From 41314d960eba162c82efcde09ffe656c6db024b2 Mon Sep 17 00:00:00 2001 From: Wanpeng <97911035+wanpeng-cds@users.noreply.github.com> Date: Thu, 27 Oct 2022 12:46:19 -0400 Subject: [PATCH] Squashed commit of the following: (#24) commit c714e65b81d4bf5048bcf56351534a8be26c5c0c Author: Steve Keeler Date: Fri Oct 14 15:48:33 2022 -0400 Update CODEOWNERS (#344) Adding Barry Willis and Kevin Evans to the CODEOWNERS file for the entire repo commit b8a9bc91168f5afe9cb4c6ea35148714c11b4761 Author: Steve Keeler Date: Thu Sep 1 15:31:28 2022 -0400 Version August 2022 schema changes (#342) commit 5851a09acff454df0bb8bbb2d6406fcd9a8efb6d Author: Senthuran Sivananthan Date: Wed Aug 17 18:50:15 2022 -0400 Revised Event Hub Diagnostic Settings policy (#339) commit e5fe39930e55ae9cb62745499d1a520a098693df Author: Senthuran Sivananthan Date: Wed Aug 17 18:37:43 2022 -0400 Update diagnostic settings profile name (#337) commit db52627fe3769b7430c99be757f9761238b27adc Author: Senthuran Sivananthan Date: Wed Aug 17 18:17:12 2022 -0400 Suppress false positive linter warning: secure-secrets-in-params (#335) commit 2a6042d38ccd04844d9cc445e0a95ead182e5a6b Author: Senthuran Sivananthan Date: Wed Aug 17 17:59:13 2022 -0400 Network security group support for private endpoints subnet (#333) commit e069a4b6ac4f5be8d7614eeb5a67d0cfb3534e52 Author: Senthuran Sivananthan Date: Wed Aug 17 17:28:39 2022 -0400 Support data collection rule (#331) commit c2afa0d99717c56bacc211cfb5ed13234880d9a1 Author: Senthuran Sivananthan Date: Mon Aug 8 15:42:22 2022 -0400 Support azkms.core.windows.net and IPs in firewall allow list (#329) commit a7f521dcf919114a9441296407fc4dd06be46927 Author: Senthuran Sivananthan Date: Tue Jul 19 23:31:56 2022 -0400 Add missing log categories in diagnostic settings for Azure Firewall (#324) commit 60198bc19eb4d87d0bbebc24d4c2fe240d2297ab Author: Senthuran Sivananthan Date: Tue Jul 19 23:11:10 2022 -0400 Resolve linter warning: prefer-unquoted-property-names (#322) commit a4e53fffe4b1f2a2fdbf25ec92a181ef625dd240 Author: Sabyasachi Dasgupta Date: Mon Jul 18 16:44:01 2022 -0400 Update machinelearning.md (#327) commit 8fc587a6bf2e53e516ded633d96c652874ab5875 Author: Ifyagolu <55541295+Ifyagolu@users.noreply.github.com> Date: Fri Jun 24 17:05:28 2022 -0400 Fix typo in onboarding guidance (#320) commit e9a0962b7db12c5438782d2597afd494de5354b2 Author: Islam Gomaa Date: Fri May 27 16:13:52 2022 -0400 Reference the Guardrails Solution Accelerator for 30-day guardrail assessment (#313) commit 2b11801386654f6b3f68bd63c887d74ec7a4fdb8 Author: Senthuran Sivananthan Date: Thu May 19 10:38:55 2022 -0400 Add service health notification info (#310) commit bce747c9fdc96c2be78881a4dc9276351ff40b64 Author: Senthuran Sivananthan Date: Wed May 18 09:29:03 2022 -0400 Update resource group names for Logging & Networking (#309) Remove `-rg` suffix commit 6765c48680e47ccc380ab0df929e3cd1af4f8a5b Author: Senthuran Sivananthan Date: Tue May 17 15:14:33 2022 -0400 Serial defender plan deployments & revised resource/resource group names (#307) commit 62adb00d6a8561030b39272f1d710c2a4e0cfcba Author: Senthuran Sivananthan Date: Mon May 16 13:53:37 2022 -0400 Log Analytics solutions for SQL servers on machines (#303) commit c1a3b99c969f802d8325245387b617f21bc0c921 Author: Senthuran Sivananthan Date: Mon May 16 09:26:47 2022 -0400 Flexible policy deployment using PowerShell & GitHub Actions (#300) commit 0ce5c1ac9ef8ff728a19e608bf8bd3654b453cbb Author: Senthuran Sivananthan Date: Sun May 15 12:19:01 2022 -0400 Disable fail fast for matrix deployments (#297) commit c078a797d9be10bf1b2dc7bed01957637ddb73ea Author: Senthuran Sivananthan Date: Sun May 15 11:19:43 2022 -0400 Concurrent role deployment with PowerShell & GitHub Actions (#299) commit 31a214abbf65c10b106962b1493a1830e37f9702 Author: Senthuran Sivananthan Date: Sun May 15 10:39:08 2022 -0400 Disable metrics in diagnostic settings for AKS through Policy (#295) commit 6a90a2fe9d881730a32303fe6a10d1bbcc22f943 Author: Senthuran Sivananthan Date: Wed May 11 10:56:26 2022 -0400 Separate Azure Firewall Policy deployment switch & unique telemetry tracking for policy assignments (#289) commit c4133077e1d97a6beaa6e4811588236912d5c768 Author: Senthuran Sivananthan Date: Tue May 10 16:46:06 2022 -0400 Ensure multiple subscriptions can be moved to a management in parallel (#288) Ensure deployment name for moving subscription is unique commit 93d2f13847d56c195e2c170d314a3bbc5cfe5c63 Author: Senthuran Sivananthan Date: Tue May 10 14:53:18 2022 -0400 Support jobs in GitHub Actions (#286) commit 31e8d0ab602bfcf856c9134666eb4814817d6964 Author: Steve Keeler Date: Tue May 10 12:30:36 2022 -0400 Correct wiring of the subscriptions-ci pipeline and prompt for NVA firewall username & password (#285) commit 229b14466384252ba034546095f5c21a932cb6fc Author: Steve Keeler Date: Mon May 9 20:41:06 2022 -0400 Fix DeploySubscriptionIds parameter type casting (#282) commit 799ad52d778ebbc4fc4ed53d56c872d56ab2fc29 Author: Senthuran Sivananthan Date: Mon May 9 20:10:33 2022 -0400 Pass-thru secure strings as-is until ready for use (#281) commit a9c941948d51c59c758d07bce702bcb36aee70ec Author: Steve Keeler Date: Mon May 9 17:11:12 2022 -0400 Add environment configuration override and protect sensitive parameters (#280) commit ce6c27f4e02cf194b3b13574c2caf4b60f8e8205 Author: Senthuran Sivananthan Date: Mon May 9 11:23:57 2022 -0400 Support schema validation (#277) commit 1d8dbd7bafc62b402719fb187698cfd950e8e3df Author: Steve Keeler Date: Mon May 9 08:07:26 2022 -0400 GitHub workflow implementation (#276) Implement GitHub workflows to deploy the Azure Landing Zones for Canadian Public Sector commit 08d8f9256aaf3236a6920abe67e7d58b95887a0c Author: Senthuran Sivananthan Date: Mon May 2 16:03:02 2022 -0400 Deployment flow diagram (#274) commit db098e17a13f111c18aa3af33c81f1cb54979cd1 Author: Senthuran Sivananthan Date: Fri Apr 29 22:37:58 2022 -0400 Powershell deployment script for archetypes (#273) Support for deploying subscriptions commit 15c2847a4255108680937da0192d54ccc2d7f16c Author: Senthuran Sivananthan Date: Fri Apr 29 16:29:22 2022 -0400 PowerShell deployment scripts (#271) commit 352257187e7d03bf5abade4a18302bdd310ab82c Author: Senthuran Sivananthan Date: Wed Apr 27 18:10:23 2022 -0400 Snapshot ARM parameters JSON schemas (#268) commit 60f3b59013e27c549e2d57bd16fba2ea26bf12b5 Author: Senthuran Sivananthan Date: Wed Apr 27 17:29:58 2022 -0400 Organize deployment parameters for Hub Networking with NVA (#266) commit 926521a1c01ab420ccaa319d47516a2870cf3a15 Author: ghostme Date: Wed Apr 27 15:20:08 2022 -0400 Updated documentation (#267) commit d68824a2eed32c62cc199f374ba15ea732025241 Author: Senthuran Sivananthan Date: Mon Apr 25 14:32:25 2022 -0400 Organize deployment parameters for Hub Networking with Azure Firewall (#265) commit 2bc196a0960bfecb9c545226000c5c34dbbabec8 Author: Senthuran Sivananthan Date: Mon Apr 25 14:03:31 2022 -0400 Support for optional subnets in Machine Learning & Healthcare archetypes (#264) commit b33cd36261fd797834cdcbeebe53ce1262ef21ac Author: Senthuran Sivananthan Date: Thu Apr 21 09:32:43 2022 -0400 Update common.yml example (#262) commit 300835322afd2d85f34aa8b8ff5921d3839c2e6c Author: Senthuran Sivananthan Date: Wed Apr 20 12:44:45 2022 -0400 Removed extra configuration files (#260) commit 1ee5b9e736feca7270c4ad62d27c4366751f1cab Author: Senthuran Sivananthan Date: Wed Apr 20 11:56:14 2022 -0400 Revise subnet configuration for Healthcare archetype (#256) commit 72fe50db665710eabc8e6edffae5d658d0497822 Author: Senthuran Sivananthan Date: Wed Apr 20 11:43:09 2022 -0400 Revise subnet configuration for Machine Learning archetype (#254) commit 70833771ac433d5de7950423dd8085777bfb03be Author: Senthuran Sivananthan Date: Wed Apr 20 11:38:07 2022 -0400 Revise subnet configuration for Generic Subscription archetype (#252) commit 3d9c60d251a98b2ebc400aadb2c452f3f6262712 Author: Senthuran Sivananthan Date: Wed Apr 20 11:30:10 2022 -0400 Migrate Networking configuration to JSON parameters file (#250) commit 38fc344508cd6b4707aac0fca2e0cf3e8609a882 Author: Mohamed Sharaf Date: Wed Apr 20 10:29:52 2022 -0400 Azure Active Directory support for Synapse (#259) commit 89613dbc876831f543f2749cbe6f804278a65612 Author: Senthuran Sivananthan Date: Tue Apr 12 21:31:06 2022 -0400 Include new Databricks' log categories for diagnostic settings (#248) Add new databricks' log categories for diagnostic settings commit 700eb9645cbde1435bdda80b28faa03a52dee671 Author: Senthuran Sivananthan Date: Tue Apr 12 17:33:12 2022 -0400 Support multiple private dns zone configuration when updating private DNS Zones through Azure Policy (#246) Update Private DNS Zone policy to support multiple dnsZoneConfigs commit 1c3727990cc12a401c0ecebdbf31234d71c472ab Author: Senthuran Sivananthan Date: Mon Apr 11 11:24:00 2022 -0400 Support logging infrastructure for multiple regions in same subscription (#244) Ensure subscription scoped deployments are unique per region commit 0e258f96cd99c622665d382d73aeba1e78f52319 Author: Steve Keeler Date: Sat Apr 9 13:50:50 2022 -0400 Update azure-devops-pipelines.md (#242) commit bfe1f588adc59922145fcf9a47c19173130cf321 Author: Senthuran Sivananthan Date: Fri Apr 8 11:31:52 2022 -0400 Migrate Logging configuration to JSON parameters file (#236) commit cc5f017b01e06331d4246d5fc0286cf50d525470 Author: Senthuran Sivananthan Date: Fri Apr 8 10:26:12 2022 -0400 PBMM & HITRUST/HIPAA policy update (#238) commit 3259994f47c482153368a9fb115ce60b9e3488fb Author: Steve Keeler Date: Tue Apr 5 14:41:17 2022 -0400 Fix order of `platform-connectivity-hub-azfw-policy` pipeline listed in run-pipelines.bat script #233 (#234) commit cb96311bf94224c1cf94470320c9c8fec029e165 Author: ccmsft <98336965+ccmsft@users.noreply.github.com> Date: Mon Apr 4 09:39:17 2022 -0400 Updating recommendations to reflect licensing reqs (#229) commit 3ce2cf875b5d6c9464a0262f183a37f40399f8dd Author: Senthuran Sivananthan Date: Fri Apr 1 22:49:44 2022 -0400 Use built-in policy for Cosmos DB for Defender Plan (#232) * Use built-in policy for Cosmos DB for Defender Plan * Add branch config * Remove branch config commit d2f959a2550b694d79fb0aa6d1a9d2b8166090c8 Author: ghostme Date: Fri Apr 1 10:05:21 2022 -0400 Update networking documentation for generic subscription archetype (#230) commit 575440e4c629b1c00686ba62e5911749375832ff Author: ccmsft <98336965+ccmsft@users.noreply.github.com> Date: Wed Mar 30 23:36:35 2022 -0400 Initial GC 30-day cloud guardrails compliance/guidance (#226) Initial GC 30-day cloud guardrails doc commit 6b36096f2356255a967a7d9cd14dd04a5dc3b6ce Author: Senthuran Sivananthan Date: Wed Mar 30 22:40:17 2022 -0400 Externalize Log Analytics Workspace parameters when loading pipeline variables (#220) Externalize the log analytics parameters to load arbitary LAW variables commit 0210df4fd3a11dfcaee3a82f2da1e2315bf70400 Author: Senthuran Sivananthan Date: Wed Mar 30 21:51:30 2022 -0400 Flexible policy assignment parameters JSON files (#222) commit f25f95781d6f9f3c2169bbe4b148c3b748a6ac93 Author: Senthuran Sivananthan Date: Wed Mar 30 20:57:07 2022 -0400 Private DNS Policy - Change Cosmos DB namespace to Microsoft.DocumentDB (#228) * Change Cosmos DB namespace to Microsoft.DocumentDB * Add branch config * Remove branch config commit 453a0f8bc78dbf7a78c46d01f0cde28b3ab2bbaa Author: Steve Keeler Date: Wed Mar 30 19:00:07 2022 -0400 Improve `delete-management-groups.bat` script (#224) commit 2e5a56b04fd25149da78e77f396073945ba785f5 Author: Senthuran Sivananthan Date: Thu Mar 24 09:02:36 2022 -0400 Fix formatting (#218) commit bf5e94bcdee854db8fde7a8eb60d7886bc2c2191 Author: Senthuran Sivananthan Date: Wed Mar 23 23:01:02 2022 -0400 Add instructions for customizing policy set assignments (#215) commit 0538d4d7d8765fcd558c99fdbf7aa7d6655c8b95 Author: Senthuran Sivananthan Date: Wed Mar 23 22:57:00 2022 -0400 Document delete lock usage (#216) Document when and where delete locks are used commit 789b18a888290ada72d8fe2328097429ee9823d6 Author: Senthuran Sivananthan Date: Wed Mar 23 22:49:24 2022 -0400 Update OZ subnet name to App Management Zone (#217) commit 97c2904a773f94adf26cd52924f0dfccab985cdf Author: Senthuran Sivananthan Date: Fri Mar 11 21:59:40 2022 -0500 Backward compatibility when setting pipeline variables from management group hierarchy (#213) commit 30b9cc2060e96dd99b12743bb4c959181a403e91 Author: Adil Ha Date: Fri Mar 11 11:26:31 2022 -0500 fixing doc typo in hubnetwork-azfw (#211) Co-authored-by: Adil Ha commit 27363b730f34536fbf7f9994e08da7aa5af3c58e Author: Senthuran Sivananthan Date: Sat Mar 5 13:04:13 2022 -0500 Support Defender Plan for Cosmos DB (#200) Add CosmosDB Defender Plan and custom policy to deploy Defender Plan for Cosmos DB commit 81eccd1d54956f7c7addb2a969ebb3e62e99b588 Author: Senthuran Sivananthan Date: Sat Mar 5 12:48:45 2022 -0500 Delete Lock for Log Analytics Workspace resource group (#205) Add delete lock for LAW RG commit 678355f149698ecfdab6d10669e631702f1d9d49 Author: Steve Keeler Date: Sat Mar 5 11:03:46 2022 -0500 Fix pipeline scripts reference to `subscription-ci` (#207) commit 5753cf0e35a9f921c4cb59ec90db787e26d6d400 Author: Senthuran Sivananthan Date: Thu Mar 3 14:44:31 2022 -0500 Ensure values from multiline variables are properly logged (#202) Print multi-line environment variables (typically JSON objects) in Show Variables step commit d6b1c08fec1a96c332cf5abb758b16cd8bfede87 Author: Senthuran Sivananthan Date: Thu Mar 3 14:09:47 2022 -0500 Revise subscription deployment instructions (#201) * Redirect subscriptoin configuration guidance to archetype authoring guide doc * Revise instructions for creating ARM parameter files & management group id selection commit 5e7322ee0b64ffa379e1ac546972796a76407db7 Author: Senthuran Sivananthan Date: Wed Mar 2 08:22:35 2022 -0500 Instructions for backfilling management group hierarchy (#197) * Add instructions for backfilling management group hierarchy * Update section titles, links and reference backfill instruction as part of MG setup * Instructions for installing AzCLI and jq * Clearfy that Tenant Root Group could have been renamed in the organization * Windows Shell example * Update instructions to delete pipeline variables that will be automatically created when MG heirarchy is used * Note on YAML indentation commit 5d33909d70f821039df0deab2d26a5d180d7a16c Author: Preston K. Parsard Date: Tue Mar 1 10:46:04 2022 -0500 subscription(generic): add instructions for configuring parameters (#193) commit 17846c4959c5156dee905736e3631fa56193d9e7 Author: Steve Keeler Date: Sun Feb 27 20:30:20 2022 -0500 Show Variables fix (#191) commit c62dcfcd5862ae15196000e0fd481d214081c817 Author: Steve Keeler Date: Sun Feb 27 16:50:20 2022 -0500 Configurable management group hierarchy (#186) Implement configurable management group hierarchy commit 9a141f7e5bf238f21838898ff908b6fc7f6d8fcc Author: Preston K. Parsard Date: Sat Feb 26 19:45:35 2022 -0500 Update onboarding document Co-authored-by: Preston K. Parsard commit 6b6ef29fd266fe0b2c23fed5f1bf6cc3fdb5e4a8 Author: Senthuran Sivananthan Date: Sat Feb 26 18:22:48 2022 -0500 Snapshot JSON schemas to v0.4.0 (#182) commit 4dd1f4a901fbd44c54a32fdf9ac23f5ca5bed736 Author: Senthuran Sivananthan Date: Wed Feb 23 15:39:43 2022 -0500 Update onboarding doc for logging & networking management group settings (#177) * Fix markdown linter warnings * Add instruction for logging and networking MGs commit 5d7eec3a319524b5ded5f32e6db951566c365ffc Author: Steve Keeler Date: Wed Feb 23 12:51:20 2022 -0500 Update `create-pipelines.bat` onboarding script to auto-provision environment (#178) commit 488fc6e767639f3acd00a2dea11a8f2a6476379e Author: Senthuran Sivananthan Date: Tue Feb 22 09:05:20 2022 -0500 Instructions for Azure DevOps Environments (#175) * Instructions for creating ADO pipeline environments * Fix formatting commit edabd873d42a622fc5d1503c099c514bb4f2bd7f Author: Senthuran Sivananthan Date: Thu Feb 17 23:29:42 2022 -0500 Support for Tag inheritance from Subscription to Resource Group (#161) * Add policy and policy set to inherit tags from subscription to resource group * Add branch config for testing * Remove policy type as it's not built in * Updated resource type for resource group * Update policy assignment * Ensure assignment name is <= 24 chars * Revert resource group type * Setting mode to all * Update documentation * Add branch config * Add explicit dependsOn for subscription scaffolding to complete * Update test deployment parameters * Remove explicit dependsOn for subscription scaffolding to complete * Update doc to describe approaches for adding tags to RGs * Reduce the options for tagging resources given subscripton to RG tagging is available * Add example scenarios for tag inheritence * Fix typo * Remove branch configs * Resolve linter error: no-loc-expr-outside-params commit e71ed265f2267d35cd36d30bab217f9ecbb6891c Author: Senthuran Sivananthan Date: Wed Feb 16 20:09:19 2022 -0500 Linter: no-loc-expr-outside-params - ensure compliance (#169) * Update linter rules for location parameter * Add location parameter with default value based on resourceGroup() or deployment() * Update archetype schema and docs for location * Add branch config for testing * Update AKS version * Update branch config * Remove branch configs commit 6061fa0b930200d73e906e0bedefafeb35e43296 Author: Senthuran Sivananthan Date: Thu Feb 10 16:49:42 2022 -0500 Repository clean up (#165) * Remove obsolete directory * Rotate resource group names for E2E deployments * Fix typo * Add branch config for testing * Fix typo * Remove branch configs * Remove timestamp from sample JSON templates. Timestamps are kept for E2E testing. * Remove date stamp commit 5104f393a618a0f0f7072100fd810df4534a3210 Author: Steve Keeler Date: Thu Feb 10 09:08:17 2022 -0500 Update DevOps Onboarding section of main readme (#162) commit 209f61cf72ac91555f8b2171dcf84c6daae6a7cc Author: Senthuran Sivananthan Date: Thu Feb 10 09:06:31 2022 -0500 Update Deployment Script's Azure CLI version to 2.32.0 (#164) Update Azure CLI version to 2.32.0 commit d7d52570c8dce3ed8bcc3b809191d1cd2ddf5e3f Author: Steve Keeler Date: Mon Feb 7 13:51:17 2022 -0500 Issue #157 - Update scripts documentation (#158) Update scripts documentation (Issue #157) Update docs/onboarding/azure-devops-scripts.md Co-authored-by: Senthuran Sivananthan commit b628c68ff84bb5b8796d6821161450010d19ce3b Author: Senthuran Sivananthan Date: Fri Feb 4 12:42:31 2022 -0500 Enhance PBMM policy assignment to disable diagnostic settings metrics (#156) Ensure diagnostic settings policy only checks for logs commit 61afd59bb6d7f6c2a37518d41c64ced985cafd92 Author: Senthuran Sivananthan Date: Mon Jan 31 12:52:09 2022 -0500 Snapshot landing zone schema to v0.3.0 (#152) commit 09f09ede5613cf600441616831f762595aecdbed Author: Steve Keeler Date: Mon Jan 31 09:20:20 2022 -0500 Automation scripts for Azure DevOps onboarding (#151) Implement #150, scripts and documentation commit 82dd82606059a6643d7de294cb1f15afab41cd94 Author: SlavaRoikhman <52217047+SlavaRoikhman@users.noreply.github.com> Date: Thu Jan 27 13:32:41 2022 -0500 Removed 'privatelink.monitor.azure.com' from Private DNS Zones (#149) commit 73ce2eb316175f1bf86135010d5f35ce9bbc6da7 Author: Senthuran Sivananthan Date: Fri Jan 21 23:23:45 2022 -0500 Flexible policy assignment scope (#147) * Add deployment scope for policy assignment * Add branch test config * Set new parameter for policy assignment scope: var-policyAssignmentManagementGroupId * Update pipeline for new var * Add separate scope for testing * Update pipeline parameter name * Ensure new temp file is created to populate the parameters. * Remove test job * Remove branch config * Update readme * Update authoring guide with new parameter commit c71051b21804f0b069acc02718ced57840863e86 Author: hudua <40040433+hudua@users.noreply.github.com> Date: Fri Jan 21 14:21:08 2022 -0500 Private Endpoint for App Service (#144) commit fff245db0c7f94221ce73404a2c5fb1a9ad44207 Author: Senthuran Sivananthan Date: Fri Jan 21 10:51:43 2022 -0500 Diagnostic Settings Policies for PaaS services (#143) * Add diagnostic settings policies for data services * Add branch config for testing * Add missing types for auditing * Add diagnostic setting policies for compute services * Add diagnostic setting policies for integration services * Add diagnostic setting policies for network services * Remove policy for ACI since it doesn't have logs to collect * Remove extra resource type * Set region to 'global' for edge services * Remove branch config. used for testing * Updated App Service log categories * Add branch config * Remove branch config Co-authored-by: Wanpeng Yang --- .github/CODEOWNERS | 2 +- .../landingzones/lz-generic-subscription.json | 265 ++++ .../v0.6.0/landingzones/lz-healthcare.json | 342 +++++ .../landingzones/lz-machinelearning.json | 363 ++++++ ...platform-connectivity-hub-azfw-policy.json | 71 + .../lz-platform-connectivity-hub-azfw.json | 433 +++++++ .../lz-platform-connectivity-hub-nva.json | 565 ++++++++ .../landingzones/lz-platform-logging.json | 223 ++++ schemas/v0.6.0/landingzones/types/aks.json | 134 ++ schemas/v0.6.0/landingzones/types/aml.json | 31 + .../types/appServiceLinuxContainer.json | 65 + .../v0.6.0/landingzones/types/automation.json | 31 + .../types/backupRecoveryVault.json | 53 + .../v0.6.0/landingzones/types/hubNetwork.json | 93 ++ .../v0.6.0/landingzones/types/keyVault.json | 31 + .../v0.6.0/landingzones/types/location.json | 18 + .../types/logAnalyticsWorkspaceId.json | 18 + .../landingzones/types/resourceTags.json | 26 + .../landingzones/types/securityCenter.json | 35 + .../types/serviceHealthAlerts.json | 120 ++ schemas/v0.6.0/landingzones/types/sqldb.json | 143 +++ schemas/v0.6.0/landingzones/types/sqlmi.json | 53 + .../types/subscriptionBudget.json | 68 + .../types/subscriptionRoleAssignments.json | 47 + .../landingzones/types/subscriptionTags.json | 26 + .../v0.6.0/landingzones/types/synapse.json | 84 ++ schemas/v0.6.0/readme.md | 1143 +++++++++++++++++ .../FullDeployment-With-Location.json | 2 +- .../FullDeployment-With-Location.json | 2 +- .../FullDeployment-With-OptionalSubnets.json | 2 +- 30 files changed, 4485 insertions(+), 4 deletions(-) create mode 100644 schemas/v0.6.0/landingzones/lz-generic-subscription.json create mode 100644 schemas/v0.6.0/landingzones/lz-healthcare.json create mode 100644 schemas/v0.6.0/landingzones/lz-machinelearning.json create mode 100644 schemas/v0.6.0/landingzones/lz-platform-connectivity-hub-azfw-policy.json create mode 100644 schemas/v0.6.0/landingzones/lz-platform-connectivity-hub-azfw.json create mode 100644 schemas/v0.6.0/landingzones/lz-platform-connectivity-hub-nva.json create mode 100644 schemas/v0.6.0/landingzones/lz-platform-logging.json create mode 100644 schemas/v0.6.0/landingzones/types/aks.json create mode 100644 schemas/v0.6.0/landingzones/types/aml.json create mode 100644 schemas/v0.6.0/landingzones/types/appServiceLinuxContainer.json create mode 100644 schemas/v0.6.0/landingzones/types/automation.json create mode 100644 schemas/v0.6.0/landingzones/types/backupRecoveryVault.json create mode 100644 schemas/v0.6.0/landingzones/types/hubNetwork.json create mode 100644 schemas/v0.6.0/landingzones/types/keyVault.json create mode 100644 schemas/v0.6.0/landingzones/types/location.json create mode 100644 schemas/v0.6.0/landingzones/types/logAnalyticsWorkspaceId.json create mode 100644 schemas/v0.6.0/landingzones/types/resourceTags.json create mode 100644 schemas/v0.6.0/landingzones/types/securityCenter.json create mode 100644 schemas/v0.6.0/landingzones/types/serviceHealthAlerts.json create mode 100644 schemas/v0.6.0/landingzones/types/sqldb.json create mode 100644 schemas/v0.6.0/landingzones/types/sqlmi.json create mode 100644 schemas/v0.6.0/landingzones/types/subscriptionBudget.json create mode 100644 schemas/v0.6.0/landingzones/types/subscriptionRoleAssignments.json create mode 100644 schemas/v0.6.0/landingzones/types/subscriptionTags.json create mode 100644 schemas/v0.6.0/landingzones/types/synapse.json create mode 100644 schemas/v0.6.0/readme.md diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index ad549db7..ad259099 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,2 +1,2 @@ # These owners will be the default owners for everything in the repo. -* @hudua @SenthuranSivananthan @skeeler +* @hudua @SenthuranSivananthan @skeeler @kevinevans @bawillis diff --git a/schemas/v0.6.0/landingzones/lz-generic-subscription.json b/schemas/v0.6.0/landingzones/lz-generic-subscription.json new file mode 100644 index 00000000..31a931cb --- /dev/null +++ b/schemas/v0.6.0/landingzones/lz-generic-subscription.json @@ -0,0 +1,265 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "$ref": "#/definitions/GenericSubscriptionArchetypeDefinition", + "definitions": { + "GenericSubscriptionArchetypeDefinition": { + "type": "object", + "additionalProperties": false, + "properties": { + "$schema": { + "type": "string", + "format": "uri", + "qt-uri-protocols": [ + "https" + ], + "qt-uri-extensions": [ + ".json" + ] + }, + "contentVersion": { + "type": "string" + }, + "parameters": { + "$ref": "#/definitions/Parameters" + } + }, + "required": [ + "$schema", + "contentVersion", + "parameters" + ], + "title": "GenericSubscriptionArchetypeDefinition" + }, + "Parameters": { + "type": "object", + "additionalProperties": false, + "properties": { + "location": { + "$ref": "types/location.json#/definitions/Location" + }, + "serviceHealthAlerts": { + "$ref": "types/serviceHealthAlerts.json#/definitions/ServiceHealthAlerts" + }, + "securityCenter": { + "$ref": "types/securityCenter.json#/definitions/SecurityCenter" + }, + "subscriptionRoleAssignments": { + "$ref": "types/subscriptionRoleAssignments.json#/definitions/SubscriptionRoleAssignments" + }, + "subscriptionBudget": { + "$ref": "types/subscriptionBudget.json#/definitions/SubscriptionBudget" + }, + "subscriptionTags": { + "$ref": "types/subscriptionTags.json#/definitions/SubscriptionTags" + }, + "resourceTags": { + "$ref": "types/resourceTags.json#/definitions/ResourceTags" + }, + "logAnalyticsWorkspaceResourceId": { + "$ref": "types/logAnalyticsWorkspaceId.json#/definitions/LogAnalyticsWorkspaceId" + }, + "resourceGroups": { + "$ref": "#/definitions/ResourceGroups" + }, + "automation": { + "$ref": "types/automation.json#/definitions/Automation" + }, + "backupRecoveryVault": { + "$ref": "types/backupRecoveryVault.json#/definitions/RecoveryVault" + }, + "hubNetwork": { + "$ref": "types/hubNetwork.json#/definitions/HubNetworkWithoutPrivateDNS" + }, + "network": { + "$ref": "#/definitions/Network" + } + }, + "required": [ + "resourceTags", + "securityCenter", + "serviceHealthAlerts", + "subscriptionBudget", + "subscriptionRoleAssignments", + "subscriptionTags", + "resourceGroups", + "automation", + "hubNetwork", + "network", + "backupRecoveryVault" + ], + "title": "Parameters" + }, + "ResourceGroups": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "$ref": "#/definitions/ResourceGroupsValue" + } + }, + "required": [ + "value" + ], + "title": "ResourceGroups" + }, + "ResourceGroupsValue": { + "type": "object", + "additionalProperties": false, + "properties": { + "automation": { + "type": "string" + }, + "backupRecoveryVault": { + "type": "string" + }, + "networking": { + "type": "string" + }, + "networkWatcher": { + "type": "string" + } + }, + "required": [ + "automation", + "networkWatcher", + "networking", + "backupRecoveryVault" + ], + "title": "ResourceGroupsValue" + }, + "Network": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "$ref": "#/definitions/NetworkValue" + } + }, + "required": [ + "value" + ], + "title": "Network" + }, + "NetworkValue": { + "type": "object", + "additionalProperties": false, + "properties": { + "deployVnet": { + "type": "boolean" + }, + "peerToHubVirtualNetwork": { + "type": "boolean" + }, + "useRemoteGateway": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "dnsServers": { + "type": "array", + "items": { + "type": "string" + } + }, + "addressPrefixes": { + "type": "array", + "items": { + "type": "string" + } + }, + "subnets": { + "$ref": "#/definitions/Subnets" + } + }, + "required": [ + "addressPrefixes", + "deployVnet", + "dnsServers", + "name", + "peerToHubVirtualNetwork", + "subnets", + "useRemoteGateway" + ], + "title": "NetworkValue" + }, + "Subnets": { + "type": "array", + "items": { + "$ref": "#/definitions/Subnet" + }, + "title": "Subnets" + }, + "Delegations": { + "type": "object", + "additionalProperties": false, + "properties": { + "serviceName": { + "type": "string" + } + }, + "required": [ + "serviceName" + ], + "title": "Delegations" + }, + "Nsg": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "title": "Nsg" + }, + "Udr": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "title": "Udr" + }, + "Subnet": { + "type": "object", + "additionalProperties": false, + "properties": { + "comments": { + "type": "string" + }, + "name": { + "type": "string" + }, + "addressPrefix": { + "type": "string" + }, + "nsg": { + "$ref": "#/definitions/Nsg" + }, + "udr": { + "$ref": "#/definitions/Udr" + }, + "delegations": { + "$ref": "#/definitions/Delegations" + } + }, + "required": [ + "addressPrefix", + "comments", + "name", + "nsg", + "udr" + ], + "title": "subnet" + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/lz-healthcare.json b/schemas/v0.6.0/landingzones/lz-healthcare.json new file mode 100644 index 00000000..a12b487f --- /dev/null +++ b/schemas/v0.6.0/landingzones/lz-healthcare.json @@ -0,0 +1,342 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "$ref": "#/definitions/HealthcareArchetypeDefinition", + "definitions": { + "HealthcareArchetypeDefinition": { + "type": "object", + "additionalProperties": false, + "properties": { + "$schema": { + "type": "string", + "format": "uri", + "qt-uri-protocols": [ + "https" + ], + "qt-uri-extensions": [ + ".json" + ] + }, + "contentVersion": { + "type": "string" + }, + "parameters": { + "$ref": "#/definitions/Parameters" + } + }, + "required": [ + "$schema", + "contentVersion", + "parameters" + ], + "title": "HealthcareArchetypeDefinition" + }, + "Parameters": { + "type": "object", + "additionalProperties": false, + "properties": { + "location": { + "$ref": "types/location.json#/definitions/Location" + }, + "serviceHealthAlerts": { + "$ref": "types/serviceHealthAlerts.json#/definitions/ServiceHealthAlerts" + }, + "securityCenter": { + "$ref": "types/securityCenter.json#/definitions/SecurityCenter" + }, + "subscriptionRoleAssignments": { + "$ref": "types/subscriptionRoleAssignments.json#/definitions/SubscriptionRoleAssignments" + }, + "subscriptionBudget": { + "$ref": "types/subscriptionBudget.json#/definitions/SubscriptionBudget" + }, + "subscriptionTags": { + "$ref": "types/subscriptionTags.json#/definitions/SubscriptionTags" + }, + "resourceTags": { + "$ref": "types/resourceTags.json#/definitions/ResourceTags" + }, + "logAnalyticsWorkspaceResourceId": { + "$ref": "types/logAnalyticsWorkspaceId.json#/definitions/LogAnalyticsWorkspaceId" + }, + "useCMK": { + "$ref": "#/definitions/UseCMK" + }, + "resourceGroups": { + "$ref": "#/definitions/ResourceGroups" + }, + "automation": { + "$ref": "types/automation.json#/definitions/Automation" + }, + "keyVault": { + "$ref": "types/keyVault.json#/definitions/KeyVault" + }, + "sqldb": { + "$ref": "types/sqldb.json#/definitions/SQLDB" + }, + "synapse": { + "$ref": "types/synapse.json#/definitions/Synapse" + }, + "hubNetwork": { + "$ref": "types/hubNetwork.json#/definitions/HubNetworkWithPrivateDNS" + }, + "network": { + "$ref": "#/definitions/Network" + } + }, + "required": [ + "resourceTags", + "securityCenter", + "serviceHealthAlerts", + "subscriptionBudget", + "subscriptionRoleAssignments", + "subscriptionTags", + "useCMK", + "resourceGroups", + "automation", + "keyVault", + "sqldb", + "hubNetwork" + ], + "title": "Parameters" + }, + "UseCMK": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "type": "boolean" + } + }, + "required": [ + "value" + ], + "title": "UseCMK" + }, + "ResourceGroups": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "$ref": "#/definitions/ResourceGroupsValue" + } + }, + "required": [ + "value" + ], + "title": "ResourceGroups" + }, + "ResourceGroupsValue": { + "type": "object", + "additionalProperties": false, + "properties": { + "automation": { + "type": "string" + }, + "compute": { + "type": "string" + }, + "monitor": { + "type": "string" + }, + "networking": { + "type": "string" + }, + "networkWatcher": { + "type": "string" + }, + "security": { + "type": "string" + }, + "storage": { + "type": "string" + } + }, + "required": [ + "automation", + "compute", + "monitor", + "networkWatcher", + "networking", + "security", + "storage" + ], + "title": "ResourceGroupsValue" + }, + "Network": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "$ref": "#/definitions/NetworkValue" + } + }, + "required": [ + "value" + ], + "title": "Network" + }, + "NetworkValue": { + "type": "object", + "additionalProperties": false, + "properties": { + "peerToHubVirtualNetwork": { + "type": "boolean" + }, + "useRemoteGateway": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "dnsServers": { + "type": "array", + "items": { + "type": "string" + } + }, + "addressPrefixes": { + "type": "array", + "items": { + "type": "string" + } + }, + "subnets": { + "$ref": "#/definitions/Subnets" + } + }, + "required": [ + "addressPrefixes", + "dnsServers", + "name", + "peerToHubVirtualNetwork", + "subnets", + "useRemoteGateway" + ], + "title": "NetworkValue" + }, + "Subnets": { + "type": "object", + "additionalProperties": false, + "properties": { + "databricksPublic": { + "$ref": "#/definitions/Subnet" + }, + "databricksPrivate": { + "$ref": "#/definitions/Subnet" + }, + "privateEndpoints": { + "$ref": "#/definitions/Subnet" + }, + "web": { + "$ref": "#/definitions/Subnet" + }, + "optional": { + "type": "array", + "items": { + "$ref": "#/definitions/OptionalSubnet" + } + } + }, + "required": [ + "databricksPublic", + "databricksPrivate", + "privateEndpoints", + "web", + "optional" + ], + "title": "Subnets" + }, + "Subnet": { + "type": "object", + "additionalProperties": false, + "properties": { + "comments": { + "type": "string" + }, + "name": { + "type": "string" + }, + "addressPrefix": { + "type": "string" + } + }, + "required": [ + "addressPrefix", + "comments", + "name" + ], + "title": "subnet" + }, + "OptionalSubnet": { + "type": "object", + "additionalProperties": false, + "properties": { + "comments": { + "type": "string" + }, + "name": { + "type": "string" + }, + "addressPrefix": { + "type": "string" + }, + "nsg": { + "$ref": "#/definitions/OptionalSubnetNsg" + }, + "udr": { + "$ref": "#/definitions/OptionalSubnetUdr" + }, + "delegations": { + "$ref": "#/definitions/OptionalSubnetDelegations" + } + }, + "required": [ + "addressPrefix", + "comments", + "name", + "nsg", + "udr" + ], + "title": "OptionalSubnet" + }, + "OptionalSubnetDelegations": { + "type": "object", + "additionalProperties": false, + "properties": { + "serviceName": { + "type": "string" + } + }, + "required": [ + "serviceName" + ], + "title": "OptionalSubnetDelegations" + }, + "OptionalSubnetNsg": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "title": "OptionalSubnetNsg" + }, + "OptionalSubnetUdr": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "title": "OptionalSubnetUdr" + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/lz-machinelearning.json b/schemas/v0.6.0/landingzones/lz-machinelearning.json new file mode 100644 index 00000000..065195d6 --- /dev/null +++ b/schemas/v0.6.0/landingzones/lz-machinelearning.json @@ -0,0 +1,363 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "$ref": "#/definitions/MachineLearningArchetypeDefinition", + "definitions": { + "MachineLearningArchetypeDefinition": { + "type": "object", + "additionalProperties": false, + "properties": { + "$schema": { + "type": "string", + "format": "uri", + "qt-uri-protocols": [ + "https" + ], + "qt-uri-extensions": [ + ".json" + ] + }, + "contentVersion": { + "type": "string" + }, + "parameters": { + "$ref": "#/definitions/Parameters" + } + }, + "required": [ + "$schema", + "contentVersion", + "parameters" + ], + "title": "MachineLearningArchetypeDefinition" + }, + "Parameters": { + "type": "object", + "additionalProperties": false, + "properties": { + "location": { + "$ref": "types/location.json#/definitions/Location" + }, + "serviceHealthAlerts": { + "$ref": "types/serviceHealthAlerts.json#/definitions/ServiceHealthAlerts" + }, + "securityCenter": { + "$ref": "types/securityCenter.json#/definitions/SecurityCenter" + }, + "subscriptionRoleAssignments": { + "$ref": "types/subscriptionRoleAssignments.json#/definitions/SubscriptionRoleAssignments" + }, + "subscriptionBudget": { + "$ref": "types/subscriptionBudget.json#/definitions/SubscriptionBudget" + }, + "subscriptionTags": { + "$ref": "types/subscriptionTags.json#/definitions/SubscriptionTags" + }, + "resourceTags": { + "$ref": "types/resourceTags.json#/definitions/ResourceTags" + }, + "logAnalyticsWorkspaceResourceId": { + "$ref": "types/logAnalyticsWorkspaceId.json#/definitions/LogAnalyticsWorkspaceId" + }, + "useCMK": { + "$ref": "#/definitions/UseCMK" + }, + "resourceGroups": { + "$ref": "#/definitions/ResourceGroups" + }, + "automation": { + "$ref": "types/automation.json#/definitions/Automation" + }, + "keyVault": { + "$ref": "types/keyVault.json#/definitions/KeyVault" + }, + "aks": { + "$ref": "types/aks.json#/definitions/AKS" + }, + "appServiceLinuxContainer": { + "$ref": "types/appServiceLinuxContainer.json#/definitions/APPSERVICELINUXCONTAINER" + }, + "sqldb": { + "$ref": "types/sqldb.json#/definitions/SQLDB" + }, + "sqlmi": { + "$ref": "types/sqlmi.json#/definitions/SQLMI" + }, + "aml": { + "$ref": "types/aml.json#/definitions/AML" + }, + "hubNetwork": { + "$ref": "types/hubNetwork.json#/definitions/HubNetworkWithPrivateDNS" + }, + "network": { + "$ref": "#/definitions/Network" + } + }, + "required": [ + "resourceTags", + "securityCenter", + "serviceHealthAlerts", + "subscriptionBudget", + "subscriptionRoleAssignments", + "subscriptionTags", + "useCMK", + "resourceGroups", + "automation", + "keyVault", + "aks", + "appServiceLinuxContainer", + "sqldb", + "sqlmi", + "aml", + "hubNetwork" + ], + "title": "Parameters" + }, + "UseCMK": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "type": "boolean" + } + }, + "required": [ + "value" + ], + "title": "UseCMK" + }, + "ResourceGroups": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "$ref": "#/definitions/ResourceGroupsValue" + } + }, + "required": [ + "value" + ], + "title": "ResourceGroups" + }, + "ResourceGroupsValue": { + "type": "object", + "additionalProperties": false, + "properties": { + "automation": { + "type": "string" + }, + "compute": { + "type": "string" + }, + "monitor": { + "type": "string" + }, + "networking": { + "type": "string" + }, + "networkWatcher": { + "type": "string" + }, + "security": { + "type": "string" + }, + "storage": { + "type": "string" + } + }, + "required": [ + "automation", + "compute", + "monitor", + "networkWatcher", + "networking", + "security", + "storage" + ], + "title": "ResourceGroupsValue" + }, + "Network": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "$ref": "#/definitions/NetworkValue" + } + }, + "required": [ + "value" + ], + "title": "Network" + }, + "NetworkValue": { + "type": "object", + "additionalProperties": false, + "properties": { + "peerToHubVirtualNetwork": { + "type": "boolean" + }, + "useRemoteGateway": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "dnsServers": { + "type": "array", + "items": { + "type": "string" + } + }, + "addressPrefixes": { + "type": "array", + "items": { + "type": "string" + } + }, + "subnets": { + "$ref": "#/definitions/Subnets" + } + }, + "required": [ + "addressPrefixes", + "dnsServers", + "name", + "peerToHubVirtualNetwork", + "subnets", + "useRemoteGateway" + ], + "title": "NetworkValue" + }, + "Subnets": { + "type": "object", + "additionalProperties": false, + "properties": { + "sqlmi": { + "$ref": "#/definitions/Subnet" + }, + "databricksPublic": { + "$ref": "#/definitions/Subnet" + }, + "databricksPrivate": { + "$ref": "#/definitions/Subnet" + }, + "privateEndpoints": { + "$ref": "#/definitions/Subnet" + }, + "aks": { + "$ref": "#/definitions/Subnet" + }, + "appService": { + "$ref": "#/definitions/Subnet" + }, + "optional": { + "type": "array", + "items": { + "$ref": "#/definitions/OptionalSubnet" + } + } + }, + "required": [ + "sqlmi", + "databricksPublic", + "databricksPrivate", + "privateEndpoints", + "aks", + "appService", + "optional" + ], + "title": "Subnets" + }, + "Subnet": { + "type": "object", + "additionalProperties": false, + "properties": { + "comments": { + "type": "string" + }, + "name": { + "type": "string" + }, + "addressPrefix": { + "type": "string" + } + }, + "required": [ + "addressPrefix", + "comments", + "name" + ], + "title": "subnet" + }, + "OptionalSubnet": { + "type": "object", + "additionalProperties": false, + "properties": { + "comments": { + "type": "string" + }, + "name": { + "type": "string" + }, + "addressPrefix": { + "type": "string" + }, + "nsg": { + "$ref": "#/definitions/OptionalSubnetNsg" + }, + "udr": { + "$ref": "#/definitions/OptionalSubnetUdr" + }, + "delegations": { + "$ref": "#/definitions/OptionalSubnetDelegations" + } + }, + "required": [ + "addressPrefix", + "comments", + "name", + "nsg", + "udr" + ], + "title": "OptionalSubnet" + }, + "OptionalSubnetDelegations": { + "type": "object", + "additionalProperties": false, + "properties": { + "serviceName": { + "type": "string" + } + }, + "required": [ + "serviceName" + ], + "title": "OptionalSubnetDelegations" + }, + "OptionalSubnetNsg": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "title": "OptionalSubnetNsg" + }, + "OptionalSubnetUdr": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "title": "OptionalSubnetUdr" + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/lz-platform-connectivity-hub-azfw-policy.json b/schemas/v0.6.0/landingzones/lz-platform-connectivity-hub-azfw-policy.json new file mode 100644 index 00000000..04a51bbe --- /dev/null +++ b/schemas/v0.6.0/landingzones/lz-platform-connectivity-hub-azfw-policy.json @@ -0,0 +1,71 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "$ref": "#/definitions/PlatformConnectivityHubNetworkAzureFirewallPolicy", + "definitions": { + "PlatformConnectivityHubNetworkAzureFirewallPolicy": { + "type": "object", + "additionalProperties": false, + "properties": { + "$schema": { + "type": "string", + "format": "uri", + "qt-uri-protocols": [ + "https" + ], + "qt-uri-extensions": [ + ".json" + ] + }, + "contentVersion": { + "type": "string" + }, + "parameters": { + "$ref": "#/definitions/Parameters" + } + }, + "required": [ + "$schema", + "contentVersion", + "parameters" + ], + "title": "PlatformConnectivityHubNetworkAzureFirewallPolicy" + }, + "Parameters": { + "type": "object", + "additionalProperties": false, + "properties": { + "location": { + "$ref": "types/location.json#/definitions/Location" + }, + "resourceTags": { + "$ref": "types/resourceTags.json#/definitions/ResourceTags" + }, + "resourceGroupName": { + "$ref": "#/definitions/StringValue" + }, + "policyName": { + "$ref": "#/definitions/StringValue" + } + }, + "required": [ + "resourceTags", + "resourceGroupName", + "policyName" + ], + "title": "Parameters" + }, + "StringValue": { + "type": "object", + "additionalProperties": false, + "required": [ + "value" + ], + "properties": { + "value": { + "type": "string" + } + }, + "title": "StringValue" + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/lz-platform-connectivity-hub-azfw.json b/schemas/v0.6.0/landingzones/lz-platform-connectivity-hub-azfw.json new file mode 100644 index 00000000..2c209103 --- /dev/null +++ b/schemas/v0.6.0/landingzones/lz-platform-connectivity-hub-azfw.json @@ -0,0 +1,433 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "$ref": "#/definitions/PlatformConnectivityHubNetworkAzureFirewall", + "definitions": { + "PlatformConnectivityHubNetworkAzureFirewall": { + "type": "object", + "additionalProperties": false, + "properties": { + "$schema": { + "type": "string", + "format": "uri", + "qt-uri-protocols": [ + "https" + ], + "qt-uri-extensions": [ + ".json" + ] + }, + "contentVersion": { + "type": "string" + }, + "parameters": { + "$ref": "#/definitions/Parameters" + } + }, + "required": [ + "$schema", + "contentVersion", + "parameters" + ], + "title": "PlatformConnectivityHubNetworkAzureFirewall" + }, + "Parameters": { + "type": "object", + "additionalProperties": false, + "properties": { + "location": { + "$ref": "types/location.json#/definitions/Location" + }, + "serviceHealthAlerts": { + "$ref": "types/serviceHealthAlerts.json#/definitions/ServiceHealthAlerts" + }, + "securityCenter": { + "$ref": "types/securityCenter.json#/definitions/SecurityCenter" + }, + "subscriptionRoleAssignments": { + "$ref": "types/subscriptionRoleAssignments.json#/definitions/SubscriptionRoleAssignments" + }, + "subscriptionBudget": { + "$ref": "types/subscriptionBudget.json#/definitions/SubscriptionBudget" + }, + "subscriptionTags": { + "$ref": "types/subscriptionTags.json#/definitions/SubscriptionTags" + }, + "resourceTags": { + "$ref": "types/resourceTags.json#/definitions/ResourceTags" + }, + "logAnalyticsWorkspaceResourceId": { + "$ref": "types/logAnalyticsWorkspaceId.json#/definitions/LogAnalyticsWorkspaceId" + }, + "privateDnsZones": { + "$ref": "#/definitions/privateDnsZones" + }, + "ddosStandard": { + "$ref": "#/definitions/ddosStandard" + }, + "publicAccessZone": { + "$ref": "#/definitions/publicAccessZone" + }, + "managementRestrictedZone": { + "$ref": "#/definitions/managementRestrictedZone" + }, + "hub": { + "$ref": "#/definitions/hub" + }, + "networkWatcher": { + "$ref": "#/definitions/networkWatcher" + } + }, + "required": [ + "resourceTags", + "securityCenter", + "serviceHealthAlerts", + "subscriptionBudget", + "subscriptionRoleAssignments", + "subscriptionTags", + "privateDnsZones", + "ddosStandard", + "publicAccessZone", + "managementRestrictedZone", + "hub", + "networkWatcher" + ], + "title": "Parameters" + }, + "privateDnsZones": { + "type": "object", + "properties": { + "value": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "resourceGroupName": { + "type": "string" + } + }, + "required": [ + "enabled", + "resourceGroupName" + ] + } + }, + "required": [ + "value" + ] + }, + "ddosStandard": { + "type": "object", + "properties": { + "value": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "resourceGroupName": { + "type": "string" + }, + "planName": { + "type": "string" + } + }, + "required": [ + "enabled", + "resourceGroupName", + "planName" + ] + } + }, + "required": [ + "value" + ] + }, + "publicAccessZone": { + "type": "object", + "properties": { + "value": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "resourceGroupName": { + "type": "string" + } + }, + "required": [ + "enabled", + "resourceGroupName" + ] + } + }, + "required": [ + "value" + ] + }, + "managementRestrictedZone": { + "type": "object", + "properties": { + "value": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "resourceGroupName": { + "type": "string" + }, + "network": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "addressPrefixes": { + "type": "array", + "items": { + "type": "string" + } + }, + "subnets": { + "type": "array", + "items": { + "$ref": "#/definitions/optionalSubnet" + } + } + }, + "required": [ + "name", + "addressPrefixes", + "subnets" + ] + } + }, + "required": [ + "enabled", + "resourceGroupName", + "network" + ] + } + }, + "required": [ + "value" + ] + }, + "hub": { + "type": "object", + "properties": { + "value": { + "type": "object", + "properties": { + "resourceGroupName": { + "type": "string" + }, + "bastion": { + "$ref": "#/definitions/bastion" + }, + "azureFirewall": { + "$ref": "#/definitions/azureFirewall" + }, + "network": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "addressPrefixes": { + "type": "array", + "items": { + "type": "string" + } + }, + "subnets": { + "type": "object", + "properties": { + "gateway": { + "$ref": "#/definitions/requiredSubnet" + }, + "firewall": { + "$ref": "#/definitions/requiredSubnet" + }, + "bastion": { + "$ref": "#/definitions/requiredSubnet" + }, + "publicAccess": { + "$ref": "#/definitions/requiredSubnet" + }, + "optional": { + "type": "array", + "items": { + "$ref": "#/definitions/optionalSubnet" + } + } + } + } + }, + "required": [ + "name", + "addressPrefixes", + "subnets" + ] + } + }, + "required": [ + "resourceGroupName", + "bastion", + "azureFirewall", + "network" + ] + } + }, + "required": [ + "value" + ] + }, + "networkWatcher": { + "type": "object", + "properties": { + "value": { + "type": "object", + "properties": { + "resourceGroupName": { + "type": "string" + } + }, + "required": [ + "resourceGroupName" + ] + } + }, + "required": [ + "value" + ] + }, + "requiredSubnet": { + "type": "object", + "properties": { + "comments": { + "type": "string" + }, + "name": { + "type": "string" + }, + "addressPrefix": { + "type": "string" + } + }, + "required": [ + "comments", + "name", + "addressPrefix" + ] + }, + "optionalSubnet": { + "type": "object", + "properties": { + "comments": { + "type": "string" + }, + "name": { + "type": "string" + }, + "addressPrefix": { + "type": "string" + }, + "nsg": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ] + }, + "udr": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ] + }, + "delegations": { + "type": "object", + "properties": { + "serviceName": { + "type": "string" + } + }, + "required": [ + "serviceName" + ] + } + }, + "required": [ + "comments", + "name", + "addressPrefix", + "nsg", + "udr" + ] + }, + "bastion": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "sku": { + "type": "string" + }, + "scaleUnits": { + "type": "integer" + } + }, + "required": [ + "enabled", + "name", + "sku", + "scaleUnits" + ] + }, + "azureFirewall": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + } + }, + "forcedTunnelingEnabled": { + "type": "boolean" + }, + "forcedTunnelingNextHop": { + "type": "string" + }, + "firewallPolicyId": { + "type": "string" + } + }, + "required": [ + "name", + "availabilityZones", + "forcedTunnelingEnabled", + "forcedTunnelingNextHop" + ] + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/lz-platform-connectivity-hub-nva.json b/schemas/v0.6.0/landingzones/lz-platform-connectivity-hub-nva.json new file mode 100644 index 00000000..f34c3b8a --- /dev/null +++ b/schemas/v0.6.0/landingzones/lz-platform-connectivity-hub-nva.json @@ -0,0 +1,565 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "$ref": "#/definitions/PlatformConnectivityHubNetworkNVA", + "definitions": { + "PlatformConnectivityHubNetworkNVA": { + "type": "object", + "additionalProperties": false, + "properties": { + "$schema": { + "type": "string", + "format": "uri", + "qt-uri-protocols": [ + "https" + ], + "qt-uri-extensions": [ + ".json" + ] + }, + "contentVersion": { + "type": "string" + }, + "parameters": { + "$ref": "#/definitions/Parameters" + } + }, + "required": [ + "$schema", + "contentVersion", + "parameters" + ], + "title": "PlatformConnectivityHubNetworkNVA" + }, + "Parameters": { + "type": "object", + "additionalProperties": false, + "properties": { + "location": { + "$ref": "types/location.json#/definitions/Location" + }, + "serviceHealthAlerts": { + "$ref": "types/serviceHealthAlerts.json#/definitions/ServiceHealthAlerts" + }, + "securityCenter": { + "$ref": "types/securityCenter.json#/definitions/SecurityCenter" + }, + "subscriptionRoleAssignments": { + "$ref": "types/subscriptionRoleAssignments.json#/definitions/SubscriptionRoleAssignments" + }, + "subscriptionBudget": { + "$ref": "types/subscriptionBudget.json#/definitions/SubscriptionBudget" + }, + "subscriptionTags": { + "$ref": "types/subscriptionTags.json#/definitions/SubscriptionTags" + }, + "resourceTags": { + "$ref": "types/resourceTags.json#/definitions/ResourceTags" + }, + "logAnalyticsWorkspaceResourceId": { + "$ref": "types/logAnalyticsWorkspaceId.json#/definitions/LogAnalyticsWorkspaceId" + }, + "privateDnsZones": { + "$ref": "#/definitions/privateDnsZones" + }, + "ddosStandard": { + "$ref": "#/definitions/ddosStandard" + }, + "publicAccessZone": { + "$ref": "#/definitions/publicAccessZone" + }, + "managementRestrictedZone": { + "$ref": "#/definitions/managementRestrictedZone" + }, + "hub": { + "$ref": "#/definitions/hub" + }, + "networkWatcher": { + "$ref": "#/definitions/networkWatcher" + }, + "fwUsername": { + "type": "object", + "properties": { + "value": { + "type": "string" + } + } + }, + "fwPassword": { + "type": "object", + "properties": { + "value": { + "type": "string" + } + } + } + }, + "required": [ + "resourceTags", + "securityCenter", + "serviceHealthAlerts", + "subscriptionBudget", + "subscriptionRoleAssignments", + "subscriptionTags", + "privateDnsZones", + "ddosStandard", + "publicAccessZone", + "managementRestrictedZone", + "hub", + "networkWatcher" + ], + "title": "Parameters" + }, + "privateDnsZones": { + "type": "object", + "properties": { + "value": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "resourceGroupName": { + "type": "string" + } + }, + "required": [ + "enabled", + "resourceGroupName" + ] + } + }, + "required": [ + "value" + ] + }, + "ddosStandard": { + "type": "object", + "properties": { + "value": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "resourceGroupName": { + "type": "string" + }, + "planName": { + "type": "string" + } + }, + "required": [ + "enabled", + "resourceGroupName", + "planName" + ] + } + }, + "required": [ + "value" + ] + }, + "publicAccessZone": { + "type": "object", + "properties": { + "value": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "resourceGroupName": { + "type": "string" + } + }, + "required": [ + "enabled", + "resourceGroupName" + ] + } + }, + "required": [ + "value" + ] + }, + "managementRestrictedZone": { + "type": "object", + "properties": { + "value": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "resourceGroupName": { + "type": "string" + }, + "network": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "addressPrefixes": { + "type": "array", + "items": { + "type": "string" + } + }, + "subnets": { + "type": "array", + "items": { + "$ref": "#/definitions/optionalSubnet" + } + } + }, + "required": [ + "name", + "addressPrefixes", + "subnets" + ] + } + }, + "required": [ + "enabled", + "resourceGroupName", + "network" + ] + } + }, + "required": [ + "value" + ] + }, + "hub": { + "type": "object", + "properties": { + "value": { + "type": "object", + "properties": { + "resourceGroupName": { + "type": "string" + }, + "bastion": { + "$ref": "#/definitions/bastion" + }, + "network": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "addressPrefixes": { + "type": "array", + "items": { + "type": "string" + } + }, + "subnets": { + "type": "object", + "properties": { + "gateway": { + "$ref": "#/definitions/requiredSubnet" + }, + "bastion": { + "$ref": "#/definitions/requiredSubnet" + }, + "public": { + "$ref": "#/definitions/requiredSubnet" + }, + "publicAccessZone": { + "$ref": "#/definitions/requiredSubnet" + }, + "externalAccessNetwork": { + "$ref": "#/definitions/requiredSubnet" + }, + "nonProductionInternal": { + "$ref": "#/definitions/requiredSubnet" + }, + "productionInternal": { + "$ref": "#/definitions/requiredSubnet" + }, + "managementRestrictedZoneInternal": { + "$ref": "#/definitions/requiredSubnet" + }, + "highAvailability": { + "$ref": "#/definitions/requiredSubnet" + }, + "optional": { + "type": "array", + "items": { + "$ref": "#/definitions/optionalSubnet" + } + } + }, + "required": [ + "gateway", + "bastion", + "public", + "publicAccessZone", + "externalAccessNetwork", + "nonProductionInternal", + "productionInternal", + "managementRestrictedZoneInternal", + "highAvailability", + "optional" + ] + } + }, + "required": [ + "name", + "addressPrefixes", + "subnets" + ] + }, + "nvaFirewall": { + "$ref": "#/definitions/nvaFirewall" + } + }, + "required": [ + "resourceGroupName", + "bastion", + "network", + "nvaFirewall" + ] + } + }, + "required": [ + "value" + ] + }, + "networkWatcher": { + "type": "object", + "properties": { + "value": { + "type": "object", + "properties": { + "resourceGroupName": { + "type": "string" + } + }, + "required": [ + "resourceGroupName" + ] + } + }, + "required": [ + "value" + ] + }, + "requiredSubnet": { + "type": "object", + "properties": { + "comments": { + "type": "string" + }, + "name": { + "type": "string" + }, + "addressPrefix": { + "type": "string" + } + }, + "required": [ + "comments", + "name", + "addressPrefix" + ] + }, + "optionalSubnet": { + "type": "object", + "properties": { + "comments": { + "type": "string" + }, + "name": { + "type": "string" + }, + "addressPrefix": { + "type": "string" + }, + "nsg": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ] + }, + "udr": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + }, + "required": [ + "enabled" + ] + }, + "delegations": { + "type": "object", + "properties": { + "serviceName": { + "type": "string" + } + }, + "required": [ + "serviceName" + ] + } + }, + "required": [ + "comments", + "name", + "addressPrefix", + "nsg", + "udr" + ] + }, + "nvaFirewall": { + "type": "object", + "properties": { + "image": { + "type": "object", + "properties": { + "publisher": { + "type": "string" + }, + "offer": { + "type": "string" + }, + "sku": { + "type": "string" + }, + "version": { + "type": "string" + }, + "plan": { + "type": "string" + } + } + }, + "nonProduction": { + "$ref": "#/definitions/nvaEnvironment" + }, + "production": { + "$ref": "#/definitions/nvaEnvironment" + } + } + }, + "nvaEnvironment": { + "type": "object", + "properties": { + "internalLoadBalancer": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "internalIp": { + "type": "string" + }, + "externalIp": { + "type": "string" + }, + "tcpProbe": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "intervalInSeconds": { + "type": "integer" + }, + "numberOfProbes": { + "type": "integer" + } + }, + "required": [ + "name", + "port", + "intervalInSeconds", + "numberOfProbes" + ] + } + } + }, + "deployVirtualMachines": { + "type": "boolean" + }, + "virtualMachines": { + "type": "array", + "items": { + "properties": { + "name": { + "type": "string" + }, + "vmSku": { + "type": "string" + }, + "internalIp": { + "type": "string" + }, + "externalIp": { + "type": "string" + }, + "mrzInternalIp": { + "type": "string" + }, + "highAvailabilityIp": { + "type": "string" + }, + "availabilityZone": { + "type": "string" + } + }, + "required": [ + "name", + "vmSku", + "internalIp", + "externalIp", + "mrzInternalIp", + "highAvailabilityIp", + "availabilityZone" + ] + } + } + }, + "required": [ + "internalLoadBalancer", + "deployVirtualMachines", + "virtualMachines" + ] + }, + "bastion": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "sku": { + "type": "string" + }, + "scaleUnits": { + "type": "integer" + } + }, + "required": [ + "enabled", + "name", + "sku", + "scaleUnits" + ] + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/lz-platform-logging.json b/schemas/v0.6.0/landingzones/lz-platform-logging.json new file mode 100644 index 00000000..d3818c4e --- /dev/null +++ b/schemas/v0.6.0/landingzones/lz-platform-logging.json @@ -0,0 +1,223 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "$ref": "#/definitions/PlatformLoggingArchetypeDefinition", + "definitions": { + "PlatformLoggingArchetypeDefinition": { + "type": "object", + "additionalProperties": false, + "properties": { + "$schema": { + "type": "string", + "format": "uri", + "qt-uri-protocols": [ + "https" + ], + "qt-uri-extensions": [ + ".json" + ] + }, + "contentVersion": { + "type": "string" + }, + "parameters": { + "$ref": "#/definitions/Parameters" + } + }, + "required": [ + "$schema", + "contentVersion", + "parameters" + ], + "title": "PlatformLoggingArchetypeDefinition" + }, + "Parameters": { + "type": "object", + "additionalProperties": false, + "properties": { + "location": { + "$ref": "types/location.json#/definitions/Location" + }, + "serviceHealthAlerts": { + "$ref": "types/serviceHealthAlerts.json#/definitions/ServiceHealthAlerts" + }, + "securityCenter": { + "$ref": "types/securityCenter.json#/definitions/SecurityCenter" + }, + "subscriptionRoleAssignments": { + "$ref": "types/subscriptionRoleAssignments.json#/definitions/SubscriptionRoleAssignments" + }, + "subscriptionBudget": { + "$ref": "types/subscriptionBudget.json#/definitions/SubscriptionBudget" + }, + "subscriptionTags": { + "$ref": "types/subscriptionTags.json#/definitions/SubscriptionTags" + }, + "resourceTags": { + "$ref": "types/resourceTags.json#/definitions/ResourceTags" + }, + "logAnalyticsResourceGroupName": { + "$ref": "#/definitions/logAnalyticsResourceGroupName" + }, + "logAnalyticsWorkspaceName": { + "$ref": "#/definitions/logAnalyticsWorkspaceName" + }, + "logAnalyticsRetentionInDays": { + "$ref": "#/definitions/logAnalyticsRetentionInDays" + }, + "logAnalyticsAutomationAccountName": { + "$ref": "#/definitions/logAnalyticsAutomationAccountName" + }, + "dataCollectionRule": { + "$ref": "#/definitions/dataCollectionRule" + } + }, + "required": [ + "resourceTags", + "securityCenter", + "serviceHealthAlerts", + "subscriptionBudget", + "subscriptionRoleAssignments", + "subscriptionTags", + "logAnalyticsResourceGroupName", + "logAnalyticsWorkspaceName", + "logAnalyticsRetentionInDays", + "logAnalyticsAutomationAccountName", + "dataCollectionRule" + ], + "title": "Parameters" + }, + "logAnalyticsResourceGroupName": { + "type": "object", + "additionalProperties": false, + "required": [ + "value" + ], + "properties": { + "value": { + "type": "string" + } + }, + "title": "logAnalyticsResourceGroupName" + }, + "logAnalyticsWorkspaceName": { + "type": "object", + "additionalProperties": false, + "required": [ + "value" + ], + "properties": { + "value": { + "type": "string" + } + }, + "title": "logAnalyticsWorkspaceName" + }, + "logAnalyticsRetentionInDays": { + "type": "object", + "additionalProperties": false, + "required": [ + "value" + ], + "properties": { + "value": { + "type": "integer" + } + }, + "title": "logAnalyticsRetentionInDays" + }, + "logAnalyticsAutomationAccountName": { + "type": "object", + "additionalProperties": false, + "required": [ + "value" + ], + "properties": { + "value": { + "type": "string" + } + }, + "title": "logAnalyticsAutomationAccountName" + }, + "dataCollectionRule": { + "type": "object", + "additionalProperties": false, + "required": [ + "value" + ], + "properties": { + "value": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "windowsEventLogs": { + "type": "array", + "items": { + "properties": { + "name": { + "type": "string" + }, + "streams": { + "type": "array", + "items": { + "type": "string" + } + }, + "xPathQueries": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + }, + "syslog": { + "type": "array", + "items": { + "properties": { + "name": { + "type": "string" + }, + "streams": { + "type": "array", + "items": { + "type": "string" + } + }, + "facilityNames": { + "type": "array", + "items": { + "type": "string" + } + }, + "logLevels": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "Debug", + "Info", + "Notice", + "Warning", + "Error", + "Critical", + "Alert", + "Emergency" + ] + } + } + } + } + } + } + } + }, + "title": "dataCollectionRule" + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/types/aks.json b/schemas/v0.6.0/landingzones/types/aks.json new file mode 100644 index 00000000..1d3e8080 --- /dev/null +++ b/schemas/v0.6.0/landingzones/types/aks.json @@ -0,0 +1,134 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "definitions": { + "AKS": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "oneOf": [ + { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "enum": [ + true + ] + }, + "version": { + "type": "string" + }, + "networkPlugin": { + "type": "string", + "enum": [ + "azure" + ] + }, + "networkPolicy": { + "type": "string", + "enum": [ + "azure", + "calico" + ] + }, + "podCidr": { + "type": "string", + "enum": [ + "" + ] + }, + "serviceCidr": { + "type": "string" + }, + "dnsServiceIP": { + "type": "string" + }, + "dockerBridgeCidr": { + "type": "string" + } + }, + "required": [ + "enabled", + "version", + "networkPlugin", + "networkPolicy", + "podCidr", + "serviceCidr", + "dockerBridgeCidr" + ] + }, + { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "enum": [ + true + ] + }, + "version": { + "type": "string" + }, + "networkPlugin": { + "type": "string", + "enum": [ + "kubenet" + ] + }, + "networkPolicy": { + "type": "string", + "enum": [ + "calico" + ] + }, + "podCidr": { + "type": "string" + }, + "serviceCidr": { + "type": "string" + }, + "dnsServiceIP": { + "type": "string" + }, + "dockerBridgeCidr": { + "type": "string" + } + }, + "required": [ + "enabled", + "version", + "networkPlugin", + "networkPolicy", + "podCidr", + "serviceCidr", + "dockerBridgeCidr" + ] + }, + { + "type": "object", + "additionalProperties": true, + "properties": { + "enabled": { + "type": "boolean", + "enum": [ + false + ] + } + }, + "required": [ + "enabled" + ] + } + ] + } + }, + "required": [ + "value" + ], + "title": "AKS" + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/types/aml.json b/schemas/v0.6.0/landingzones/types/aml.json new file mode 100644 index 00000000..ef1577d4 --- /dev/null +++ b/schemas/v0.6.0/landingzones/types/aml.json @@ -0,0 +1,31 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "definitions": { + "AML": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "$ref": "#/definitions/Value" + } + }, + "required": [ + "value" + ], + "title": "Aml" + }, + "Value": { + "type": "object", + "additionalProperties": false, + "properties": { + "enableHbiWorkspace": { + "type": "boolean" + } + }, + "required": [ + "enableHbiWorkspace" + ], + "title": "Value" + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/types/appServiceLinuxContainer.json b/schemas/v0.6.0/landingzones/types/appServiceLinuxContainer.json new file mode 100644 index 00000000..f4316c33 --- /dev/null +++ b/schemas/v0.6.0/landingzones/types/appServiceLinuxContainer.json @@ -0,0 +1,65 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "definitions": { + "APPSERVICELINUXCONTAINER": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "oneOf": [ + { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "enum": [ + true + ] + }, + "skuName": { + "type": "string" + }, + "skuTier": { + "type": "string" + }, + "enablePrivateEndpoint": { + "type": "boolean", + "enum": [ + true, + false + ] + } + }, + "required": [ + "enabled", + "skuName", + "skuTier", + "enablePrivateEndpoint" + ] + }, + { + "type": "object", + "additionalProperties": true, + "properties": { + "enabled": { + "type": "boolean", + "enum": [ + false + ] + } + }, + "required": [ + "enabled" + ] + } + ] + } + }, + "required": [ + "value" + ], + "title": "App Service Linux Container" + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/types/automation.json b/schemas/v0.6.0/landingzones/types/automation.json new file mode 100644 index 00000000..89515791 --- /dev/null +++ b/schemas/v0.6.0/landingzones/types/automation.json @@ -0,0 +1,31 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "definitions": { + "Automation": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "$ref": "#/definitions/Value" + } + }, + "required": [ + "value" + ], + "title": "Automation" + }, + "Value": { + "type": "object", + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ], + "title": "Value" + } + } +} diff --git a/schemas/v0.6.0/landingzones/types/backupRecoveryVault.json b/schemas/v0.6.0/landingzones/types/backupRecoveryVault.json new file mode 100644 index 00000000..d7c507f0 --- /dev/null +++ b/schemas/v0.6.0/landingzones/types/backupRecoveryVault.json @@ -0,0 +1,53 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "definitions": { + "RecoveryVault": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "oneOf": [ + { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "enum": [ + true + ] + }, + "name": { + "type": "string" + } + }, + "required": [ + "enabled", + "name" + ] + }, + { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "enum": [ + false + ] + } + }, + "required": [ + "enabled" + ] + } + ] + } + }, + "required": [ + "value" + ], + "title": "RecoveryVault" + } + } + } \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/types/hubNetwork.json b/schemas/v0.6.0/landingzones/types/hubNetwork.json new file mode 100644 index 00000000..9d882724 --- /dev/null +++ b/schemas/v0.6.0/landingzones/types/hubNetwork.json @@ -0,0 +1,93 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "definitions": { + "HubNetworkWithoutPrivateDNS": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "$ref": "#/definitions/ValueWithoutPrivateDNS" + } + }, + "required": [ + "value" + ], + "title": "HubNetworkWithoutPrivateDNS" + }, + "HubNetworkWithPrivateDNS": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "$ref": "#/definitions/ValueWithPrivateDNS" + } + }, + "required": [ + "value" + ], + "title": "HubNetworkWithPrivateDNS" + }, + "ValueWithoutPrivateDNS": { + "type": "object", + "additionalProperties": false, + "properties": { + "virtualNetworkId": { + "type": "string" + }, + "rfc1918IPRange": { + "type": "string" + }, + "rfc6598IPRange": { + "type": "string" + }, + "egressVirtualApplianceIp": { + "type": "string" + } + }, + "required": [ + "egressVirtualApplianceIp", + "rfc1918IPRange", + "rfc6598IPRange", + "virtualNetworkId" + ], + "title": "ValueWithoutPrivateDNS" + }, + "ValueWithPrivateDNS": { + "type": "object", + "additionalProperties": false, + "properties": { + "virtualNetworkId": { + "type": "string" + }, + "rfc1918IPRange": { + "type": "string" + }, + "rfc6598IPRange": { + "type": "string" + }, + "egressVirtualApplianceIp": { + "type": "string" + }, + "privateDnsManagedByHub": { + "type": "boolean" + }, + "privateDnsManagedByHubSubscriptionId": { + "type": "string" + }, + "privateDnsManagedByHubResourceGroupName": { + "type": "string" + } + }, + "required": [ + "egressVirtualApplianceIp", + "rfc1918IPRange", + "rfc6598IPRange", + "virtualNetworkId", + "privateDnsManagedByHub", + "privateDnsManagedByHubResourceGroupName", + "privateDnsManagedByHubSubscriptionId" + ], + "title": "ValueWithoutPrivateDNS" + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/types/keyVault.json b/schemas/v0.6.0/landingzones/types/keyVault.json new file mode 100644 index 00000000..e771589a --- /dev/null +++ b/schemas/v0.6.0/landingzones/types/keyVault.json @@ -0,0 +1,31 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "definitions": { + "KeyVault": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "$ref": "#/definitions/Value" + } + }, + "required": [ + "value" + ], + "title": "KeyVault" + }, + "Value": { + "type": "object", + "additionalProperties": false, + "properties": { + "secretExpiryInDays": { + "type": "integer" + } + }, + "required": [ + "secretExpiryInDays" + ], + "title": "Value" + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/types/location.json b/schemas/v0.6.0/landingzones/types/location.json new file mode 100644 index 00000000..1e17aad8 --- /dev/null +++ b/schemas/v0.6.0/landingzones/types/location.json @@ -0,0 +1,18 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "definitions": { + "Location": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "type": "string" + } + }, + "required": [ + "value" + ], + "title": "Location" + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/types/logAnalyticsWorkspaceId.json b/schemas/v0.6.0/landingzones/types/logAnalyticsWorkspaceId.json new file mode 100644 index 00000000..feba5015 --- /dev/null +++ b/schemas/v0.6.0/landingzones/types/logAnalyticsWorkspaceId.json @@ -0,0 +1,18 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "definitions": { + "LogAnalyticsWorkspaceId": { + "type": "object", + "additionalProperties": false, + "required": [ + "value" + ], + "properties": { + "value": { + "type": "string" + } + }, + "title": "LogAnalyticsWorkspaceId" + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/types/resourceTags.json b/schemas/v0.6.0/landingzones/types/resourceTags.json new file mode 100644 index 00000000..5d6bd73f --- /dev/null +++ b/schemas/v0.6.0/landingzones/types/resourceTags.json @@ -0,0 +1,26 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "definitions": { + "ResourceTags": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "$ref": "#/definitions/Value" + } + }, + "required": [ + "value" + ], + "title": "ResourceTags" + }, + "Value": { + "type": "object", + "additionalProperties": { + "type": "string", + "description": "Key/Value pairs of tags" + }, + "title": "Value" + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/types/securityCenter.json b/schemas/v0.6.0/landingzones/types/securityCenter.json new file mode 100644 index 00000000..66ceed6e --- /dev/null +++ b/schemas/v0.6.0/landingzones/types/securityCenter.json @@ -0,0 +1,35 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "definitions": { + "SecurityCenter": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "$ref": "#/definitions/Value" + } + }, + "required": [ + "value" + ], + "title": "SecurityCenter" + }, + "Value": { + "type": "object", + "additionalProperties": false, + "properties": { + "email": { + "type": "string" + }, + "phone": { + "type": "string" + } + }, + "required": [ + "email", + "phone" + ], + "title": "Value" + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/types/serviceHealthAlerts.json b/schemas/v0.6.0/landingzones/types/serviceHealthAlerts.json new file mode 100644 index 00000000..0bb153df --- /dev/null +++ b/schemas/v0.6.0/landingzones/types/serviceHealthAlerts.json @@ -0,0 +1,120 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "definitions": { + "ServiceHealthAlerts": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "$ref": "#/definitions/Value" + } + }, + "required": [ + "value" + ], + "title": "ServiceHealthAlerts" + }, + "Value": { + "type": "object", + "additionalProperties": false, + "properties": { + "resourceGroupName": { + "type": "string" + }, + "incidentTypes": { + "type": "array", + "items": { + "type": "string" + } + }, + "regions": { + "type": "array", + "items": { + "type": "string" + } + }, + "receivers": { + "$ref": "#/definitions/Receivers" + }, + "actionGroupName": { + "type": "string" + }, + "actionGroupShortName": { + "type": "string" + }, + "alertRuleName": { + "type": "string" + }, + "alertRuleDescription": { + "type": "string" + } + }, + "required": [ + "actionGroupName", + "actionGroupShortName", + "alertRuleDescription", + "alertRuleName", + "incidentTypes", + "receivers", + "regions", + "resourceGroupName" + ], + "title": "Value" + }, + "Receivers": { + "type": "object", + "additionalProperties": false, + "properties": { + "app": { + "type": "array", + "items": { + "type": "string" + } + }, + "email": { + "type": "array", + "items": { + "type": "string" + } + }, + "sms": { + "type": "array", + "items": { + "$ref": "#/definitions/phone" + } + }, + "voice": { + "type": "array", + "items": { + "$ref": "#/definitions/phone" + } + } + }, + "required": [ + "app", + "email", + "sms", + "voice" + ], + "title": "Receivers" + }, + "phone": { + "type": "object", + "additionalProperties": false, + "properties": { + "countryCode": { + "type": "string", + "format": "integer" + }, + "phoneNumber": { + "type": "string" + } + }, + "required": [ + "countryCode", + "phoneNumber" + ], + "title": "phone" + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/types/sqldb.json b/schemas/v0.6.0/landingzones/types/sqldb.json new file mode 100644 index 00000000..a774c92a --- /dev/null +++ b/schemas/v0.6.0/landingzones/types/sqldb.json @@ -0,0 +1,143 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "definitions": { + "SQLDB": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "oneOf": [ + { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "enum": [ + true + ] + }, + "sqlAuthenticationUsername": { + "type": "string" + }, + "aadAuthenticationOnly":{ + "type":"boolean", + "enum": [ + false + ] + } + }, + "required": [ + "enabled", + "sqlAuthenticationUsername", + "aadAuthenticationOnly" + ] + }, + { + "type":"object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "enum": [ + true + ] + }, + "aadAuthenticationOnly":{ + "type":"boolean", + "enum": [ + false + ] + }, + "sqlAuthenticationUsername": { + "type": "string" + }, + "aadLoginName":{ + "type":"string" + }, + "aadLoginObjectID":{ + "type":"string" + }, + "aadLoginType":{ + "type":"string", + "enum": [ + "User", + "Group", + "Application" + ] + } + }, + "required": [ + "enabled", + "aadAuthenticationOnly", + "aadLoginName", + "aadLoginObjectID", + "aadLoginType", + "sqlAuthenticationUsername" + ] + }, + { + "type":"object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "enum": [ + true + ] + }, + "aadAuthenticationOnly":{ + "type":"boolean", + "enum": [ + true + ] + }, + "aadLoginName":{ + "type":"string" + }, + "aadLoginObjectID":{ + "type":"string" + }, + "aadLoginType":{ + "type":"string", + "enum": [ + "User", + "Group", + "Application" + ] + } + }, + "required": [ + "enabled", + "aadAuthenticationOnly", + "aadLoginName", + "aadLoginObjectID", + "aadLoginType" + ] + } + , + { + "type": "object", + "additionalProperties": true, + "properties": { + "enabled": { + "type": "boolean", + "enum": [ + false + ] + } + }, + "required": [ + "enabled" + ] + } + ] + } + }, + "required": [ + "value" + ], + "title": "sqldb" + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/types/sqlmi.json b/schemas/v0.6.0/landingzones/types/sqlmi.json new file mode 100644 index 00000000..06209f45 --- /dev/null +++ b/schemas/v0.6.0/landingzones/types/sqlmi.json @@ -0,0 +1,53 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "definitions": { + "SQLMI": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "oneOf": [ + { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "enum": [ + true + ] + }, + "username": { + "type": "string" + } + }, + "required": [ + "enabled", + "username" + ] + }, + { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean", + "enum": [ + false + ] + } + }, + "required": [ + "enabled" + ] + } + ] + } + }, + "required": [ + "value" + ], + "title": "Sqlmi" + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/types/subscriptionBudget.json b/schemas/v0.6.0/landingzones/types/subscriptionBudget.json new file mode 100644 index 00000000..c65c4164 --- /dev/null +++ b/schemas/v0.6.0/landingzones/types/subscriptionBudget.json @@ -0,0 +1,68 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "definitions": { + "SubscriptionBudget": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "oneOf": [ + { + "type": "object", + "additionalProperties": false, + "properties": { + "createBudget": { + "type": "boolean", + "enum": [ + true + ] + }, + "name": { + "type": "string" + }, + "amount": { + "type": "integer" + }, + "timeGrain": { + "type": "string" + }, + "contactEmails": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "required": [ + "createBudget", + "amount", + "contactEmails", + "name", + "timeGrain" + ] + }, + { + "type": "object", + "additionalProperties": false, + "properties": { + "createBudget": { + "type": "boolean", + "enum": [ + false + ] + } + }, + "required": [ + "createBudget" + ] + } + ] + } + }, + "required": [ + "value" + ], + "title": "SubscriptionBudget" + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/types/subscriptionRoleAssignments.json b/schemas/v0.6.0/landingzones/types/subscriptionRoleAssignments.json new file mode 100644 index 00000000..137f9a86 --- /dev/null +++ b/schemas/v0.6.0/landingzones/types/subscriptionRoleAssignments.json @@ -0,0 +1,47 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "definitions": { + "SubscriptionRoleAssignments": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/Value" + } + } + }, + "required": [ + "value" + ], + "title": "SubscriptionRoleAssignments" + }, + "Value": { + "type": "object", + "additionalProperties": false, + "properties": { + "comments": { + "type": "string" + }, + "roleDefinitionId": { + "type": "string", + "format": "uuid" + }, + "securityGroupObjectIds": { + "type": "array", + "items": { + "type": "string", + "format": "uuid" + } + } + }, + "required": [ + "comments", + "roleDefinitionId", + "securityGroupObjectIds" + ], + "title": "Value" + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/types/subscriptionTags.json b/schemas/v0.6.0/landingzones/types/subscriptionTags.json new file mode 100644 index 00000000..66c82144 --- /dev/null +++ b/schemas/v0.6.0/landingzones/types/subscriptionTags.json @@ -0,0 +1,26 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "definitions": { + "SubscriptionTags": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "$ref": "#/definitions/Value" + } + }, + "required": [ + "value" + ], + "title": "SubscriptionTags" + }, + "Value": { + "type": "object", + "additionalProperties": { + "type": "string", + "description": "Key/Value pairs of tags" + }, + "title": "Value" + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/landingzones/types/synapse.json b/schemas/v0.6.0/landingzones/types/synapse.json new file mode 100644 index 00000000..49a0a237 --- /dev/null +++ b/schemas/v0.6.0/landingzones/types/synapse.json @@ -0,0 +1,84 @@ +{ + "$schema": "http://json-schema.org/draft-06/schema#", + "definitions": { + "Synapse": { + "type": "object", + "additionalProperties": false, + "properties": { + "value": { + "$ref": "#/definitions/valuedef" + } + }, + "required": [ + "value" + ], + "title": "Synapse" + }, + "valuedef": { + "type": "object", + "properties": { + "value": { + "oneOf": [ + { + "aadAuthenticationOnly": { + "type": "boolean", + "enum": [ + true + ] + }, + "sqlAuthenticationUsername": { + "type": "string" + }, + "aadLoginName": { + "type": "string" + }, + "aadLoginObjectID": { + "type": "string" + }, + "aadLoginType": { + "type": "string", + "enum": [ + "User", + "Group", + "Application" + ] + }, + "required": [ + "aadAuthenticationOnly", + "aadLoginName", + "aadLoginObjectID", + "aadLoginType" + ] + }, + { + "aadAuthenticationOnly": { + "type": "boolean", + "enum": [ + false + ] + }, + "sqlAuthenticationUsername": { + "type": "string" + }, + "aadLoginObjectID": { + "type": "string" + }, + "aadLoginType": { + "type": "string", + "enum": [ + "User", + "Group", + "Application" + ] + }, + "required": [ + "aadAuthenticationOnly", + "sqlAuthenticationUsername" + ] + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/schemas/v0.6.0/readme.md b/schemas/v0.6.0/readme.md new file mode 100644 index 00000000..f7e9315f --- /dev/null +++ b/schemas/v0.6.0/readme.md @@ -0,0 +1,1143 @@ +# Schema Change History + +## Landing Zone Schemas + +### August 10, 2022 + +* [Schema definition update for Logging](../../docs/archetypes/logging.md) + +
+ Expand/collapse + + ```json + "dataCollectionRule": { + "value": { + "enabled": true, + "name": "DCR-AzureMonitorLogs", + "windowsEventLogs": [ + { + "streams": [ + "Microsoft-Event" + ], + "xPathQueries": [ + "Application!*[System[(Level=1 or Level=2 or Level=3)]]", + "Security!*[System[(band(Keywords,13510798882111488))]]", + "System!*[System[(Level=1 or Level=2 or Level=3)]]" + ], + "name": "eventLogsDataSource" + } + ], + "syslog": [ + { + "streams": [ + "Microsoft-Syslog" + ], + "facilityNames": [ + "auth", + "authpriv", + "cron", + "daemon", + "mark", + "kern", + "local0", + "local1", + "local2", + "local3", + "local4", + "local5", + "local6", + "local7", + "lpr", + "mail", + "news", + "syslog", + "user", + "uucp" + ], + "logLevels": [ + "Debug", + "Info", + "Notice", + "Warning", + "Error", + "Critical", + "Alert", + "Emergency" + ], + "name": "sysLogsDataSource" + } + ] + } + } + ``` +
+### April 25, 2022 + +* [Schema definition update for Hub Networking with Azure Firewall](../../docs/archetypes/hubnetwork-azfw.md) + +
+ Expand/collapse + + ```json + { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "serviceHealthAlerts": { + "value": { + "resourceGroupName": "pubsec-service-health", + "incidentTypes": [ + "Incident", + "Security" + ], + "regions": [ + "Global", + "Canada East", + "Canada Central" + ], + "receivers": { + "app": [ + "alzcanadapubsec@microsoft.com" + ], + "email": [ + "alzcanadapubsec@microsoft.com" + ], + "sms": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ], + "voice": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ] + }, + "actionGroupName": "ALZ action group", + "actionGroupShortName": "alz-alert", + "alertRuleName": "ALZ alert rule", + "alertRuleDescription": "Alert rule for Azure Landing Zone" + } + }, + "securityCenter": { + "value": { + "email": "alzcanadapubsec@microsoft.com", + "phone": "5555555555" + } + }, + "subscriptionRoleAssignments": { + "value": [ + { + "comments": "Built-in Contributor Role", + "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", + "securityGroupObjectIds": [ + "38f33f7e-a471-4630-8ce9-c6653495a2ee" + ] + } + ] + }, + "subscriptionBudget": { + "value": { + "createBudget": false + } + }, + "subscriptionTags": { + "value": { + "ISSO": "isso-tbd" + } + }, + "resourceTags": { + "value": { + "ClientOrganization": "client-organization-tag", + "CostCenter": "cost-center-tag", + "DataSensitivity": "data-sensitivity-tag", + "ProjectContact": "project-contact-tag", + "ProjectName": "project-name-tag", + "TechnicalContact": "technical-contact-tag" + } + }, + "privateDnsZones": { + "value": { + "enabled": true, + "resourceGroupName": "pubsec-dns" + } + }, + "ddosStandard": { + "value": { + "enabled": false, + "resourceGroupName": "pubsec-ddos", + "planName": "ddos-plan" + } + }, + "publicAccessZone": { + "value": { + "enabled": true, + "resourceGroupName": "pubsec-public-access-zone" + } + }, + "managementRestrictedZone": { + "value": { + "enabled": true, + "resourceGroupName": "pubsec-management-restricted-zone", + "network": { + "name": "management-restricted-vnet", + "addressPrefixes": ["10.18.4.0/22"], + "subnets": [ + { + "comments": "Management (Access Zone) Subnet", + "name": "MazSubnet", + "addressPrefix": "10.18.4.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Infrastructure Services (Restricted Zone) Subnet", + "name": "InfSubnet", + "addressPrefix": "10.18.4.128/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Security Services (Restricted Zone) Subnet", + "name": "SecSubnet", + "addressPrefix": "10.18.5.0/26", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Logging Services (Restricted Zone) Subnet", + "name": "LogSubnet", + "addressPrefix": "10.18.5.64/26", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Core Management Interfaces (Restricted Zone) Subnet", + "name": "MgmtSubnet", + "addressPrefix": "10.18.5.128/26", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + } + ] + } + } + }, + "hub": { + "value": { + "resourceGroupName": "pubsec-hub-networking", + "bastion": { + "enabled": true, + "name": "bastion", + "sku": "Standard", + "scaleUnits": 2 + }, + "azureFirewall": { + "name": "pubsecAzureFirewall", + "availabilityZones": ["1", "2", "3"], + "forcedTunnelingEnabled": false, + "forcedTunnelingNextHop": "10.17.1.4" + }, + "network": { + "name": "hub-vnet", + "addressPrefixes": [ + "10.18.0.0/22", + "100.60.0.0/16" + ], + "addressPrefixBastion": "192.168.0.0/16", + "subnets": { + "gateway": { + "comments": "Gateway Subnet used for VPN and/or Express Route connectivity", + "name": "GatewaySubnet", + "addressPrefix": "10.18.0.0/27" + }, + "firewall": { + "comments": "Azure Firewall", + "name": "AzureFirewallSubnet", + "addressPrefix": "10.18.1.0/24" + }, + "firewallManagement": { + "comments": "Azure Firewall Management", + "name": "AzureFirewallManagementSubnet", + "addressPrefix": "10.18.2.0/26" + }, + "bastion": { + "comments": "Azure Bastion", + "name": "AzureBastionSubnet", + "addressPrefix": "192.168.0.0/24" + }, + "publicAccess": { + "comments": "Public Access Zone (Application Gateway)", + "name": "PAZSubnet", + "addressPrefix": "100.60.1.0/24" + }, + "optional": [] + } + } + } + }, + "networkWatcher": { + "value": { + "resourceGroupName": "NetworkWatcherRG" + } + } + } + } + ``` + +
+ +* [Schema definition update for Hub Networking with Network Virtual Appliances (NVA)](../../docs/archetypes/hubnetwork-nva-fortigate.md) + +
+ Expand/collapse + + ```json + { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "serviceHealthAlerts": { + "value": { + "resourceGroupName": "pubsec-service-health", + "incidentTypes": [ + "Incident", + "Security" + ], + "regions": [ + "Global", + "Canada East", + "Canada Central" + ], + "receivers": { + "app": [ + "alzcanadapubsec@microsoft.com" + ], + "email": [ + "alzcanadapubsec@microsoft.com" + ], + "sms": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ], + "voice": [ + { + "countryCode": "1", + "phoneNumber": "5555555555" + } + ] + }, + "actionGroupName": "ALZ action group", + "actionGroupShortName": "alz-alert", + "alertRuleName": "ALZ alert rule", + "alertRuleDescription": "Alert rule for Azure Landing Zone" + } + }, + "securityCenter": { + "value": { + "email": "alzcanadapubsec@microsoft.com", + "phone": "5555555555" + } + }, + "subscriptionRoleAssignments": { + "value": [ + { + "comments": "Built-in Contributor Role", + "roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c", + "securityGroupObjectIds": [ + "38f33f7e-a471-4630-8ce9-c6653495a2ee" + ] + } + ] + }, + "subscriptionBudget": { + "value": { + "createBudget": false + } + }, + "subscriptionTags": { + "value": { + "ISSO": "isso-tbd" + } + }, + "resourceTags": { + "value": { + "ClientOrganization": "client-organization-tag", + "CostCenter": "cost-center-tag", + "DataSensitivity": "data-sensitivity-tag", + "ProjectContact": "project-contact-tag", + "ProjectName": "project-name-tag", + "TechnicalContact": "technical-contact-tag" + } + }, + "privateDnsZones": { + "value": { + "enabled": true, + "resourceGroupName": "pubsec-dns" + } + }, + "ddosStandard": { + "value": { + "enabled": false, + "resourceGroupName": "pubsec-ddos", + "planName": "ddos-plan" + } + }, + "publicAccessZone": { + "value": { + "enabled": true, + "resourceGroupName": "pubsec-public-access-zone" + } + }, + "managementRestrictedZone": { + "value": { + "enabled": true, + "resourceGroupName": "pubsec-management-restricted-zone", + "network": { + "name": "management-restricted-vnet", + "addressPrefixes": ["10.18.4.0/22"], + "subnets": [ + { + "comments": "Management (Access Zone) Subnet", + "name": "MazSubnet", + "addressPrefix": "10.18.4.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Infrastructure Services (Restricted Zone) Subnet", + "name": "InfSubnet", + "addressPrefix": "10.18.4.128/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Security Services (Restricted Zone) Subnet", + "name": "SecSubnet", + "addressPrefix": "10.18.5.0/26", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Logging Services (Restricted Zone) Subnet", + "name": "LogSubnet", + "addressPrefix": "10.18.5.64/26", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Core Management Interfaces (Restricted Zone) Subnet", + "name": "MgmtSubnet", + "addressPrefix": "10.18.5.128/26", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + } + ] + } + } + }, + "hub": { + "value": { + "resourceGroupName": "pubsec-hub-networking", + "bastion": { + "enabled": true, + "name": "bastion", + "sku": "Standard", + "scaleUnits": 2 + }, + "network": { + "name": "hub-vnet", + "addressPrefixes": [ + "10.18.0.0/22", + "100.60.0.0/16" + ], + "addressPrefixBastion": "192.168.0.0/16", + "subnets": { + "gateway": { + "comments": "Gateway Subnet used for VPN and/or Express Route connectivity", + "name": "GatewaySubnet", + "addressPrefix": "10.18.1.0/27" + }, + "bastion": { + "comments": "Azure Bastion", + "name": "AzureBastionSubnet", + "addressPrefix": "192.168.0.0/24" + }, + "public": { + "comments": "Public Subnet Name (External Facing (Internet/Ground))", + "name": "PublicSubnet", + "addressPrefix": "100.60.0.0/24" + }, + "publicAccessZone": { + "comments": "Public Access Zone (i.e. Application Gateway)", + "name": "PAZSubnet", + "addressPrefix": "100.60.1.0/24" + }, + "externalAccessNetwork": { + "comments": "External Access Network", + "name": "EanSubnet", + "addressPrefix": "10.18.0.0/27" + }, + "nonProductionInternal": { + "comments": "Non-production Internal for firewall appliances (Internal Facing Non-Production Traffic)", + "name": "DevIntSubnet", + "addressPrefix": "10.18.0.64/27" + }, + "productionInternal": { + "comments": "Production Internal for firewall appliances (Internal Facing Production Traffic)", + "name": "PrdIntSubnet", + "addressPrefix": "10.18.0.32/27" + }, + "managementRestrictedZoneInternal": { + "comments": "Management Restricted Zone", + "name": "MrzSubnet", + "addressPrefix": "10.18.0.96/27" + }, + "highAvailability": { + "comments": "High Availability (Firewall to Firewall heartbeat)", + "name": "HASubnet", + "addressPrefix": "10.18.0.128/28" + }, + "optional": [] + } + }, + "nvaFirewall": { + "image": { + "publisher": "fortinet", + "offer": "fortinet_fortigate-vm_v5", + "sku": "fortinet_fg-vm", + "version": "6.4.5", + "plan": "fortinet_fg-vm" + }, + "nonProduction": { + "internalLoadBalancer": { + "name": "pubsecDevFWILB", + "tcpProbe": { + "name": "lbprobe", + "port": 8008, + "intervalInSeconds": 5, + "numberOfProbes": 2 + }, + "internalIp": "10.18.0.68", + "externalIp": "100.60.0.7" + }, + "deployVirtualMachines": true, + "virtualMachines": [ + { + "name": "pubsecDevFW1", + "vmSku": "Standard_D8s_v4", + "internalIp": "10.18.0.69", + "externalIp": "100.60.0.8", + "mrzInternalIp": "10.18.0.104", + "highAvailabilityIp": "10.18.0.134", + "availabilityZone": "2" + }, + { + "name": "pubsecDevFW2", + "vmSku": "Standard_D8s_v4", + "internalIp": "10.18.0.70", + "externalIp": "100.60.0.9", + "mrzInternalIp": "10.18.0.105", + "highAvailabilityIp": "10.18.0.135", + "availabilityZone": "3" + } + ] + }, + "production": { + "internalLoadBalancer": { + "name": "pubsecProdFWILB", + "tcpProbe": { + "name": "lbprobe", + "port": 8008, + "intervalInSeconds": 5, + "numberOfProbes": 2 + }, + "internalIp": "10.18.0.36", + "externalIp": "100.60.0.4" + }, + "deployVirtualMachines": true, + "virtualMachines": [ + { + "name": "pubsecProdFW1", + "vmSku": "Standard_F8s_v2", + "internalIp": "10.18.0.37", + "externalIp": "100.60.0.5", + "mrzInternalIp": "10.18.0.101", + "highAvailabilityIp": "10.18.0.132", + "availabilityZone": "1" + }, + { + "name": "pubsecProdFW2", + "vmSku": "Standard_F8s_v2", + "internalIp": "10.18.0.38", + "externalIp": "100.60.0.6", + "mrzInternalIp": "10.18.0.102", + "highAvailabilityIp": "10.18.0.133", + "availabilityZone": "2" + } + ] + } + } + } + }, + "networkWatcher": { + "value": { + "resourceGroupName": "NetworkWatcherRG" + } + } + } + } + ``` + +
+ +### April 21, 2022 + +* Schema definition update for Machine Learning & Healthcare archetypes. Expanded the spoke network subnet configuration to contain 0 or more optional subnets. This change enables network configuration to be more flexible. + + * Machine Learning archetype network configuration with optional subnets + +
+ Expand/collapse + + ```json + "network": { + "value": { + "peerToHubVirtualNetwork": true, + "useRemoteGateway": false, + "name": "azmlsqlauth2022Q1vnet", + "dnsServers": [ + "10.18.1.4" + ], + "addressPrefixes": [ + "10.6.0.0/16" + ], + "subnets": { + "sqlmi": { + "comments": "SQL Managed Instances Delegated Subnet", + "name": "sqlmi", + "addressPrefix": "10.6.5.0/25" + }, + "databricksPublic": { + "comments": "Databricks Public Delegated Subnet", + "name": "databrickspublic", + "addressPrefix": "10.6.6.0/25" + }, + "databricksPrivate": { + "comments": "Databricks Private Delegated Subnet", + "name": "databricksprivate", + "addressPrefix": "10.6.7.0/25" + }, + "privateEndpoints": { + "comments": "Private Endpoints Subnet", + "name": "privateendpoints", + "addressPrefix": "10.6.8.0/25" + }, + "aks": { + "comments": "AKS Subnet", + "name": "aks", + "addressPrefix": "10.6.9.0/25" + }, + "appService": { + "comments": "App Service Subnet", + "name": "appService", + "addressPrefix": "10.6.10.0/25" + }, + "optional": [ + { + "comments": "Optional Subnet 1", + "name": "virtualMachines", + "addressPrefix": "10.6.11.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Optional Subnet 2 with delegation for NetApp Volumes", + "name": "NetappVolumes", + "addressPrefix": "10.6.12.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.NetApp/volumes" + } + } + ] + } + } + } + ``` + +
+ + * Healthcare archetype network configuration with optional subnets + +
+ Expand/collapse + + ```json + "network": { + "value": { + "peerToHubVirtualNetwork": true, + "useRemoteGateway": false, + "name": "health2022Q1vnet", + "dnsServers": [ + "10.18.1.4" + ], + "addressPrefixes": [ + "10.5.0.0/16" + ], + "subnets": { + "databricksPublic": { + "comments": "Databricks Public Delegated Subnet", + "name": "databrickspublic", + "addressPrefix": "10.5.5.0/25" + }, + "databricksPrivate": { + "comments": "Databricks Private Delegated Subnet", + "name": "databricksprivate", + "addressPrefix": "10.5.6.0/25" + }, + "privateEndpoints": { + "comments": "Private Endpoints Subnet", + "name": "privateendpoints", + "addressPrefix": "10.5.7.0/25" + }, + "web": { + "comments": "Azure Web App Delegated Subnet", + "name": "webapp", + "addressPrefix": "10.5.8.0/25" + }, + "optional": [ + { + "comments": "Optional Subnet 1", + "name": "virtualMachines", + "addressPrefix": "10.5.9.0/25", + "nsg": { + "enabled": true + }, + "udr": { + "enabled": true + } + }, + { + "comments": "Optional Subnet 2 with delegation for NetApp Volumes", + "name": "NetappVolumes", + "addressPrefix": "10.5.10.0/25", + "nsg": { + "enabled": false + }, + "udr": { + "enabled": false + }, + "delegations": { + "serviceName": "Microsoft.NetApp/volumes" + } + } + ] + } + } + } + ``` + +
+ +### April 20, 2022 + +* Schema definition update for Generic Subscription. Spoke network's subnet configuration is now defined as an array. The array can have 0 to many subnet definitions. + +* Removed 4 subnets from Machine Learning archetype's virtual network: `oz`, `paz`, `rz` and `hrz`. + +* Removed 4 subnets from Healthcare archetype's virtual network: `oz`, `paz`, `rz` and `hrz`. + +* Schema definition for Hub Networking archetypes (Azure Firewall & NVA). See documentation: + + * [Hub Networking with Azure Firewall](../../docs/archetypes/hubnetwork-azfw.md) + * [Hub Networking with Network Virtual Appliance (e.g. Fortigate Firewalls)](../../docs/archetypes/hubnetwork-nva-fortigate.md) + +### April 18, 2022 + +Change in `synapse` schema object to support Azure AD authentication. + +| Setting | Type | Description | +| ------- | ---- | ----------- | +| aadAuthenticationOnly | Boolean | Indicate that either AAD auth only or both AAD & SQL auth (required) | +| sqlAuthenticationUsername | String | The SQL authentication user name optional, required when `aadAuthenticationOnly` is false | +| aadLoginName | String | The name of the login or group in the format of first-name last-name | +| aadLoginObjectID | String | The object id of the Azure AD object whether it's a login or a group | +| aadLoginType | String | Represent the type of the object, it can be **User**, **Group** or **Application** (in case of service principal) | + +**Examples** + +SQL authentication only | Json (used in parameter files) + +```json +"synapse": { + "value": { + "aadAuthenticationOnly": false, + "sqlAuthenticationUsername": "azadmin" + } +``` + +SQL authentication only | bicep (used when calling bicep module from another) + +```bicep +{ + aadAuthenticationOnly: false + sqlAuthenticationUsername: 'azadmin' +} +``` + +Azure AD authentication only | Json (used in parameters files) + +```json + "synapse": { + "value": { + "aadAuthenticationOnly": true, + "aadLoginName": "az.admins", + "aadLoginObjectID": "e0357d81-55d8-44e9-9d9c-ab09dc710785", + "aadLoginType":"Group" + } +``` + +Azure AD authentication only | bicep (used when calling bicep module from another) + +```bicep +{ + aadAuthenticationOnly: true + aadLoginName:'John Smith', + aadLoginObjectID:'88888-888888-888888-888888', + aadLoginType:'User' +} +``` + +Mixed authentication | Json (used in parameters files) + +```json + "synapse": { + "value": { + "aadAuthenticationOnly": false, + "sqlAuthenticationUsername": "azadmin", + "aadLoginName": "az.admins", + "aadLoginObjectID": "e0357d81-55d8-44e9-9d9c-ab09dc710785", + "aadLoginType":"Group" + } + ``` + + Mixed authentication | bicep (used when calling bicep module from another) + +```bicep + { + aadAuthenticationOnly: false + sqlAuthenticationUsername: 'azadmin' + aadLoginName:'John Smith', + aadLoginObjectID:'88888-888888-888888-888888', + aadLoginType:'User' + } +``` + +### April 7, 2022 + +Schema definition for Logging archetype. See [documentation](../../docs/archetypes/logging.md). + +### April 6, 2022 + +Added `logAnalyticsWorkspaceResourceId` to archetypes. This is an optional parameter in the JSON file as it can be set at runtime. + +**Example** + +```json + "logAnalyticsWorkspaceResourceId": { + "value": "LOG_ANALYTICS_WORKSPACE_RESOURCE_ID" + } +``` + +### February 14, 2022 + +Added location schema object. This is an optional setting for archetypes. This setting will default to `deployment().location`. + +**Example** + +```json + "location": { + "value": "canadacentral" + } +``` + +### January 16, 2021 +Changed `appServiceLinuxContainer` schema object to support optional inbound private endpoint. + +**Example** +```json +"appServiceLinuxContainer": { + "value": { + "enablePrivateEndpoint": true + } +} +``` + +### December 30, 2021 + +Changed `aks` schema object to support optional deployment of AKS using the `enabled` key as a required field. + +**Example** +```json +"aks": { + "value": { + "enabled": true + } +} +``` + +Added `appServiceLinuxContainer` schema object to support optional deployment of App Service (for model deployments) using the `enabled` key as a required field. Sku name and tier are also required fields. + +**Example** +```json +"appServiceLinuxContainer": { + "value": { + "enabled": true, + "skuName": "P1V2", + "skuTier": "Premium" + } +} +``` + +Added required `appService` subnet as well as the `appServiceLinuxContainer` object in machine learning schema json file. + + +### November 27, 2021 + +Change in `aks` schema object to support Options for the creation of AKS Cluster with one of the following three scenarios: + +* Network Plugin: Kubenet + Network Policy: Calico (Network Policy) +* Network Plugin: Azure CNI + Network Policy: Calico (Network Policy) +* Network Plugin: Azure CNI + Network Policy: Azure (Network Policy). + +| Setting | Type | Description | +| ------- | ---- | ----------- | +| version | String | Kubernetes version to use for the AKS Cluster (required) | +| networkPlugin | String | Network Plugin to use: `kubenet` (for Kubenet) **or** `azure` (for Azure CNI) (required) | +| networkPolicy | String | Network Policy to use: `calico` (for Calico); which can be used with either **kubenet** or **Azure** Network Plugins **or** `azure` (for Azure NP); which can only be used with **Azure CNI** | + +**Note** + +`podCidr` value shoud be set to ( **''** ) when Azure CNI is used + +**Examples** + +* Network Plugin: Kubenet + Network Policy: Calico (Network Policy) + +```json +"aks": { + "value": { + "version": "1.21.2", + "networkPlugin": "kubenet" , + "networkPolicy": "calico", + "podCidr": "11.0.0.0/16", + "serviceCidr": "20.0.0.0/16" , + "dnsServiceIP": "20.0.0.10", + "dockerBridgeCidr": "30.0.0.1/16" + } +} +``` + +* Network Plugin: Azure CNI + Network Policy: Calico (Network Policy) + +```json +"aks": { + "value": { + "version": "1.21.2", + "networkPlugin": "azure" , + "networkPolicy": "calico", + "podCidr": "", + "serviceCidr": "20.0.0.0/16" , + "dnsServiceIP": "20.0.0.10", + "dockerBridgeCidr": "30.0.0.1/16" + } +} +``` + +* Network Plugin: Azure CNI + Network Policy: Azure (Network Policy). + +```json +"aks": { + "value": { + "version": "1.21.2", + "networkPlugin": "azure" , + "networkPolicy": "azure", + "podCidr": "", + "serviceCidr": "20.0.0.0/16" , + "dnsServiceIP": "20.0.0.10", + "dockerBridgeCidr": "30.0.0.1/16" + } +} +``` +### November 26, 2021 + +Added Azure Recovery Vault schema to enable the creation of a Recovery Vault in the generic Archtetype subscription +| Setting | Type | Description | +| ------- | ---- | ----------- | +| enabled | Boolean | Indicate whether or not to deploy Azure Recovery Vault (required) | +| name | String | The name of the Recovery Vault | + + +**Examples** + +Enable recovery vault | Json (used in parameter files) +```json + "backupRecoveryVault":{ + "value": { + "enabled":true, + "name":"bkupvault" + } + } +``` + +### November 25, 2021 + +* Remove `uuid` format check on `privateDnsManagedByHubSubscriptionId` for type `schemas/latest/landingzones/types/hubNetwork.json` + +### November 23, 2021 + +Change in `sqldb` schema object to support Azure AD authentication. + +| Setting | Type | Description | +| ------- | ---- | ----------- | +| enabled | Boolean | Indicate whether or not to deploy Azure SQL Database (required) | +| aadAuthenticationOnly | Boolean | Indicate that either AAD auth only or both AAD & SQL auth (required) | +| sqlAuthenticationUsername | String | The SQL authentication user name optional, required when `aadAuthenticationOnly` is false | +| aadLoginName | String | The name of the login or group in the format of first-name last-name | +| aadLoginObjectID | String | The object id of the Azure AD object whether it's a login or a group | +| aadLoginType | String | Represent the type of the object, it can be **User**, **Group** or **Application** (in case of service principal) | + +**Examples** + +SQL authentication only | Json (used in parameter files) + +```json +"sqldb": { + "value": { + "aadAuthenticationOnly":false, + "enabled": true, + "sqlAuthenticationUsername": "azadmin" + } +} +``` + +SQL authentication only | bicep (used when calling bicep module from another) + +```bicep +{ + enabled: true + aadAuthenticationOnly: false + sqlAuthenticationUsername: 'azadmin' +} +``` + +Azure AD authentication only | Json (used in parameters files) + +```json +"sqldb": { + "value": { + "enabled":true, + "aadAuthenticationOnly":true, + "aadLoginName":"John Smith", + "aadLoginObjectID":"88888-888888-888888-888888", + "aadLoginType":"User" + } +} +``` + +Azure AD authentication only | bicep (used when calling bicep module from another) + +```bicep +{ + enabled: true + aadAuthenticationOnly: true + aadLoginName:'John Smith', + aadLoginObjectID:'88888-888888-888888-888888', + aadLoginType:'User' +} +``` + +Mixed authentication | Json (used in parameters files) + +```json + "sqldb": { + "value": { + "enabled":true, + "aadAuthenticationOnly":false, + "sqlAuthenticationUsername": "azadmin", + "aadLoginName":"John Smith", + "aadLoginObjectID":"88888-888888-888888-888888", + "aadLoginType":"User" + } + } + ``` + + Mixed authentication | bicep (used when calling bicep module from another) + +```bicep + { + enabled: true + aadAuthenticationOnly: false + sqlAuthenticationUsername: 'azadmin' + aadLoginName:'John Smith', + aadLoginObjectID:'88888-888888-888888-888888', + aadLoginType:'User' + } +``` + +### November 12, 2021 + +* Initial version based on v0.1.0 of the schema definitions. diff --git a/tests/schemas/lz-generic-subscription/FullDeployment-With-Location.json b/tests/schemas/lz-generic-subscription/FullDeployment-With-Location.json index c26010e0..0f9cab09 100644 --- a/tests/schemas/lz-generic-subscription/FullDeployment-With-Location.json +++ b/tests/schemas/lz-generic-subscription/FullDeployment-With-Location.json @@ -3,7 +3,7 @@ "contentVersion": "1.0.0.0", "parameters": { "location": { - "value": "canada" + "value": "canadacentral" }, "serviceHealthAlerts": { "value": { diff --git a/tests/schemas/lz-machinelearning/FullDeployment-With-Location.json b/tests/schemas/lz-machinelearning/FullDeployment-With-Location.json index 3b6e2524..ca3ea89c 100644 --- a/tests/schemas/lz-machinelearning/FullDeployment-With-Location.json +++ b/tests/schemas/lz-machinelearning/FullDeployment-With-Location.json @@ -101,7 +101,7 @@ }, "aks": { "value": { - "version": "1.21.2", + "version": "1.22.6", "enabled": true, "networkPlugin": "kubenet", "networkPolicy": "calico", diff --git a/tests/schemas/lz-machinelearning/FullDeployment-With-OptionalSubnets.json b/tests/schemas/lz-machinelearning/FullDeployment-With-OptionalSubnets.json index 12b84573..5e1efdca 100644 --- a/tests/schemas/lz-machinelearning/FullDeployment-With-OptionalSubnets.json +++ b/tests/schemas/lz-machinelearning/FullDeployment-With-OptionalSubnets.json @@ -98,7 +98,7 @@ }, "aks": { "value": { - "version": "1.21.2", + "version": "1.22.6", "enabled": true, "networkPlugin": "kubenet", "networkPolicy": "calico",