From 44836fd08d377a8eba7098605cf5b4f877a849bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Gr=C3=A4f?= Date: Thu, 9 Jan 2025 17:45:56 +1000 Subject: [PATCH] feat: Add tags parameter to connection monitors and flow logs (#4135) ## Description Fixes #3319 ## Pipeline Reference | Pipeline | | -------- | | [![avm.res.network.network-watcher](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.network.network-watcher.yml/badge.svg)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.network.network-watcher.yml) | ## Type of Change - [ ] Update to CI Environment or utilities (Non-module affecting changes) - [x] Azure Verified Module updates: - [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [x] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [x] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] Breaking changes and I have bumped the MAJOR version in `version.json`. - [x] Update to documentation ## Checklist - [ ] I'm sure there are no other open Pull Requests for the same update/change - [ ] I have run `Set-AVMModule` locally to generate the supporting module files. - [ ] My corresponding pipelines / checks run clean and green without any errors or warnings --- avm/res/network/network-watcher/README.md | 6 +- .../connection-monitor/README.md | 2 +- .../connection-monitor/main.bicep | 4 +- .../connection-monitor/main.json | 8 +-- .../network-watcher/flow-log/README.md | 2 +- .../network-watcher/flow-log/main.bicep | 4 +- .../network-watcher/flow-log/main.json | 8 +-- avm/res/network/network-watcher/main.bicep | 30 ++++---- avm/res/network/network-watcher/main.json | 72 +++++++++++++------ avm/res/network/network-watcher/version.json | 4 +- 10 files changed, 83 insertions(+), 57 deletions(-) diff --git a/avm/res/network/network-watcher/README.md b/avm/res/network/network-watcher/README.md index f35d694880..281e9fc541 100644 --- a/avm/res/network/network-watcher/README.md +++ b/avm/res/network/network-watcher/README.md @@ -16,9 +16,9 @@ This module deploys a Network Watcher. | :-- | :-- | | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.Network/networkWatchers` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/networkWatchers) | -| `Microsoft.Network/networkWatchers/connectionMonitors` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/networkWatchers/connectionMonitors) | -| `Microsoft.Network/networkWatchers/flowLogs` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/networkWatchers/flowLogs) | +| `Microsoft.Network/networkWatchers` | [2024-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-05-01/networkWatchers) | +| `Microsoft.Network/networkWatchers/connectionMonitors` | [2024-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-05-01/networkWatchers/connectionMonitors) | +| `Microsoft.Network/networkWatchers/flowLogs` | [2024-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-05-01/networkWatchers/flowLogs) | ## Usage examples diff --git a/avm/res/network/network-watcher/connection-monitor/README.md b/avm/res/network/network-watcher/connection-monitor/README.md index 6ffd35ac85..8a53f28af6 100644 --- a/avm/res/network/network-watcher/connection-monitor/README.md +++ b/avm/res/network/network-watcher/connection-monitor/README.md @@ -12,7 +12,7 @@ This module deploys a Network Watcher Connection Monitor. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Network/networkWatchers/connectionMonitors` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/networkWatchers/connectionMonitors) | +| `Microsoft.Network/networkWatchers/connectionMonitors` | [2024-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-05-01/networkWatchers/connectionMonitors) | ## Parameters diff --git a/avm/res/network/network-watcher/connection-monitor/main.bicep b/avm/res/network/network-watcher/connection-monitor/main.bicep index 436ac52f4f..6481631ebe 100644 --- a/avm/res/network/network-watcher/connection-monitor/main.bicep +++ b/avm/res/network/network-watcher/connection-monitor/main.bicep @@ -26,11 +26,11 @@ param testGroups array = [] @description('Optional. Specify the Log Analytics Workspace Resource ID.') param workspaceResourceId string = '' -resource networkWatcher 'Microsoft.Network/networkWatchers@2023-04-01' existing = { +resource networkWatcher 'Microsoft.Network/networkWatchers@2024-05-01' existing = { name: networkWatcherName } -resource connectionMonitor 'Microsoft.Network/networkWatchers/connectionMonitors@2023-04-01' = { +resource connectionMonitor 'Microsoft.Network/networkWatchers/connectionMonitors@2024-05-01' = { name: name parent: networkWatcher tags: tags diff --git a/avm/res/network/network-watcher/connection-monitor/main.json b/avm/res/network/network-watcher/connection-monitor/main.json index 69b3bdfa0d..a1ce5ed8ac 100644 --- a/avm/res/network/network-watcher/connection-monitor/main.json +++ b/avm/res/network/network-watcher/connection-monitor/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "5171031514480063459" + "templateHash": "9690855596549132604" }, "name": "Network Watchers Connection Monitors", "description": "This module deploys a Network Watcher Connection Monitor.", @@ -73,12 +73,12 @@ "networkWatcher": { "existing": true, "type": "Microsoft.Network/networkWatchers", - "apiVersion": "2023-04-01", + "apiVersion": "2024-05-01", "name": "[parameters('networkWatcherName')]" }, "connectionMonitor": { "type": "Microsoft.Network/networkWatchers/connectionMonitors", - "apiVersion": "2023-04-01", + "apiVersion": "2024-05-01", "name": "[format('{0}/{1}', parameters('networkWatcherName'), parameters('name'))]", "tags": "[parameters('tags')]", "location": "[parameters('location')]", @@ -117,7 +117,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('connectionMonitor', '2023-04-01', 'full').location]" + "value": "[reference('connectionMonitor', '2024-05-01', 'full').location]" } } } \ No newline at end of file diff --git a/avm/res/network/network-watcher/flow-log/README.md b/avm/res/network/network-watcher/flow-log/README.md index 0d3883afbb..47bb0ca86d 100644 --- a/avm/res/network/network-watcher/flow-log/README.md +++ b/avm/res/network/network-watcher/flow-log/README.md @@ -13,7 +13,7 @@ This module controls the Network Security Group Flow Logs and analytics settings | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Network/networkWatchers/flowLogs` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/networkWatchers/flowLogs) | +| `Microsoft.Network/networkWatchers/flowLogs` | [2024-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-05-01/networkWatchers/flowLogs) | ## Parameters diff --git a/avm/res/network/network-watcher/flow-log/main.bicep b/avm/res/network/network-watcher/flow-log/main.bicep index 89a14ccc38..745c1f9227 100644 --- a/avm/res/network/network-watcher/flow-log/main.bicep +++ b/avm/res/network/network-watcher/flow-log/main.bicep @@ -60,11 +60,11 @@ var flowAnalyticsConfiguration = !empty(workspaceResourceId) && enabled == true } } -resource networkWatcher 'Microsoft.Network/networkWatchers@2023-04-01' existing = { +resource networkWatcher 'Microsoft.Network/networkWatchers@2024-05-01' existing = { name: networkWatcherName } -resource flowLog 'Microsoft.Network/networkWatchers/flowLogs@2023-04-01' = { +resource flowLog 'Microsoft.Network/networkWatchers/flowLogs@2024-05-01' = { name: name parent: networkWatcher tags: tags diff --git a/avm/res/network/network-watcher/flow-log/main.json b/avm/res/network/network-watcher/flow-log/main.json index f562d78010..8d17700a2e 100644 --- a/avm/res/network/network-watcher/flow-log/main.json +++ b/avm/res/network/network-watcher/flow-log/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "3458210252337234612" + "templateHash": "4346206104248688042" }, "name": "NSG Flow Logs", "description": "This module controls the Network Security Group Flow Logs and analytics settings.\n**Note: this module must be run on the Resource Group where Network Watcher is deployed**", @@ -106,12 +106,12 @@ "networkWatcher": { "existing": true, "type": "Microsoft.Network/networkWatchers", - "apiVersion": "2023-04-01", + "apiVersion": "2024-05-01", "name": "[parameters('networkWatcherName')]" }, "flowLog": { "type": "Microsoft.Network/networkWatchers/flowLogs", - "apiVersion": "2023-04-01", + "apiVersion": "2024-05-01", "name": "[format('{0}/{1}', parameters('networkWatcherName'), parameters('name'))]", "tags": "[parameters('tags')]", "location": "[parameters('location')]", @@ -158,7 +158,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('flowLog', '2023-04-01', 'full').location]" + "value": "[reference('flowLog', '2024-05-01', 'full').location]" } } } \ No newline at end of file diff --git a/avm/res/network/network-watcher/main.bicep b/avm/res/network/network-watcher/main.bicep index 08eb2a4af7..2f0b507eab 100644 --- a/avm/res/network/network-watcher/main.bicep +++ b/avm/res/network/network-watcher/main.bicep @@ -75,7 +75,7 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableT } } -resource networkWatcher 'Microsoft.Network/networkWatchers@2023-04-01' = { +resource networkWatcher 'Microsoft.Network/networkWatchers@2024-05-01' = { name: name location: location tags: tags @@ -113,15 +113,14 @@ module networkWatcher_connectionMonitors 'connection-monitor/main.bicep' = [ for (connectionMonitor, index) in connectionMonitors: { name: '${uniqueString(deployment().name, location)}-NW-ConnectionMonitor-${index}' params: { - endpoints: contains(connectionMonitor, 'endpoints') ? connectionMonitor.endpoints : [] + tags: tags + endpoints: connectionMonitor.?endpoints ?? [] name: connectionMonitor.name location: location networkWatcherName: networkWatcher.name - testConfigurations: contains(connectionMonitor, 'testConfigurations') ? connectionMonitor.testConfigurations : [] - testGroups: contains(connectionMonitor, 'testGroups') ? connectionMonitor.testGroups : [] - workspaceResourceId: contains(connectionMonitor, 'workspaceResourceId') - ? connectionMonitor.workspaceResourceId - : '' + testConfigurations: connectionMonitor.?testConfigurations ?? [] + testGroups: connectionMonitor.?testGroups ?? [] + workspaceResourceId: connectionMonitor.?workspaceResourceId ?? '' } } ] @@ -130,18 +129,17 @@ module networkWatcher_flowLogs 'flow-log/main.bicep' = [ for (flowLog, index) in flowLogs: { name: '${uniqueString(deployment().name, location)}-NW-FlowLog-${index}' params: { - enabled: contains(flowLog, 'enabled') ? flowLog.enabled : true - formatVersion: contains(flowLog, 'formatVersion') ? flowLog.formatVersion : 2 - location: contains(flowLog, 'location') ? flowLog.location : location - name: contains(flowLog, 'name') - ? flowLog.name - : '${last(split(flowLog.targetResourceId, '/'))}-${split(flowLog.targetResourceId, '/')[4]}-flowlog' + tags: tags + enabled: flowLog.?enabled ?? true + formatVersion: flowLog.?formatVersion ?? 2 + location: flowLog.?location ?? location + name: flowLog.?name ?? '${last(split(flowLog.targetResourceId, '/'))}-${split(flowLog.targetResourceId, '/')[4]}-flowlog' networkWatcherName: networkWatcher.name - retentionInDays: contains(flowLog, 'retentionInDays') ? flowLog.retentionInDays : 365 + retentionInDays: flowLog.?retentionInDays ?? 365 storageId: flowLog.storageId targetResourceId: flowLog.targetResourceId - trafficAnalyticsInterval: contains(flowLog, 'trafficAnalyticsInterval') ? flowLog.trafficAnalyticsInterval : 60 - workspaceResourceId: contains(flowLog, 'workspaceResourceId') ? flowLog.workspaceResourceId : '' + trafficAnalyticsInterval: flowLog.?trafficAnalyticsInterval ?? 60 + workspaceResourceId: flowLog.?workspaceResourceId ?? '' } } ] diff --git a/avm/res/network/network-watcher/main.json b/avm/res/network/network-watcher/main.json index c080d12d4e..60b177bd89 100644 --- a/avm/res/network/network-watcher/main.json +++ b/avm/res/network/network-watcher/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "6074776926159807675" + "templateHash": "10145081983832317728" }, "name": "Network Watchers", "description": "This module deploys a Network Watcher.", @@ -209,7 +209,7 @@ }, "networkWatcher": { "type": "Microsoft.Network/networkWatchers", - "apiVersion": "2023-04-01", + "apiVersion": "2024-05-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -265,7 +265,12 @@ }, "mode": "Incremental", "parameters": { - "endpoints": "[if(contains(parameters('connectionMonitors')[copyIndex()], 'endpoints'), createObject('value', parameters('connectionMonitors')[copyIndex()].endpoints), createObject('value', createArray()))]", + "tags": { + "value": "[parameters('tags')]" + }, + "endpoints": { + "value": "[coalesce(tryGet(parameters('connectionMonitors')[copyIndex()], 'endpoints'), createArray())]" + }, "name": { "value": "[parameters('connectionMonitors')[copyIndex()].name]" }, @@ -275,9 +280,15 @@ "networkWatcherName": { "value": "[parameters('name')]" }, - "testConfigurations": "[if(contains(parameters('connectionMonitors')[copyIndex()], 'testConfigurations'), createObject('value', parameters('connectionMonitors')[copyIndex()].testConfigurations), createObject('value', createArray()))]", - "testGroups": "[if(contains(parameters('connectionMonitors')[copyIndex()], 'testGroups'), createObject('value', parameters('connectionMonitors')[copyIndex()].testGroups), createObject('value', createArray()))]", - "workspaceResourceId": "[if(contains(parameters('connectionMonitors')[copyIndex()], 'workspaceResourceId'), createObject('value', parameters('connectionMonitors')[copyIndex()].workspaceResourceId), createObject('value', ''))]" + "testConfigurations": { + "value": "[coalesce(tryGet(parameters('connectionMonitors')[copyIndex()], 'testConfigurations'), createArray())]" + }, + "testGroups": { + "value": "[coalesce(tryGet(parameters('connectionMonitors')[copyIndex()], 'testGroups'), createArray())]" + }, + "workspaceResourceId": { + "value": "[coalesce(tryGet(parameters('connectionMonitors')[copyIndex()], 'workspaceResourceId'), '')]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -287,7 +298,7 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "5171031514480063459" + "templateHash": "9690855596549132604" }, "name": "Network Watchers Connection Monitors", "description": "This module deploys a Network Watcher Connection Monitor.", @@ -354,12 +365,12 @@ "networkWatcher": { "existing": true, "type": "Microsoft.Network/networkWatchers", - "apiVersion": "2023-04-01", + "apiVersion": "2024-05-01", "name": "[parameters('networkWatcherName')]" }, "connectionMonitor": { "type": "Microsoft.Network/networkWatchers/connectionMonitors", - "apiVersion": "2023-04-01", + "apiVersion": "2024-05-01", "name": "[format('{0}/{1}', parameters('networkWatcherName'), parameters('name'))]", "tags": "[parameters('tags')]", "location": "[parameters('location')]", @@ -398,7 +409,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('connectionMonitor', '2023-04-01', 'full').location]" + "value": "[reference('connectionMonitor', '2024-05-01', 'full').location]" } } } @@ -421,22 +432,39 @@ }, "mode": "Incremental", "parameters": { - "enabled": "[if(contains(parameters('flowLogs')[copyIndex()], 'enabled'), createObject('value', parameters('flowLogs')[copyIndex()].enabled), createObject('value', true()))]", - "formatVersion": "[if(contains(parameters('flowLogs')[copyIndex()], 'formatVersion'), createObject('value', parameters('flowLogs')[copyIndex()].formatVersion), createObject('value', 2))]", - "location": "[if(contains(parameters('flowLogs')[copyIndex()], 'location'), createObject('value', parameters('flowLogs')[copyIndex()].location), createObject('value', parameters('location')))]", - "name": "[if(contains(parameters('flowLogs')[copyIndex()], 'name'), createObject('value', parameters('flowLogs')[copyIndex()].name), createObject('value', format('{0}-{1}-flowlog', last(split(parameters('flowLogs')[copyIndex()].targetResourceId, '/')), split(parameters('flowLogs')[copyIndex()].targetResourceId, '/')[4])))]", + "tags": { + "value": "[parameters('tags')]" + }, + "enabled": { + "value": "[coalesce(tryGet(parameters('flowLogs')[copyIndex()], 'enabled'), true())]" + }, + "formatVersion": { + "value": "[coalesce(tryGet(parameters('flowLogs')[copyIndex()], 'formatVersion'), 2)]" + }, + "location": { + "value": "[coalesce(tryGet(parameters('flowLogs')[copyIndex()], 'location'), parameters('location'))]" + }, + "name": { + "value": "[coalesce(tryGet(parameters('flowLogs')[copyIndex()], 'name'), format('{0}-{1}-flowlog', last(split(parameters('flowLogs')[copyIndex()].targetResourceId, '/')), split(parameters('flowLogs')[copyIndex()].targetResourceId, '/')[4]))]" + }, "networkWatcherName": { "value": "[parameters('name')]" }, - "retentionInDays": "[if(contains(parameters('flowLogs')[copyIndex()], 'retentionInDays'), createObject('value', parameters('flowLogs')[copyIndex()].retentionInDays), createObject('value', 365))]", + "retentionInDays": { + "value": "[coalesce(tryGet(parameters('flowLogs')[copyIndex()], 'retentionInDays'), 365)]" + }, "storageId": { "value": "[parameters('flowLogs')[copyIndex()].storageId]" }, "targetResourceId": { "value": "[parameters('flowLogs')[copyIndex()].targetResourceId]" }, - "trafficAnalyticsInterval": "[if(contains(parameters('flowLogs')[copyIndex()], 'trafficAnalyticsInterval'), createObject('value', parameters('flowLogs')[copyIndex()].trafficAnalyticsInterval), createObject('value', 60))]", - "workspaceResourceId": "[if(contains(parameters('flowLogs')[copyIndex()], 'workspaceResourceId'), createObject('value', parameters('flowLogs')[copyIndex()].workspaceResourceId), createObject('value', ''))]" + "trafficAnalyticsInterval": { + "value": "[coalesce(tryGet(parameters('flowLogs')[copyIndex()], 'trafficAnalyticsInterval'), 60)]" + }, + "workspaceResourceId": { + "value": "[coalesce(tryGet(parameters('flowLogs')[copyIndex()], 'workspaceResourceId'), '')]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -446,7 +474,7 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "3458210252337234612" + "templateHash": "4346206104248688042" }, "name": "NSG Flow Logs", "description": "This module controls the Network Security Group Flow Logs and analytics settings.\n**Note: this module must be run on the Resource Group where Network Watcher is deployed**", @@ -546,12 +574,12 @@ "networkWatcher": { "existing": true, "type": "Microsoft.Network/networkWatchers", - "apiVersion": "2023-04-01", + "apiVersion": "2024-05-01", "name": "[parameters('networkWatcherName')]" }, "flowLog": { "type": "Microsoft.Network/networkWatchers/flowLogs", - "apiVersion": "2023-04-01", + "apiVersion": "2024-05-01", "name": "[format('{0}/{1}', parameters('networkWatcherName'), parameters('name'))]", "tags": "[parameters('tags')]", "location": "[parameters('location')]", @@ -598,7 +626,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('flowLog', '2023-04-01', 'full').location]" + "value": "[reference('flowLog', '2024-05-01', 'full').location]" } } } @@ -635,7 +663,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('networkWatcher', '2023-04-01', 'full').location]" + "value": "[reference('networkWatcher', '2024-05-01', 'full').location]" } } } \ No newline at end of file diff --git a/avm/res/network/network-watcher/version.json b/avm/res/network/network-watcher/version.json index c177b1bb58..96236a61ba 100644 --- a/avm/res/network/network-watcher/version.json +++ b/avm/res/network/network-watcher/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.3", + "version": "0.4", "pathFilters": [ "./main.json" ] -} \ No newline at end of file +}