Merge branch 'main' into users/eriqua/brm-oidc-uai-env

.github/CODEOWNERS

@@ -2,18 +2,22 @@
 /.github/ @Azure/bicep-admins @Azure/avm-core-team-technical-bicep
 /scripts/ @Azure/bicep-admins @Azure/avm-core-team-technical-bicep
 /avm/ @Azure/avm-core-team-technical-bicep
-/avm/utilities/ @Azure/avm-core-team-technical-bicep
+/utilities/ @Azure/avm-core-team-technical-bicep
 /avm/ptn/aca-lza/hosting-environment/ @Azure/avm-ptn-acalza-hostingenvironment-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/ptn/ai-platform/baseline/ @Azure/avm-ptn-aiplatform-baseline-module-owners-bicep @Azure/avm-module-reviewers-bicep
+/avm/ptn/app/container-job-toolkit/ @Azure/avm-ptn-app-containerjobtoolkit-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/ptn/authorization/policy-assignment/ @Azure/avm-ptn-authorization-policyassignment-module-owners-bicep @Azure/avm-module-reviewers-bicep
+/avm/ptn/authorization/policy-exemption/ @Azure/avm-ptn-authorization-policyexemption-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/ptn/authorization/resource-role-assignment/ @Azure/avm-ptn-authorization-resourceroleassignment-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/ptn/authorization/role-assignment/ @Azure/avm-ptn-authorization-roleassignment-module-owners-bicep @Azure/avm-module-reviewers-bicep
+/avm/ptn/authorization/role-definition/ @Azure/avm-ptn-authorization-roledefinition-module-owners-bicep @Azure/avm-module-reviewers-bicep
 #/avm/ptn/avd-lza/insights/ @Azure/avm-ptn-avd-lza-insights-module-owners-bicep @Azure/avm-module-reviewers-bicep
 #/avm/ptn/avd-lza/management-plane/ @Azure/avm-ptn-avd-lza-managementplane-module-owners-bicep @Azure/avm-module-reviewers-bicep
 #/avm/ptn/avd-lza/networking/ @Azure/avm-ptn-avd-lza-networking-module-owners-bicep @Azure/avm-module-reviewers-bicep
 #/avm/ptn/avd-lza/session-hosts/ @Azure/avm-ptn-avd-lza-sessionhosts-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/ptn/azd/acr-container-app/ @Azure/avm-ptn-azd-acrcontainerapp-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/ptn/azd/aks/ @Azure/avm-ptn-azd-aks-module-owners-bicep @Azure/avm-module-reviewers-bicep
+/avm/ptn/azd/aks-automatic-cluster/ @Azure/avm-ptn-azd-aksautomaticcluster-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/ptn/azd/apim-api/ @Azure/avm-ptn-azd-apimapi-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/ptn/azd/container-app-upsert/ @Azure/avm-ptn-azd-containerappupsert-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/ptn/azd/container-apps-stack/ @Azure/avm-ptn-azd-containerappsstack-module-owners-bicep @Azure/avm-module-reviewers-bicep
@@ -75,6 +79,7 @@
 /avm/res/digital-twins/digital-twins-instance/ @Azure/avm-res-digitaltwins-digitaltwinsinstance-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/res/document-db/database-account/ @Azure/avm-res-documentdb-databaseaccount-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/res/document-db/mongo-cluster/ @Azure/avm-res-documentdb-mongocluster-module-owners-bicep @Azure/avm-module-reviewers-bicep
+/avm/res/elastic-san/elastic-san/ @Azure/avm-res-elasticsan-elasticsan-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/res/event-grid/domain/ @Azure/avm-res-eventgrid-domain-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/res/event-grid/namespace/ @Azure/avm-res-eventgrid-namespace-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/res/event-grid/system-topic/ @Azure/avm-res-eventgrid-systemtopic-module-owners-bicep @Azure/avm-module-reviewers-bicep
@@ -129,6 +134,7 @@
 /avm/res/network/network-manager/ @Azure/avm-res-network-networkmanager-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/res/network/network-security-group/ @Azure/avm-res-network-networksecuritygroup-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/res/network/network-watcher/ @Azure/avm-res-network-networkwatcher-module-owners-bicep @Azure/avm-module-reviewers-bicep
+/avm/res/network/p2s-vpn-gateway/ @Azure/avm-res-network-p2svpngateway-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/res/network/private-dns-zone/ @Azure/avm-res-network-privatednszone-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/res/network/private-endpoint/ @Azure/avm-res-network-privateendpoint-module-owners-bicep @Azure/avm-module-reviewers-bicep
 /avm/res/network/private-link-service/ @Azure/avm-res-network-privatelinkservice-module-owners-bicep @Azure/avm-module-reviewers-bicep

.github/ISSUE_TEMPLATE/avm_module_issue.yml

@@ -40,15 +40,19 @@ body:
         - ""
         - "avm/ptn/aca-lza/hosting-environment"
         - "avm/ptn/ai-platform/baseline"
+        - "avm/ptn/app/container-job-toolkit"
         - "avm/ptn/authorization/policy-assignment"
+        - "avm/ptn/authorization/policy-exemption"
         - "avm/ptn/authorization/resource-role-assignment"
         - "avm/ptn/authorization/role-assignment"
+        - "avm/ptn/authorization/role-definition"
         # - "avm/ptn/avd-lza/insights"
         # - "avm/ptn/avd-lza/management-plane"
         # - "avm/ptn/avd-lza/networking"
         # - "avm/ptn/avd-lza/session-hosts"
         - "avm/ptn/azd/acr-container-app"
         - "avm/ptn/azd/aks"
+        - "avm/ptn/azd/aks-automatic-cluster"
         - "avm/ptn/azd/apim-api"
         - "avm/ptn/azd/container-app-upsert"
         - "avm/ptn/azd/container-apps-stack"
@@ -110,6 +114,7 @@ body:
         - "avm/res/digital-twins/digital-twins-instance"
         - "avm/res/document-db/database-account"
         - "avm/res/document-db/mongo-cluster"
+        - "avm/res/elastic-san/elastic-san"
         - "avm/res/event-grid/domain"
         - "avm/res/event-grid/namespace"
         - "avm/res/event-grid/system-topic"
@@ -164,6 +169,7 @@ body:
         - "avm/res/network/network-manager"
         - "avm/res/network/network-security-group"
         - "avm/res/network/network-watcher"
+        - "avm/res/network/p2s-vpn-gateway"
         - "avm/res/network/private-dns-zone"
         - "avm/res/network/private-endpoint"
         - "avm/res/network/private-link-service"

.github/actions/templates/avm-getWorkflowInput/action.yml

@@ -79,7 +79,7 @@ runs:
         # Otherwise retrieve default values
         else {
           # Load used functions
-          . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'sharedScripts' 'Get-GitHubWorkflowDefaultInput.ps1')
+          . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Get-GitHubWorkflowDefaultInput.ps1')
 
           $functionInput = @{
             workflowPath = '${{ inputs.workflowPath }}'

.github/actions/templates/avm-publishModule/action.yml

@@ -55,7 +55,7 @@ runs:
           Write-Output '::group::Publish module to public bicep registry'
 
           # Load used functions
-          . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines'  'publish' 'Publish-ModuleFromPathToPBR.ps1')
+          . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines'  'publish' 'Publish-ModuleFromPathToPBR.ps1')
 
           $functionInput = @{
             TemplateFilePath     = Join-Path $env:GITHUB_WORKSPACE "${{ inputs.templateFilePath }}"
@@ -85,7 +85,7 @@ runs:
           Write-Output '::group::Validate publish'
 
           # Load used functions
-          . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines'  'publish' 'Confirm-ModuleIsPublished.ps1')
+          . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines'  'publish' 'Confirm-ModuleIsPublished.ps1')
 
           $functionInput = @{
             Version             = "${{ steps.publish_step.outputs.version }}"

.github/actions/templates/avm-setEnvironment/action.yml

@@ -41,7 +41,7 @@ runs:
         Write-Verbose "Caller job id: ${{ github.job }}" -Verbose
 
         # Load used functions
-        . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1')
+        . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Set-EnvironmentOnAgent.ps1')
 
         # Define PS modules to install on the runner
         $modules = @(

.github/actions/templates/avm-validateModuleDeployment/action.yml

@@ -122,7 +122,7 @@ runs:
           Write-Output '::group::Get Recommended Regions'
 
           # Load used functions
-          . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'e2eValidation' 'regionSelector' 'Get-AvailableResourceLocation.ps1')
+          . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'e2eValidation' 'regionSelector' 'Get-AvailableResourceLocation.ps1')
 
           # Set function input parameters
           $functionInput = @{
@@ -156,8 +156,8 @@ runs:
           Write-Output '::group::Replace tokens in template file'
 
           # Load used functions
-          . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'sharedScripts' 'tokenReplacement' 'Convert-TokensInFileList.ps1')
-          . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'sharedScripts' 'Get-LocallyReferencedFileList.ps1')
+          . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'tokenReplacement' 'Convert-TokensInFileList.ps1')
+          . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Get-LocallyReferencedFileList.ps1')
 
           $templateFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ inputs.templateFilePath }}'
 
@@ -222,7 +222,7 @@ runs:
           Write-Output '::group::Validate template file'
 
           # Load used functions
-          . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'e2eValidation' 'resourceDeployment' 'Test-TemplateDeployment.ps1')
+          . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'e2eValidation' 'resourceDeployment' 'Test-TemplateDeployment.ps1')
 
           # Prepare general parameters
           # --------------------------
@@ -302,7 +302,7 @@ runs:
           Write-Output '::group::Deploy template file'
 
           # Load used functions
-          . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'e2eValidation' 'resourceDeployment' 'New-TemplateDeployment.ps1')
+          . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'e2eValidation' 'resourceDeployment' 'New-TemplateDeployment.ps1')
 
           # Prepare general parameters
           # --------------------------
@@ -394,7 +394,7 @@ runs:
         Write-Output '::group::Run Pester tests'
 
         # Load used functions
-        . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'staticValidation' 'compliance' 'Set-PesterGitHubOutput.ps1')
+        . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'staticValidation' 'compliance' 'Set-PesterGitHubOutput.ps1')
 
         # Set repo root path
         $repoRootPath = $env:GITHUB_WORKSPACE
@@ -486,7 +486,7 @@ runs:
           Write-Output '::group::Remove deployed resources'
 
           # Load used function
-          . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'e2eValidation' 'resourceRemoval' 'Initialize-DeploymentRemoval.ps1')
+          . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'e2eValidation' 'resourceRemoval' 'Initialize-DeploymentRemoval.ps1')
 
           $functionInput = @{
             TemplateFilePath  = Join-Path $env:GITHUB_WORKSPACE '${{ inputs.templateFilePath }}'

.github/actions/templates/avm-validateModulePSRule/action.yml

@@ -46,8 +46,8 @@ runs:
           Write-Output '::group::Replace tokens in template file'
 
           # Load used functions
-          . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'sharedScripts' 'tokenReplacement' 'Convert-TokensInFileList.ps1')
-          . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'sharedScripts' 'Get-LocallyReferencedFileList.ps1')
+          . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'tokenReplacement' 'Convert-TokensInFileList.ps1')
+          . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'sharedScripts' 'Get-LocallyReferencedFileList.ps1')
 
           $templateFilePath = Join-Path $env:GITHUB_WORKSPACE '${{ inputs.templateFilePath }}'
 
@@ -170,7 +170,7 @@ runs:
           Write-Output '::group::Parse CSV content'
 
           # Load used functions
-          . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'staticValidation' 'psrule' 'Set-PSRuleGitHubOutput.ps1')
+          . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'staticValidation' 'psrule' 'Set-PSRuleGitHubOutput.ps1')
 
           # Populate parameter input
           $ParameterInput = @{

.github/actions/templates/avm-validateModulePester/action.yml

@@ -30,7 +30,7 @@ inputs:
   moduleTestFilePath:
     description: "The path to the test file"
     required: true
-    default: "avm/utilities/pipelines/staticValidation/compliance/module.tests.ps1"
+    default: "utilities/pipelines/staticValidation/compliance/module.tests.ps1"
 
 runs:
   using: "composite"
@@ -45,7 +45,7 @@ runs:
         Write-Output '::group::Run Pester tests'
 
         # Load used functions
-        . (Join-Path $env:GITHUB_WORKSPACE 'avm' 'utilities' 'pipelines' 'staticValidation' 'compliance' 'Set-PesterGitHubOutput.ps1')
+        . (Join-Path $env:GITHUB_WORKSPACE 'utilities' 'pipelines' 'staticValidation' 'compliance' 'Set-PesterGitHubOutput.ps1')
 
         # Set repo root path
         $repoRootPath = $env:GITHUB_WORKSPACE

.github/policies/eventResponder.yml

@@ -93,7 +93,7 @@ configuration:
               label: "Status: Won't Fix :broken_heart:"
           - closeIssue
 
-      - description: 'ITA11 - When a reply from anyone to an issue occurs, remove the "Needs: Author Feedback :ear:" label and label with "Needs: Attention :wave:"'
+      - description: 'ITA11 - When the author replies, remove the "Needs: Author Feedback :ear:" label and label with "Needs: Attention :wave:"'
         if:
           - or:
               - payloadType: Pull_Request_Review_Comment
@@ -103,9 +103,13 @@ configuration:
                 action: Closed
           - hasLabel:
               label: "Needs: Author Feedback :ear:"
+          - isActivitySender:
+              issueAuthor: true
         then:
           - removeLabel:
               label: "Needs: Author Feedback :ear:"
+          - removeLabel:
+              label: "Status: No Recent Activity :zzz:"
           - addLabel:
               label: "Needs: Attention :wave:"
 

.github/policies/scheduledSearches.yml

@@ -181,12 +181,11 @@ configuration:
           - addLabel:
               label: "Needs: Immediate Attention :bangbang:"
 
-      - description: "ITA04 - Label issues that have been marked as requiring author feedback but have not had any activity for 4 days."
+      - description: "ITA04 - Label issues and PRs that have been marked as requiring author feedback but have not had any activity for 4 days."
         frequencies:
           - hourly:
               hour: 3
         filters:
-          - isIssue
           - isOpen
           - hasLabel:
               label: "Needs: Author Feedback :ear:"
@@ -208,52 +207,52 @@ configuration:
                 >   - The "Status: No Recent Activity :zzz:" label must be removed.
                 >   - If applicable, the "Status: Long Term :hourglass_flowing_sand:" or the "Needs: Module Owner :mega:" label must be added.
 
-      - description: 'ITA05A - Close issues that have been marked as requiring author feedback but have not had any activity for 3 days, unless it''s been marked with the "Status long term" label.'
-        frequencies:
-          - hourly:
-              hour: 3
-        filters:
-          - isIssue
-          - isOpen
-          - hasLabel:
-              label: "Needs: Author Feedback :ear:"
-          - hasLabel:
-              label: "Status: No Recent Activity :zzz:"
-          - isNotLabeledWith:
-              label: "Needs: Module Owner :mega:"
-          - noActivitySince:
-              days: 3
-        actions:
-          - addReply:
-              reply: |
-                > [!WARNING]
-                > @${issueAuthor}, this issue will now be closed, as it has been marked as requiring author feedback but has not had any activity for **7 days**.
+      # - description: 'ITA05A - Close issues that have been marked as requiring author feedback but have not had any activity for 3 days, unless it''s been marked with the "Status long term" label.'
+      #   frequencies:
+      #     - hourly:
+      #         hour: 3
+      #   filters:
+      #     - isIssue
+      #     - isOpen
+      #     - hasLabel:
+      #         label: "Needs: Author Feedback :ear:"
+      #     - hasLabel:
+      #         label: "Status: No Recent Activity :zzz:"
+      #     - isNotLabeledWith:
+      #         label: "Needs: Module Owner :mega:"
+      #     - noActivitySince:
+      #         days: 3
+      #   actions:
+      #     - addReply:
+      #         reply: |
+      #           > [!WARNING]
+      #           > @${issueAuthor}, this issue will now be closed, as it has been marked as requiring author feedback but has not had any activity for **7 days**.
 
-                > [!TIP]
-                > In case this issue needs to be reopened (e.g., the author responds after the issue was closed), the "Status: No Recent Activity :zzz:" label must be removed.
-          - closeIssue
+      #           > [!TIP]
+      #           > In case this issue needs to be reopened (e.g., the author responds after the issue was closed), the "Status: No Recent Activity :zzz:" label must be removed.
+      #     - closeIssue
 
-      - description: 'ITA05B - Close issues that have been marked as requiring author feedback but have not had any activity for 3 days, unless it''s been marked with the "Status long term" label.'
-        frequencies:
-          - hourly:
-              hour: 3
-        filters:
-          - isIssue
-          - isOpen
-          - hasLabel:
-              label: "Needs: Author Feedback :ear:"
-          - hasLabel:
-              label: "Status: No Recent Activity :zzz:"
-          - isNotLabeledWith:
-              label: "Status: Long Term :hourglass_flowing_sand:"
-          - noActivitySince:
-              days: 3
-        actions:
-          - addReply:
-              reply: |
-                > [!WARNING]
-                > @${issueAuthor}, this issue will now be closed, as it has been marked as requiring author feedback but has not had any activity for **7 days**.
+      # - description: 'ITA05B - Close issues that have been marked as requiring author feedback but have not had any activity for 3 days, unless it''s been marked with the "Status long term" label.'
+      #   frequencies:
+      #     - hourly:
+      #         hour: 3
+      #   filters:
+      #     - isIssue
+      #     - isOpen
+      #     - hasLabel:
+      #         label: "Needs: Author Feedback :ear:"
+      #     - hasLabel:
+      #         label: "Status: No Recent Activity :zzz:"
+      #     - isNotLabeledWith:
+      #         label: "Status: Long Term :hourglass_flowing_sand:"
+      #     - noActivitySince:
+      #         days: 3
+      #   actions:
+      #     - addReply:
+      #         reply: |
+      #           > [!WARNING]
+      #           > @${issueAuthor}, this issue will now be closed, as it has been marked as requiring author feedback but has not had any activity for **7 days**.
 
-                > [!TIP]
-                > In case this issue needs to be reopened (e.g., the author responds after the issue was closed), the "Status: No Recent Activity :zzz:" label must be removed.
-          - closeIssue
+      #           > [!TIP]
+      #           > In case this issue needs to be reopened (e.g., the author responds after the issue was closed), the "Status: No Recent Activity :zzz:" label must be removed.
+      #     - closeIssue

.github/workflows/avm.ptn.aca-lza.hosting-environment.yml

@@ -31,8 +31,8 @@ on:
       - ".github/workflows/avm.template.module.yml"
       - ".github/workflows/avm.ptn.aca-lza.hosting-environment.yml"
       - "avm/ptn/aca-lza/hosting-environment/**"
-      - "avm/utilities/pipelines/**"
-      - "!avm/utilities/pipelines/platform/**"
+      - "utilities/pipelines/**"
+      - "!utilities/pipelines/platform/**"
       - "!*/**/README.md"
 
 env:

.github/workflows/avm.ptn.ai-platform.baseline.yml

@@ -30,8 +30,8 @@ on:
       - ".github/workflows/avm.template.module.yml"
       - ".github/workflows/avm.ptn.ai-platform.baseline.yml"
       - "avm/ptn/ai-platform/baseline/**"
-      - "avm/utilities/pipelines/**"
-      - "!avm/utilities/pipelines/platform/**"
+      - "utilities/pipelines/**"
+      - "!utilities/pipelines/platform/**"
       - "!*/**/README.md"
 
 env: