feat: Add tags parameter to connection monitors and flow logs (#4135)

## Description

Fixes #3319 

## Pipeline Reference

<!-- Insert your Pipeline Status Badge below -->

| Pipeline |
| -------- |
|
[![avm.res.network.network-watcher](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.network.network-watcher.yml/badge.svg)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.network.network-watcher.yml)
|

## Type of Change

<!-- Use the checkboxes [x] on the options that are relevant. -->

- [ ] Update to CI Environment or utilities (Non-module affecting
changes)
- [x] Azure Verified Module updates:
- [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [x] Someone has opened a bug report issue, and I have included "Closes
#{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an
issue to report it yet.
- [x] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [ ] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [x] Update to documentation

## Checklist

- [ ] I'm sure there are no other open Pull Requests for the same
update/change
- [ ] I have run `Set-AVMModule` locally to generate the supporting
module files.
- [ ] My corresponding pipelines / checks run clean and green without
any errors or warnings

<!-- Please keep up to date with the contribution guide at
https://aka.ms/avm/contribute/bicep -->

avm/res/network/network-watcher/README.md

@@ -16,9 +16,9 @@ This module deploys a Network Watcher.
 | :-- | :-- |
 | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
 | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
-| `Microsoft.Network/networkWatchers` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/networkWatchers) |
-| `Microsoft.Network/networkWatchers/connectionMonitors` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/networkWatchers/connectionMonitors) |
-| `Microsoft.Network/networkWatchers/flowLogs` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/networkWatchers/flowLogs) |
+| `Microsoft.Network/networkWatchers` | [2024-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-05-01/networkWatchers) |
+| `Microsoft.Network/networkWatchers/connectionMonitors` | [2024-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-05-01/networkWatchers/connectionMonitors) |
+| `Microsoft.Network/networkWatchers/flowLogs` | [2024-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-05-01/networkWatchers/flowLogs) |
 
 ## Usage examples
 

avm/res/network/network-watcher/connection-monitor/README.md

@@ -12,7 +12,7 @@ This module deploys a Network Watcher Connection Monitor.
 
 | Resource Type | API Version |
 | :-- | :-- |
-| `Microsoft.Network/networkWatchers/connectionMonitors` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/networkWatchers/connectionMonitors) |
+| `Microsoft.Network/networkWatchers/connectionMonitors` | [2024-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-05-01/networkWatchers/connectionMonitors) |
 
 ## Parameters
 

avm/res/network/network-watcher/connection-monitor/main.bicep

@@ -26,11 +26,11 @@ param testGroups array = []
 @description('Optional. Specify the Log Analytics Workspace Resource ID.')
 param workspaceResourceId string = ''
 
-resource networkWatcher 'Microsoft.Network/networkWatchers@2023-04-01' existing = {
+resource networkWatcher 'Microsoft.Network/networkWatchers@2024-05-01' existing = {
   name: networkWatcherName
 }
 
-resource connectionMonitor 'Microsoft.Network/networkWatchers/connectionMonitors@2023-04-01' = {
+resource connectionMonitor 'Microsoft.Network/networkWatchers/connectionMonitors@2024-05-01' = {
   name: name
   parent: networkWatcher
   tags: tags

avm/res/network/network-watcher/connection-monitor/main.json

@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.32.4.45862",
-      "templateHash": "5171031514480063459"
+      "templateHash": "9690855596549132604"
     },
     "name": "Network Watchers Connection Monitors",
     "description": "This module deploys a Network Watcher Connection Monitor.",
@@ -73,12 +73,12 @@
     "networkWatcher": {
       "existing": true,
       "type": "Microsoft.Network/networkWatchers",
-      "apiVersion": "2023-04-01",
+      "apiVersion": "2024-05-01",
       "name": "[parameters('networkWatcherName')]"
     },
     "connectionMonitor": {
       "type": "Microsoft.Network/networkWatchers/connectionMonitors",
-      "apiVersion": "2023-04-01",
+      "apiVersion": "2024-05-01",
       "name": "[format('{0}/{1}', parameters('networkWatcherName'), parameters('name'))]",
       "tags": "[parameters('tags')]",
       "location": "[parameters('location')]",
@@ -117,7 +117,7 @@
       "metadata": {
         "description": "The location the resource was deployed into."
       },
-      "value": "[reference('connectionMonitor', '2023-04-01', 'full').location]"
+      "value": "[reference('connectionMonitor', '2024-05-01', 'full').location]"
     }
   }
 }

avm/res/network/network-watcher/flow-log/README.md

@@ -13,7 +13,7 @@ This module controls the Network Security Group Flow Logs and analytics settings
 
 | Resource Type | API Version |
 | :-- | :-- |
-| `Microsoft.Network/networkWatchers/flowLogs` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/networkWatchers/flowLogs) |
+| `Microsoft.Network/networkWatchers/flowLogs` | [2024-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-05-01/networkWatchers/flowLogs) |
 
 ## Parameters
 

avm/res/network/network-watcher/flow-log/main.bicep

@@ -60,11 +60,11 @@ var flowAnalyticsConfiguration = !empty(workspaceResourceId) && enabled == true
       }
     }
 
-resource networkWatcher 'Microsoft.Network/networkWatchers@2023-04-01' existing = {
+resource networkWatcher 'Microsoft.Network/networkWatchers@2024-05-01' existing = {
   name: networkWatcherName
 }
 
-resource flowLog 'Microsoft.Network/networkWatchers/flowLogs@2023-04-01' = {
+resource flowLog 'Microsoft.Network/networkWatchers/flowLogs@2024-05-01' = {
   name: name
   parent: networkWatcher
   tags: tags

avm/res/network/network-watcher/flow-log/main.json

@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.32.4.45862",
-      "templateHash": "3458210252337234612"
+      "templateHash": "4346206104248688042"
     },
     "name": "NSG Flow Logs",
     "description": "This module controls the Network Security Group Flow Logs and analytics settings.\n**Note: this module must be run on the Resource Group where Network Watcher is deployed**",
@@ -106,12 +106,12 @@
     "networkWatcher": {
       "existing": true,
       "type": "Microsoft.Network/networkWatchers",
-      "apiVersion": "2023-04-01",
+      "apiVersion": "2024-05-01",
       "name": "[parameters('networkWatcherName')]"
     },
     "flowLog": {
       "type": "Microsoft.Network/networkWatchers/flowLogs",
-      "apiVersion": "2023-04-01",
+      "apiVersion": "2024-05-01",
       "name": "[format('{0}/{1}', parameters('networkWatcherName'), parameters('name'))]",
       "tags": "[parameters('tags')]",
       "location": "[parameters('location')]",
@@ -158,7 +158,7 @@
       "metadata": {
         "description": "The location the resource was deployed into."
       },
-      "value": "[reference('flowLog', '2023-04-01', 'full').location]"
+      "value": "[reference('flowLog', '2024-05-01', 'full').location]"
     }
   }
 }

avm/res/network/network-watcher/main.bicep

@@ -75,7 +75,7 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableT
   }
 }
 
-resource networkWatcher 'Microsoft.Network/networkWatchers@2023-04-01' = {
+resource networkWatcher 'Microsoft.Network/networkWatchers@2024-05-01' = {
   name: name
   location: location
   tags: tags
@@ -113,15 +113,14 @@ module networkWatcher_connectionMonitors 'connection-monitor/main.bicep' = [
   for (connectionMonitor, index) in connectionMonitors: {
     name: '${uniqueString(deployment().name, location)}-NW-ConnectionMonitor-${index}'
     params: {
-      endpoints: contains(connectionMonitor, 'endpoints') ? connectionMonitor.endpoints : []
+      tags: tags
+      endpoints: connectionMonitor.?endpoints ?? []
       name: connectionMonitor.name
       location: location
       networkWatcherName: networkWatcher.name
-      testConfigurations: contains(connectionMonitor, 'testConfigurations') ? connectionMonitor.testConfigurations : []
-      testGroups: contains(connectionMonitor, 'testGroups') ? connectionMonitor.testGroups : []
-      workspaceResourceId: contains(connectionMonitor, 'workspaceResourceId')
-        ? connectionMonitor.workspaceResourceId
-        : ''
+      testConfigurations: connectionMonitor.?testConfigurations ?? []
+      testGroups: connectionMonitor.?testGroups ?? []
+      workspaceResourceId: connectionMonitor.?workspaceResourceId ?? ''
     }
   }
 ]
@@ -130,18 +129,17 @@ module networkWatcher_flowLogs 'flow-log/main.bicep' = [
   for (flowLog, index) in flowLogs: {
     name: '${uniqueString(deployment().name, location)}-NW-FlowLog-${index}'
     params: {
-      enabled: contains(flowLog, 'enabled') ? flowLog.enabled : true
-      formatVersion: contains(flowLog, 'formatVersion') ? flowLog.formatVersion : 2
-      location: contains(flowLog, 'location') ? flowLog.location : location
-      name: contains(flowLog, 'name')
-        ? flowLog.name
-        : '${last(split(flowLog.targetResourceId, '/'))}-${split(flowLog.targetResourceId, '/')[4]}-flowlog'
+      tags: tags
+      enabled: flowLog.?enabled ?? true
+      formatVersion: flowLog.?formatVersion ?? 2
+      location: flowLog.?location ?? location
+      name: flowLog.?name ?? '${last(split(flowLog.targetResourceId, '/'))}-${split(flowLog.targetResourceId, '/')[4]}-flowlog'
       networkWatcherName: networkWatcher.name
-      retentionInDays: contains(flowLog, 'retentionInDays') ? flowLog.retentionInDays : 365
+      retentionInDays: flowLog.?retentionInDays ?? 365
       storageId: flowLog.storageId
       targetResourceId: flowLog.targetResourceId
-      trafficAnalyticsInterval: contains(flowLog, 'trafficAnalyticsInterval') ? flowLog.trafficAnalyticsInterval : 60
-      workspaceResourceId: contains(flowLog, 'workspaceResourceId') ? flowLog.workspaceResourceId : ''
+      trafficAnalyticsInterval: flowLog.?trafficAnalyticsInterval ?? 60
+      workspaceResourceId: flowLog.?workspaceResourceId ?? ''
     }
   }
 ]

avm/res/network/network-watcher/main.json

@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.32.4.45862",
-      "templateHash": "6074776926159807675"
+      "templateHash": "10145081983832317728"
     },
     "name": "Network Watchers",
     "description": "This module deploys a Network Watcher.",
@@ -209,7 +209,7 @@
     },
     "networkWatcher": {
       "type": "Microsoft.Network/networkWatchers",
-      "apiVersion": "2023-04-01",
+      "apiVersion": "2024-05-01",
       "name": "[parameters('name')]",
       "location": "[parameters('location')]",
       "tags": "[parameters('tags')]",
@@ -265,7 +265,12 @@
         },
         "mode": "Incremental",
         "parameters": {
-          "endpoints": "[if(contains(parameters('connectionMonitors')[copyIndex()], 'endpoints'), createObject('value', parameters('connectionMonitors')[copyIndex()].endpoints), createObject('value', createArray()))]",
+          "tags": {
+            "value": "[parameters('tags')]"
+          },
+          "endpoints": {
+            "value": "[coalesce(tryGet(parameters('connectionMonitors')[copyIndex()], 'endpoints'), createArray())]"
+          },
           "name": {
             "value": "[parameters('connectionMonitors')[copyIndex()].name]"
           },
@@ -275,9 +280,15 @@
           "networkWatcherName": {
             "value": "[parameters('name')]"
           },
-          "testConfigurations": "[if(contains(parameters('connectionMonitors')[copyIndex()], 'testConfigurations'), createObject('value', parameters('connectionMonitors')[copyIndex()].testConfigurations), createObject('value', createArray()))]",
-          "testGroups": "[if(contains(parameters('connectionMonitors')[copyIndex()], 'testGroups'), createObject('value', parameters('connectionMonitors')[copyIndex()].testGroups), createObject('value', createArray()))]",
-          "workspaceResourceId": "[if(contains(parameters('connectionMonitors')[copyIndex()], 'workspaceResourceId'), createObject('value', parameters('connectionMonitors')[copyIndex()].workspaceResourceId), createObject('value', ''))]"
+          "testConfigurations": {
+            "value": "[coalesce(tryGet(parameters('connectionMonitors')[copyIndex()], 'testConfigurations'), createArray())]"
+          },
+          "testGroups": {
+            "value": "[coalesce(tryGet(parameters('connectionMonitors')[copyIndex()], 'testGroups'), createArray())]"
+          },
+          "workspaceResourceId": {
+            "value": "[coalesce(tryGet(parameters('connectionMonitors')[copyIndex()], 'workspaceResourceId'), '')]"
+          }
         },
         "template": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -287,7 +298,7 @@
             "_generator": {
               "name": "bicep",
               "version": "0.32.4.45862",
-              "templateHash": "5171031514480063459"
+              "templateHash": "9690855596549132604"
             },
             "name": "Network Watchers Connection Monitors",
             "description": "This module deploys a Network Watcher Connection Monitor.",
@@ -354,12 +365,12 @@
             "networkWatcher": {
               "existing": true,
               "type": "Microsoft.Network/networkWatchers",
-              "apiVersion": "2023-04-01",
+              "apiVersion": "2024-05-01",
               "name": "[parameters('networkWatcherName')]"
             },
             "connectionMonitor": {
               "type": "Microsoft.Network/networkWatchers/connectionMonitors",
-              "apiVersion": "2023-04-01",
+              "apiVersion": "2024-05-01",
               "name": "[format('{0}/{1}', parameters('networkWatcherName'), parameters('name'))]",
               "tags": "[parameters('tags')]",
               "location": "[parameters('location')]",
@@ -398,7 +409,7 @@
               "metadata": {
                 "description": "The location the resource was deployed into."
               },
-              "value": "[reference('connectionMonitor', '2023-04-01', 'full').location]"
+              "value": "[reference('connectionMonitor', '2024-05-01', 'full').location]"
             }
           }
         }
@@ -421,22 +432,39 @@
         },
         "mode": "Incremental",
         "parameters": {
-          "enabled": "[if(contains(parameters('flowLogs')[copyIndex()], 'enabled'), createObject('value', parameters('flowLogs')[copyIndex()].enabled), createObject('value', true()))]",
-          "formatVersion": "[if(contains(parameters('flowLogs')[copyIndex()], 'formatVersion'), createObject('value', parameters('flowLogs')[copyIndex()].formatVersion), createObject('value', 2))]",
-          "location": "[if(contains(parameters('flowLogs')[copyIndex()], 'location'), createObject('value', parameters('flowLogs')[copyIndex()].location), createObject('value', parameters('location')))]",
-          "name": "[if(contains(parameters('flowLogs')[copyIndex()], 'name'), createObject('value', parameters('flowLogs')[copyIndex()].name), createObject('value', format('{0}-{1}-flowlog', last(split(parameters('flowLogs')[copyIndex()].targetResourceId, '/')), split(parameters('flowLogs')[copyIndex()].targetResourceId, '/')[4])))]",
+          "tags": {
+            "value": "[parameters('tags')]"
+          },
+          "enabled": {
+            "value": "[coalesce(tryGet(parameters('flowLogs')[copyIndex()], 'enabled'), true())]"
+          },
+          "formatVersion": {
+            "value": "[coalesce(tryGet(parameters('flowLogs')[copyIndex()], 'formatVersion'), 2)]"
+          },
+          "location": {
+            "value": "[coalesce(tryGet(parameters('flowLogs')[copyIndex()], 'location'), parameters('location'))]"
+          },
+          "name": {
+            "value": "[coalesce(tryGet(parameters('flowLogs')[copyIndex()], 'name'), format('{0}-{1}-flowlog', last(split(parameters('flowLogs')[copyIndex()].targetResourceId, '/')), split(parameters('flowLogs')[copyIndex()].targetResourceId, '/')[4]))]"
+          },
           "networkWatcherName": {
             "value": "[parameters('name')]"
           },
-          "retentionInDays": "[if(contains(parameters('flowLogs')[copyIndex()], 'retentionInDays'), createObject('value', parameters('flowLogs')[copyIndex()].retentionInDays), createObject('value', 365))]",
+          "retentionInDays": {
+            "value": "[coalesce(tryGet(parameters('flowLogs')[copyIndex()], 'retentionInDays'), 365)]"
+          },
           "storageId": {
             "value": "[parameters('flowLogs')[copyIndex()].storageId]"
           },
           "targetResourceId": {
             "value": "[parameters('flowLogs')[copyIndex()].targetResourceId]"
           },
-          "trafficAnalyticsInterval": "[if(contains(parameters('flowLogs')[copyIndex()], 'trafficAnalyticsInterval'), createObject('value', parameters('flowLogs')[copyIndex()].trafficAnalyticsInterval), createObject('value', 60))]",
-          "workspaceResourceId": "[if(contains(parameters('flowLogs')[copyIndex()], 'workspaceResourceId'), createObject('value', parameters('flowLogs')[copyIndex()].workspaceResourceId), createObject('value', ''))]"
+          "trafficAnalyticsInterval": {
+            "value": "[coalesce(tryGet(parameters('flowLogs')[copyIndex()], 'trafficAnalyticsInterval'), 60)]"
+          },
+          "workspaceResourceId": {
+            "value": "[coalesce(tryGet(parameters('flowLogs')[copyIndex()], 'workspaceResourceId'), '')]"
+          }
         },
         "template": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -446,7 +474,7 @@
             "_generator": {
               "name": "bicep",
               "version": "0.32.4.45862",
-              "templateHash": "3458210252337234612"
+              "templateHash": "4346206104248688042"
             },
             "name": "NSG Flow Logs",
             "description": "This module controls the Network Security Group Flow Logs and analytics settings.\n**Note: this module must be run on the Resource Group where Network Watcher is deployed**",
@@ -546,12 +574,12 @@
             "networkWatcher": {
               "existing": true,
               "type": "Microsoft.Network/networkWatchers",
-              "apiVersion": "2023-04-01",
+              "apiVersion": "2024-05-01",
               "name": "[parameters('networkWatcherName')]"
             },
             "flowLog": {
               "type": "Microsoft.Network/networkWatchers/flowLogs",
-              "apiVersion": "2023-04-01",
+              "apiVersion": "2024-05-01",
               "name": "[format('{0}/{1}', parameters('networkWatcherName'), parameters('name'))]",
               "tags": "[parameters('tags')]",
               "location": "[parameters('location')]",
@@ -598,7 +626,7 @@
               "metadata": {
                 "description": "The location the resource was deployed into."
               },
-              "value": "[reference('flowLog', '2023-04-01', 'full').location]"
+              "value": "[reference('flowLog', '2024-05-01', 'full').location]"
             }
           }
         }
@@ -635,7 +663,7 @@
       "metadata": {
         "description": "The location the resource was deployed into."
       },
-      "value": "[reference('networkWatcher', '2023-04-01', 'full').location]"
+      "value": "[reference('networkWatcher', '2024-05-01', 'full').location]"
     }
   }
 }

avm/res/network/network-watcher/version.json

@@ -1,7 +1,7 @@
 {
     "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
-    "version": "0.3",
+    "version": "0.4",
     "pathFilters": [
         "./main.json"
     ]
-}
+}