 --- a/avm/res/app-configuration/configuration-store/ORPHANED.md +++ /dev/null @@ -1,4 +0,0 @@ -⚠️THIS MODULE IS CURRENTLY ORPHANED.⚠️ - -- Only security and bug fixes are being handled by the AVM core team at present. -- If interested in becoming the module owner of this orphaned module (must be Microsoft FTE), please look for the related "orphaned module" GitHub issue [here](https://aka.ms/AVM/OrphanedModules)! \ No newline at end of file diff --git a/avm/res/app-configuration/configuration-store/README.md b/avm/res/app-configuration/configuration-store/README.md index c7d931c225..b02e2bf3be 100644 --- a/avm/res/app-configuration/configuration-store/README.md +++ b/avm/res/app-configuration/configuration-store/README.md @@ -1,10 +1,5 @@ # App Configuration Stores `[Microsoft.AppConfiguration/configurationStores]` -> ⚠️THIS MODULE IS CURRENTLY ORPHANED.⚠️ -> -> - Only security and bug fixes are being handled by the AVM core team at present. -> - If interested in becoming the module owner of this orphaned module (must be Microsoft FTE), please look for the related "orphaned module" GitHub issue [here](https://aka.ms/AVM/OrphanedModules)! - This module deploys an App Configuration Store. ## Navigation @@ -22,6 +17,7 @@ This module deploys an App Configuration Store. | :-- | :-- | | `Microsoft.AppConfiguration/configurationStores` | [2023-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.AppConfiguration/2023-03-01/configurationStores) | | `Microsoft.AppConfiguration/configurationStores/keyValues` | [2023-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.AppConfiguration/2023-03-01/configurationStores/keyValues) | +| `Microsoft.AppConfiguration/configurationStores/replicas` | [2023-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.AppConfiguration/2023-03-01/configurationStores/replicas) | | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | @@ -58,6 +54,7 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto // Required parameters name: 'accmin001' // Non-required parameters + enablePurgeProtection: '' location: '' } } @@ -80,6 +77,9 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto "value": "accmin001" }, // Non-required parameters + "enablePurgeProtection": { + "value": "" + }, "location": { "value": "" } @@ -112,8 +112,8 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto keyVaultResourceId: '' userAssignedIdentityResourceId: '' } - disableLocalAuth: false - enablePurgeProtection: false + disableLocalAuth: '' + enablePurgeProtection: '' keyValues: [ { contentType: 'contentType' @@ -167,10 +167,10 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto } }, "disableLocalAuth": { - "value": false + "value": "" }, "enablePurgeProtection": { - "value": false + "value": "" }, "keyValues": { "value": [ @@ -239,8 +239,8 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto workspaceResourceId: '' } ] - disableLocalAuth: false - enablePurgeProtection: false + disableLocalAuth: '' + enablePurgeProtection: '' keyValues: [ { contentType: 'contentType' @@ -270,6 +270,10 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto '' ] } + replicaLocations: [ + 'centralus' + 'westus' + ] roleAssignments: [ { principalId: '' @@ -334,10 +338,10 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto ] }, "disableLocalAuth": { - "value": false + "value": "" }, "enablePurgeProtection": { - "value": false + "value": "" }, "keyValues": { "value": [ @@ -376,6 +380,12 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto ] } }, + "replicaLocations": { + "value": [ + "centralus", + "westus" + ] + }, "roleAssignments": { "value": [ { @@ -429,8 +439,7 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto name: 'accpe001' // Non-required parameters createMode: 'Default' - disableLocalAuth: false - enablePurgeProtection: false + enablePurgeProtection: '' location: '' privateEndpoints: [ { @@ -476,11 +485,8 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto "createMode": { "value": "Default" }, - "disableLocalAuth": { - "value": false - }, "enablePurgeProtection": { - "value": false + "value": "" }, "location": { "value": "" @@ -541,8 +547,8 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto workspaceResourceId: '' } ] - disableLocalAuth: false - enablePurgeProtection: false + disableLocalAuth: '' + enablePurgeProtection: '' keyValues: [ { contentType: 'contentType' @@ -551,6 +557,10 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto } ] location: '' + replicaLocations: [ + 'centralus' + 'westus' + ] softDeleteRetentionInDays: 1 tags: { Environment: 'Non-Prod' @@ -592,10 +602,10 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto ] }, "disableLocalAuth": { - "value": false + "value": "" }, "enablePurgeProtection": { - "value": false + "value": "" }, "keyValues": { "value": [ @@ -609,6 +619,12 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto "location": { "value": "" }, + "replicaLocations": { + "value": [ + "centralus", + "westus" + ] + }, "softDeleteRetentionInDays": { "value": 1 }, @@ -643,7 +659,7 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto | [`customerManagedKey`](#parameter-customermanagedkey) | object | The customer managed key definition. | | [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. | | [`disableLocalAuth`](#parameter-disablelocalauth) | bool | Disables all authentication methods other than AAD authentication. | -| [`enablePurgeProtection`](#parameter-enablepurgeprotection) | bool | Property specifying whether protection against purge is enabled for this configuration store. | +| [`enablePurgeProtection`](#parameter-enablepurgeprotection) | bool | Property specifying whether protection against purge is enabled for this configuration store. Defaults to true unless sku is set to Free, since purge protection is not available in Free tier. | | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`keyValues`](#parameter-keyvalues) | array | All Key / Values to create. Requires local authentication to be enabled. | | [`location`](#parameter-location) | string | Location for all Resources. | @@ -651,6 +667,7 @@ module configurationStore 'br/public:avm/res/app-configuration/configuration-sto | [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`replicaLocations`](#parameter-replicalocations) | array | All Replicas to create. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`sku`](#parameter-sku) | string | Pricing tier of App Configuration. | | [`softDeleteRetentionInDays`](#parameter-softdeleteretentionindays) | int | The amount of time in days that the configuration store will be retained when it is soft deleted. | @@ -858,15 +875,15 @@ Disables all authentication methods other than AAD authentication. - Required: No - Type: bool -- Default: `False` +- Default: `True` ### Parameter: `enablePurgeProtection` -Property specifying whether protection against purge is enabled for this configuration store. +Property specifying whether protection against purge is enabled for this configuration store. Defaults to true unless sku is set to Free, since purge protection is not available in Free tier. - Required: No - Type: bool -- Default: `False` +- Default: `True` ### Parameter: `enableTelemetry` @@ -1296,6 +1313,13 @@ Whether or not public network access is allowed for this resource. For security ] ``` +### Parameter: `replicaLocations` + +All Replicas to create. + +- Required: No +- Type: array + ### Parameter: `roleAssignments` Array of role assignments to create. diff --git a/avm/res/app-configuration/configuration-store/key-value/main.json b/avm/res/app-configuration/configuration-store/key-value/main.json index cc5f75de77..e214bc0fa3 100644 --- a/avm/res/app-configuration/configuration-store/key-value/main.json +++ b/avm/res/app-configuration/configuration-store/key-value/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8492150446155311380" + "version": "0.26.170.59819", + "templateHash": "4987655092014889247" }, "name": "App Configuration Stores Key Values", "description": "This module deploys an App Configuration Store Key Value.", diff --git a/avm/res/app-configuration/configuration-store/main.bicep b/avm/res/app-configuration/configuration-store/main.bicep index 124481d13b..013c815a69 100644 --- a/avm/res/app-configuration/configuration-store/main.bicep +++ b/avm/res/app-configuration/configuration-store/main.bicep @@ -26,10 +26,10 @@ param sku string = 'Standard' param createMode string = 'Default' @description('Optional. Disables all authentication methods other than AAD authentication.') -param disableLocalAuth bool = false +param disableLocalAuth bool = true -@description('Optional. Property specifying whether protection against purge is enabled for this configuration store.') -param enablePurgeProtection bool = false +@description('Optional. Property specifying whether protection against purge is enabled for this configuration store. Defaults to true unless sku is set to Free, since purge protection is not available in Free tier.') +param enablePurgeProtection bool = true @description('Optional. Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set.') @allowed([ @@ -49,6 +49,9 @@ param customerManagedKey customerManagedKeyType @description('Optional. All Key / Values to create. Requires local authentication to be enabled.') param keyValues array? +@description('Optional. All Replicas to create.') +param replicaLocations array? + @description('Optional. The diagnostic settings of the service.') param diagnosticSettings diagnosticSettingType @@ -198,6 +201,16 @@ module configurationStore_keyValues 'key-value/main.bicep' = [ } ] +module configurationStore_replicas 'replicas/main.bicep' = [ + for (replicaLocation, index) in (replicaLocations ?? []): { + name: '${uniqueString(deployment().name, location)}-AppConfig-Replicas-${index}' + params: { + appConfigurationName: configurationStore.name + replicaLocation: replicaLocation + name: '${replicaLocation}replica' + } + } +] resource configurationStore_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { name: lock.?name ?? 'lock-${name}' diff --git a/avm/res/app-configuration/configuration-store/main.json b/avm/res/app-configuration/configuration-store/main.json index 9f862cd382..86cf5395bb 100644 --- a/avm/res/app-configuration/configuration-store/main.json +++ b/avm/res/app-configuration/configuration-store/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17308644596595948852" + "version": "0.26.170.59819", + "templateHash": "5307828183746392063" }, "name": "App Configuration Stores", "description": "This module deploys an App Configuration Store.", @@ -492,16 +492,16 @@ }, "disableLocalAuth": { "type": "bool", - "defaultValue": false, + "defaultValue": true, "metadata": { "description": "Optional. Disables all authentication methods other than AAD authentication." } }, "enablePurgeProtection": { "type": "bool", - "defaultValue": false, + "defaultValue": true, "metadata": { - "description": "Optional. Property specifying whether protection against purge is enabled for this configuration store." + "description": "Optional. Property specifying whether protection against purge is enabled for this configuration store. Defaults to true unless sku is set to Free, since purge protection is not available in Free tier." } }, "publicNetworkAccess": { @@ -537,6 +537,13 @@ "description": "Optional. All Key / Values to create. Requires local authentication to be enabled." } }, + "replicaLocations": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. All Replicas to create." + } + }, "diagnosticSettings": { "$ref": "#/definitions/diagnosticSettingType", "metadata": { @@ -779,8 +786,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8492150446155311380" + "version": "0.26.170.59819", + "templateHash": "4987655092014889247" }, "name": "App Configuration Stores Key Values", "description": "This module deploys an App Configuration Store Key Value.", @@ -870,6 +877,100 @@ "configurationStore" ] }, + "configurationStore_replicas": { + "copy": { + "name": "configurationStore_replicas", + "count": "[length(coalesce(parameters('replicaLocations'), createArray()))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-AppConfig-Replicas-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "appConfigurationName": { + "value": "[parameters('name')]" + }, + "replicaLocation": { + "value": "[coalesce(parameters('replicaLocations'), createArray())[copyIndex()]]" + }, + "name": { + "value": "[format('{0}replica', coalesce(parameters('replicaLocations'), createArray())[copyIndex()])]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.26.170.59819", + "templateHash": "3867721314598368740" + }, + "name": "App Configuration Replicas", + "description": "This module deploys an App Configuration Replica.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the replica." + } + }, + "appConfigurationName": { + "type": "string", + "metadata": { + "description": "Optional. The name of the parent app configuration store." + } + }, + "replicaLocation": { + "type": "string", + "metadata": { + "description": "Optional. Location of the replica." + } + } + }, + "resources": [ + { + "type": "Microsoft.AppConfiguration/configurationStores/replicas", + "apiVersion": "2023-03-01", + "name": "[format('{0}/{1}', parameters('appConfigurationName'), parameters('name'))]", + "location": "[parameters('replicaLocation')]" + } + ], + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the app configuration was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the replica that was deployed." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the replica that was deployed." + }, + "value": "[resourceId('Microsoft.AppConfiguration/configurationStores/replicas', parameters('appConfigurationName'), parameters('name'))]" + } + } + } + }, + "dependsOn": [ + "configurationStore" + ] + }, "configurationStore_privateEndpoints": { "copy": { "name": "configurationStore_privateEndpoints", diff --git a/avm/res/app-configuration/configuration-store/replicas/README.md b/avm/res/app-configuration/configuration-store/replicas/README.md new file mode 100644 index 0000000000..cdc6e702a2 --- /dev/null +++ b/avm/res/app-configuration/configuration-store/replicas/README.md @@ -0,0 +1,70 @@ +# App Configuration Replicas `[Microsoft.AppConfiguration/configurationStores/replicas]` + +This module deploys an App Configuration Replica. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) +- [Data Collection](#Data-Collection) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.AppConfiguration/configurationStores/replicas` | [2023-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.AppConfiguration/2023-03-01/configurationStores/replicas) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the replica. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`appConfigurationName`](#parameter-appconfigurationname) | string | The name of the parent app configuration store. | +| [`replicaLocation`](#parameter-replicalocation) | string | Location of the replica. | + +### Parameter: `name` + +Name of the replica. + +- Required: Yes +- Type: string + +### Parameter: `appConfigurationName` + +The name of the parent app configuration store. + +- Required: Yes +- Type: string + +### Parameter: `replicaLocation` + +Location of the replica. + +- Required: Yes +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the replica that was deployed. | +| `resourceGroupName` | string | The resource group the app configuration was deployed into. | +| `resourceId` | string | The resource ID of the replica that was deployed. | + +## Cross-referenced modules + +_None_ + +## Data Collection + +The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the [repository](https://aka.ms/avm/telemetry). There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at . You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices. diff --git a/avm/res/app-configuration/configuration-store/replicas/main.bicep b/avm/res/app-configuration/configuration-store/replicas/main.bicep new file mode 100644 index 0000000000..43e37d6d8d --- /dev/null +++ b/avm/res/app-configuration/configuration-store/replicas/main.bicep @@ -0,0 +1,31 @@ +metadata name = 'App Configuration Replicas' +metadata description = 'This module deploys an App Configuration Replica.' +metadata owner = 'Azure/module-maintainers' + +@description('Required. Name of the replica.') +param name string + +@description('Optional. The name of the parent app configuration store.') +param appConfigurationName string + +@description('Optional. Location of the replica.') +param replicaLocation string + +resource appConfiguration 'Microsoft.AppConfiguration/configurationStores@2023-03-01' existing = { + name: appConfigurationName +} + +resource replica 'Microsoft.AppConfiguration/configurationStores/replicas@2023-03-01' = { + name: name + parent: appConfiguration + location: replicaLocation +} + +@description('The resource group the app configuration was deployed into.') +output resourceGroupName string = resourceGroup().name + +@description('The name of the replica that was deployed.') +output name string = replica.name + +@description('The resource ID of the replica that was deployed.') +output resourceId string = replica.id diff --git a/avm/res/app-configuration/configuration-store/replicas/main.json b/avm/res/app-configuration/configuration-store/replicas/main.json new file mode 100644 index 0000000000..62607f0036 --- /dev/null +++ b/avm/res/app-configuration/configuration-store/replicas/main.json @@ -0,0 +1,65 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.26.170.59819", + "templateHash": "3867721314598368740" + }, + "name": "App Configuration Replicas", + "description": "This module deploys an App Configuration Replica.", + "owner": "Azure/module-maintainers" + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the replica." + } + }, + "appConfigurationName": { + "type": "string", + "metadata": { + "description": "Optional. The name of the parent app configuration store." + } + }, + "replicaLocation": { + "type": "string", + "metadata": { + "description": "Optional. Location of the replica." + } + } + }, + "resources": [ + { + "type": "Microsoft.AppConfiguration/configurationStores/replicas", + "apiVersion": "2023-03-01", + "name": "[format('{0}/{1}', parameters('appConfigurationName'), parameters('name'))]", + "location": "[parameters('replicaLocation')]" + } + ], + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the app configuration was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the replica that was deployed." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the replica that was deployed." + }, + "value": "[resourceId('Microsoft.AppConfiguration/configurationStores/replicas', parameters('appConfigurationName'), parameters('name'))]" + } + } +} \ No newline at end of file diff --git a/avm/res/app-configuration/configuration-store/tests/e2e/defaults/main.test.bicep b/avm/res/app-configuration/configuration-store/tests/e2e/defaults/main.test.bicep index 990968dd9a..c53e510fbd 100644 --- a/avm/res/app-configuration/configuration-store/tests/e2e/defaults/main.test.bicep +++ b/avm/res/app-configuration/configuration-store/tests/e2e/defaults/main.test.bicep @@ -43,6 +43,7 @@ module testDeployment '../../../main.bicep' = [ params: { name: '${namePrefix}${serviceShort}001' location: resourceLocation + enablePurgeProtection: false //Only for Testing purposes. Waf Aligned is true } } ] diff --git a/avm/res/app-configuration/configuration-store/tests/e2e/encr/main.test.bicep b/avm/res/app-configuration/configuration-store/tests/e2e/encr/main.test.bicep index 6c8874859b..0ff83adbcc 100644 --- a/avm/res/app-configuration/configuration-store/tests/e2e/encr/main.test.bicep +++ b/avm/res/app-configuration/configuration-store/tests/e2e/encr/main.test.bicep @@ -23,6 +23,9 @@ param baseTime string = utcNow('u') @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' +@description('Optional. Disables all authentication methods other than AAD authentication.') +param disableLocalAuth bool = false + // ============ // // Dependencies // // ============ // @@ -57,9 +60,9 @@ module testDeployment '../../../main.bicep' = [ params: { name: '${namePrefix}${serviceShort}001' location: resourceLocation + disableLocalAuth: disableLocalAuth createMode: 'Default' - disableLocalAuth: false - enablePurgeProtection: false + enablePurgeProtection: false //Only for Testing purposes. Waf Aligned is true keyValues: [ { contentType: 'contentType' diff --git a/avm/res/app-configuration/configuration-store/tests/e2e/max/main.test.bicep b/avm/res/app-configuration/configuration-store/tests/e2e/max/main.test.bicep index 5028ef0929..be0d37803b 100644 --- a/avm/res/app-configuration/configuration-store/tests/e2e/max/main.test.bicep +++ b/avm/res/app-configuration/configuration-store/tests/e2e/max/main.test.bicep @@ -20,6 +20,9 @@ param serviceShort string = 'accmax' @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' +@description('Optional. Disables all authentication methods other than AAD authentication.') +param disableLocalAuth bool = false + // ============ // // Dependencies // // ============ // @@ -66,7 +69,10 @@ module testDeployment '../../../main.bicep' = [ params: { name: '${namePrefix}${serviceShort}001' location: resourceLocation + disableLocalAuth: disableLocalAuth createMode: 'Default' + replicaLocations: ['centralus', 'westus'] + enablePurgeProtection: false //Only for Testing purposes. Waf Aligned is true diagnosticSettings: [ { name: 'customSetting' @@ -81,8 +87,6 @@ module testDeployment '../../../main.bicep' = [ workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId } ] - disableLocalAuth: false - enablePurgeProtection: false keyValues: [ { contentType: 'contentType' diff --git a/avm/res/app-configuration/configuration-store/tests/e2e/pe/main.test.bicep b/avm/res/app-configuration/configuration-store/tests/e2e/pe/main.test.bicep index 569c308146..b3221b8795 100644 --- a/avm/res/app-configuration/configuration-store/tests/e2e/pe/main.test.bicep +++ b/avm/res/app-configuration/configuration-store/tests/e2e/pe/main.test.bicep @@ -53,8 +53,7 @@ module testDeployment '../../../main.bicep' = [ name: '${namePrefix}${serviceShort}001' location: resourceLocation createMode: 'Default' - disableLocalAuth: false - enablePurgeProtection: false + enablePurgeProtection: false //Only for Testing purposes. Waf Aligned is true privateEndpoints: [ { privateDnsZoneResourceIds: [ diff --git a/avm/res/app-configuration/configuration-store/tests/e2e/waf-aligned/main.test.bicep b/avm/res/app-configuration/configuration-store/tests/e2e/waf-aligned/main.test.bicep index 6d3b70e64c..eb10d5c8c4 100644 --- a/avm/res/app-configuration/configuration-store/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/app-configuration/configuration-store/tests/e2e/waf-aligned/main.test.bicep @@ -20,6 +20,9 @@ param serviceShort string = 'accwaf' @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' +@description('Optional. Disables all authentication methods other than AAD authentication.') +param disableLocalAuth bool = false + // ============ // // Dependencies // // ============ // @@ -57,7 +60,10 @@ module testDeployment '../../../main.bicep' = [ params: { name: '${namePrefix}${serviceShort}001' location: resourceLocation + disableLocalAuth: disableLocalAuth createMode: 'Default' + replicaLocations: ['centralus', 'westus'] + enablePurgeProtection: false //Only for Testing purposes. Waf Aligned is true diagnosticSettings: [ { eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName @@ -66,8 +72,6 @@ module testDeployment '../../../main.bicep' = [ workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId } ] - disableLocalAuth: false - enablePurgeProtection: false keyValues: [ { contentType: 'contentType' diff --git a/avm/res/app-configuration/configuration-store/version.json b/avm/res/app-configuration/configuration-store/version.json index 83083db694..9481fea58e 100644 --- a/avm/res/app-configuration/configuration-store/version.json +++ b/avm/res/app-configuration/configuration-store/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.1", + "version": "0.2", "pathFilters": [ "./main.json" ] -} \ No newline at end of file +} diff --git a/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml b/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml index ed2666de72..b15a2d0b3e 100644 --- a/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml +++ b/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml @@ -31,6 +31,9 @@ spec: # Azure App Service - Azure.AppService.WebProbe # Supressed as the probe path is specific to the app - Azure.AppService.WebProbePath # Supressed as the probe path is specific to the app + # Azure App Configuration Store + - Azure.AppConfig.GeoReplica # Suppressed as geo-replication is WAF requirement but not required for min + - Azure.AppConfig.AuditLogs # Suppressed as Audit Logs are not required for min # Azure Front Door - Azure.FrontDoor.Probe # Supressed as the probe is being provided as parameter and we are not able to enforce as default value - Azure.FrontDoor.ProbeMethod # Supressed as the probe method is being provided as parameter and we are not able to enforce as default value diff --git a/avm/utilities/pipelines/staticValidation/psrule/ps-rule.yaml b/avm/utilities/pipelines/staticValidation/psrule/ps-rule.yaml index b241ac0b1a..75282bb02e 100644 --- a/avm/utilities/pipelines/staticValidation/psrule/ps-rule.yaml +++ b/avm/utilities/pipelines/staticValidation/psrule/ps-rule.yaml @@ -80,3 +80,4 @@ rule: - Azure.KeyVault.PurgeProtect - Azure.VM.UseHybridUseBenefit - Azure.Storage.UseReplication + - Azure.AppConfig.PurgeProtect