From 571063987ea4dc190e4cb8da4e783a09e7fe12c5 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Tue, 11 Feb 2025 09:32:31 +0100 Subject: [PATCH] fix: Fixed PE deployment when defining a different RG/Subscription than the default (#4421) ## Description Validated scenarios - Use default (i.e., subnet): works - Specify dedicated RG resource Id: works ## Pipeline Reference | Pipeline | | -------- | [![avm.res.cache.redis](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.cache.redis.yml/badge.svg?branch=users%2Falsehr%2FkvltPERGTest&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.cache.redis.yml) [![avm.res.container-registry.registry](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.container-registry.registry.yml/badge.svg?branch=users%2Falsehr%2FkvltPERGTest&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.container-registry.registry.yml) [![avm.res.databricks.workspace](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.databricks.workspace.yml/badge.svg?branch=users%2Falsehr%2FkvltPERGTest&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.databricks.workspace.yml) (unrelated) [![avm.res.db-for-postgre-sql.flexible-server](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.db-for-postgre-sql.flexible-server.yml/badge.svg?branch=users%2Falsehr%2FkvltPERGTest&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.db-for-postgre-sql.flexible-server.yml) [![avm.res.key-vault.vault](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.key-vault.vault.yml/badge.svg?branch=users%2Falsehr%2FkvltPERGTest&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.key-vault.vault.yml) [![avm.res.purview.account](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.purview.account.yml/badge.svg?branch=users%2Falsehr%2FkvltPERGTest&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.purview.account.yml) [![avm.res.recovery-services.vault](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.recovery-services.vault.yml/badge.svg?branch=users%2Falsehr%2FkvltPERGTest&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.recovery-services.vault.yml) [![avm.res.relay.namespace](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.relay.namespace.yml/badge.svg?branch=users%2Falsehr%2FkvltPERGTest&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.relay.namespace.yml) [![avm.res.service-bus.namespace](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.service-bus.namespace.yml/badge.svg?branch=users%2Falsehr%2FkvltPERGTest&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.service-bus.namespace.yml) [![avm.res.sql.server](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.sql.server.yml/badge.svg?branch=users%2Falsehr%2FkvltPERGTest&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.sql.server.yml) [![avm.res.storage.storage-account](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.storage.storage-account.yml/badge.svg?branch=users%2Falsehr%2FkvltPERGTest&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.storage.storage-account.yml) [![avm.res.synapse.workspace](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.synapse.workspace.yml/badge.svg?branch=users%2Falsehr%2FkvltPERGTest&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.synapse.workspace.yml) [![avm.res.web.site](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.web.site.yml/badge.svg?branch=users%2Falsehr%2FkvltPERGTest&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.web.site.yml) [![avm.res.web.static-site](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.web.static-site.yml/badge.svg?branch=users%2Falsehr%2FkvltPERGTest&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.web.static-site.yml) ## Type of Change - [ ] Update to CI Environment or utilities (Non-module affecting changes) - [ ] Azure Verified Module updates: - [x] Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [ ] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [ ] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] Breaking changes and I have bumped the MAJOR version in `version.json`. - [ ] Update to documentation --- avm/res/cache/redis/main.bicep | 13 +-- avm/res/cache/redis/main.json | 4 +- .../container-registry/registry/main.bicep | 13 +-- avm/res/container-registry/registry/main.json | 26 ++--- avm/res/databricks/workspace/main.bicep | 26 ++--- avm/res/databricks/workspace/main.json | 8 +- .../flexible-server/main.bicep | 13 +-- .../flexible-server/main.json | 4 +- avm/res/key-vault/vault/README.md | 5 +- .../key-vault/vault/access-policy/main.json | 4 +- avm/res/key-vault/vault/key/main.json | 4 +- avm/res/key-vault/vault/main.bicep | 20 ++-- avm/res/key-vault/vault/main.json | 102 +++++------------- avm/res/key-vault/vault/secret/main.json | 4 +- .../vault/tests/e2e/max/main.test.bicep | 1 + avm/res/purview/account/main.bicep | 65 ++++------- avm/res/purview/account/main.json | 12 ++- avm/res/recovery-services/vault/main.bicep | 29 +++-- avm/res/recovery-services/vault/main.json | 12 ++- avm/res/relay/namespace/main.bicep | 13 +-- avm/res/relay/namespace/main.json | 4 +- avm/res/service-bus/namespace/main.bicep | 13 +-- avm/res/service-bus/namespace/main.json | 46 ++++---- avm/res/sql/server/main.bicep | 13 +-- avm/res/sql/server/main.json | 4 +- avm/res/storage/storage-account/main.bicep | 13 +-- avm/res/storage/storage-account/main.json | 54 +++++----- avm/res/synapse/workspace/main.bicep | 13 +-- avm/res/synapse/workspace/main.json | 26 ++--- avm/res/web/site/main.bicep | 13 +-- avm/res/web/site/main.json | 60 ++++++----- avm/res/web/site/slot/main.bicep | 13 +-- avm/res/web/site/slot/main.json | 26 ++--- avm/res/web/static-site/main.bicep | 13 +-- avm/res/web/static-site/main.json | 22 ++-- 35 files changed, 303 insertions(+), 408 deletions(-) diff --git a/avm/res/cache/redis/main.bicep b/avm/res/cache/redis/main.bicep index c8b5c6167d..461bab33b7 100644 --- a/avm/res/cache/redis/main.bicep +++ b/avm/res/cache/redis/main.bicep @@ -304,15 +304,10 @@ resource redis_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04- module redis_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.10.1' = [ for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-redis-PrivateEndpoint-${index}' - scope: !empty(privateEndpoint.?resourceGroupResourceId) - ? resourceGroup( - split((privateEndpoint.?resourceGroupResourceId ?? '//'), '/')[2], - split((privateEndpoint.?resourceGroupResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((privateEndpoint.?subnetResourceId ?? '//'), '/')[2], - split((privateEndpoint.?subnetResourceId ?? '////'), '/')[4] - ) + scope: resourceGroup( + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] + ) params: { name: privateEndpoint.?name ?? 'pep-${last(split(redis.id, '/'))}-${privateEndpoint.?service ?? 'redisCache'}-${index}' privateLinkServiceConnections: privateEndpoint.?isManualConnection != true diff --git a/avm/res/cache/redis/main.json b/avm/res/cache/redis/main.json index 7697018b60..10bffbc878 100644 --- a/avm/res/cache/redis/main.json +++ b/avm/res/cache/redis/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.33.13.18514", - "templateHash": "17774807916018865720" + "templateHash": "1242857667100916577" }, "name": "Redis Cache", "description": "This module deploys a Redis Cache." @@ -1167,6 +1167,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-redis-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" diff --git a/avm/res/container-registry/registry/main.bicep b/avm/res/container-registry/registry/main.bicep index 7b7670fd32..f6a01e5d55 100644 --- a/avm/res/container-registry/registry/main.bicep +++ b/avm/res/container-registry/registry/main.bicep @@ -447,15 +447,10 @@ resource registry_roleAssignments 'Microsoft.Authorization/roleAssignments@2022- module registry_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.10.1' = [ for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-registry-PrivateEndpoint-${index}' - scope: !empty(privateEndpoint.?resourceGroupResourceId) - ? resourceGroup( - split((privateEndpoint.?resourceGroupResourceId ?? '//'), '/')[2], - split((privateEndpoint.?resourceGroupResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((privateEndpoint.?subnetResourceId ?? '//'), '/')[2], - split((privateEndpoint.?subnetResourceId ?? '////'), '/')[4] - ) + scope: resourceGroup( + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] + ) params: { name: privateEndpoint.?name ?? 'pep-${last(split(registry.id, '/'))}-${privateEndpoint.?service ?? 'registry'}-${index}' privateLinkServiceConnections: privateEndpoint.?isManualConnection != true diff --git a/avm/res/container-registry/registry/main.json b/avm/res/container-registry/registry/main.json index a125c7727e..c28fcccf4d 100644 --- a/avm/res/container-registry/registry/main.json +++ b/avm/res/container-registry/registry/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "7811628046063994725" + "version": "0.33.13.18514", + "templateHash": "1879570214296822193" }, "name": "Azure Container Registries (ACR)", "description": "This module deploys an Azure Container Registry (ACR)." @@ -1415,8 +1415,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "11112300500664950599" + "version": "0.33.13.18514", + "templateHash": "8957375042269792339" }, "name": "Container Registries scopeMaps", "description": "This module deploys an Azure Container Registry (ACR) scopeMap." @@ -1538,8 +1538,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "6036875058945996178" + "version": "0.33.13.18514", + "templateHash": "2771208879484692364" }, "name": "Azure Container Registry (ACR) Replications", "description": "This module deploys an Azure Container Registry (ACR) Replication." @@ -1682,8 +1682,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "15848218260506856293" + "version": "0.33.13.18514", + "templateHash": "16839288679507454258" }, "name": "Container Registries Credential Sets", "description": "This module deploys an ACR Credential Set." @@ -1866,8 +1866,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "3783697279882479947" + "version": "0.33.13.18514", + "templateHash": "13450234979206794925" }, "name": "Container Registries Cache", "description": "Cache for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Cache for ACR, is a preview feature available in Basic, Standard, and Premium service tiers ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache))." @@ -2004,8 +2004,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "10084997815751263562" + "version": "0.33.13.18514", + "templateHash": "14557981877826360902" }, "name": "Azure Container Registry (ACR) Webhooks", "description": "This module deploys an Azure Container Registry (ACR) Webhook." @@ -2175,6 +2175,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-registry-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" diff --git a/avm/res/databricks/workspace/main.bicep b/avm/res/databricks/workspace/main.bicep index b75702d2f7..fb1eadf689 100644 --- a/avm/res/databricks/workspace/main.bicep +++ b/avm/res/databricks/workspace/main.bicep @@ -438,15 +438,10 @@ resource workspace_roleAssignments 'Microsoft.Authorization/roleAssignments@2022 module workspace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.10.1' = [ for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-workspace-PrivateEndpoint-${index}' - scope: !empty(privateEndpoint.?resourceGroupResourceId) - ? resourceGroup( - split((privateEndpoint.?resourceGroupResourceId ?? '//'), '/')[2], - split((privateEndpoint.?resourceGroupResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((privateEndpoint.?subnetResourceId ?? '//'), '/')[2], - split((privateEndpoint.?subnetResourceId ?? '////'), '/')[4] - ) + scope: resourceGroup( + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] + ) params: { name: privateEndpoint.?name ?? 'pep-${last(split(workspace.id, '/'))}-${privateEndpoint.service}-${index}' privateLinkServiceConnections: privateEndpoint.?isManualConnection != true @@ -507,15 +502,10 @@ var _storageAccountId = resourceId( module storageAccount_storageAccountPrivateEndpoints 'br/public:avm/res/network/private-endpoint:0.10.1' = [ for (privateEndpoint, index) in (storageAccountPrivateEndpoints ?? []): if (privateStorageAccount == 'Enabled') { name: '${uniqueString(deployment().name, location)}-workspacestorage-PrivateEndpoint-${index}' - scope: !empty(privateEndpoint.?resourceGroupResourceId) - ? resourceGroup( - split((privateEndpoint.?resourceGroupResourceId ?? '//'), '/')[2], - split((privateEndpoint.?resourceGroupResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((privateEndpoint.?subnetResourceId ?? '//'), '/')[2], - split((privateEndpoint.?subnetResourceId ?? '////'), '/')[4] - ) + scope: resourceGroup( + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] + ) params: { name: privateEndpoint.?name ?? 'pep-${_storageAccountName}-${privateEndpoint.service}-${index}' privateLinkServiceConnections: privateEndpoint.?isManualConnection != true diff --git a/avm/res/databricks/workspace/main.json b/avm/res/databricks/workspace/main.json index fc365caa58..01d52c2168 100644 --- a/avm/res/databricks/workspace/main.json +++ b/avm/res/databricks/workspace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.33.13.18514", - "templateHash": "5589679396689290907" + "templateHash": "5273652821148246861" }, "name": "Azure Databricks Workspaces", "description": "This module deploys an Azure Databricks Workspace." @@ -1011,8 +1011,8 @@ }, "properties": "[shallowMerge(createArray(createObject('managedResourceGroupId', if(not(empty(parameters('managedResourceGroupResourceId'))), parameters('managedResourceGroupResourceId'), format('{0}/resourceGroups/rg-{1}-managed', subscription().id, parameters('name'))), 'parameters', shallowMerge(createArray(createObject('enableNoPublicIp', createObject('value', parameters('disablePublicIp')), 'prepareEncryption', createObject('value', parameters('prepareEncryption')), 'vnetAddressPrefix', createObject('value', parameters('vnetAddressPrefix')), 'requireInfrastructureEncryption', createObject('value', parameters('requireInfrastructureEncryption'))), if(not(empty(parameters('customVirtualNetworkResourceId'))), createObject('customVirtualNetworkId', createObject('value', parameters('customVirtualNetworkResourceId'))), createObject()), if(not(empty(parameters('amlWorkspaceResourceId'))), createObject('amlWorkspaceId', createObject('value', parameters('amlWorkspaceResourceId'))), createObject()), if(not(empty(parameters('customPrivateSubnetName'))), createObject('customPrivateSubnetName', createObject('value', parameters('customPrivateSubnetName'))), createObject()), if(not(empty(parameters('customPublicSubnetName'))), createObject('customPublicSubnetName', createObject('value', parameters('customPublicSubnetName'))), createObject()), if(not(empty(parameters('loadBalancerBackendPoolName'))), createObject('loadBalancerBackendPoolName', createObject('value', parameters('loadBalancerBackendPoolName'))), createObject()), if(not(empty(parameters('loadBalancerResourceId'))), createObject('loadBalancerId', createObject('value', parameters('loadBalancerResourceId'))), createObject()), if(not(empty(parameters('natGatewayName'))), createObject('natGatewayName', createObject('value', parameters('natGatewayName'))), createObject()), if(not(empty(parameters('publicIpName'))), createObject('publicIpName', createObject('value', parameters('publicIpName'))), createObject()), if(not(empty(parameters('storageAccountName'))), createObject('storageAccountName', createObject('value', parameters('storageAccountName'))), createObject()), if(not(empty(parameters('storageAccountSkuName'))), createObject('storageAccountSkuName', createObject('value', parameters('storageAccountSkuName'))), createObject()))), 'publicNetworkAccess', parameters('publicNetworkAccess'), 'requiredNsgRules', parameters('requiredNsgRules'), 'encryption', if(or(not(empty(parameters('customerManagedKey'))), not(empty(parameters('customerManagedKeyManagedDisk')))), createObject('entities', createObject('managedServices', if(not(empty(parameters('customerManagedKey'))), createObject('keySource', 'Microsoft.Keyvault', 'keyVaultProperties', createObject('keyVaultUri', reference('cMKKeyVault').vaultUri, 'keyName', parameters('customerManagedKey').keyName, 'keyVersion', if(not(empty(coalesce(tryGet(parameters('customerManagedKey'), 'keyVersion'), ''))), tryGet(parameters('customerManagedKey'), 'keyVersion'), last(split(reference('cMKKeyVault::cMKKey').keyUriWithVersion, '/'))))), null()), 'managedDisk', if(not(empty(parameters('customerManagedKeyManagedDisk'))), createObject('keySource', 'Microsoft.Keyvault', 'keyVaultProperties', createObject('keyVaultUri', reference('cMKManagedDiskKeyVault').vaultUri, 'keyName', parameters('customerManagedKeyManagedDisk').keyName, 'keyVersion', if(not(empty(coalesce(tryGet(parameters('customerManagedKeyManagedDisk'), 'keyVersion'), ''))), tryGet(parameters('customerManagedKeyManagedDisk'), 'keyVersion'), last(split(reference('cMKManagedDiskKeyVault::cMKKey').keyUriWithVersion, '/')))), 'rotationToLatestKeyVersionEnabled', coalesce(coalesce(tryGet(parameters('customerManagedKeyManagedDisk'), 'autoRotationEnabled'), equals(true(), true())), false())), null()))), null())), if(not(empty(parameters('privateStorageAccount'))), createObject('defaultStorageFirewall', parameters('privateStorageAccount'), 'accessConnector', createObject('id', parameters('accessConnectorResourceId'), 'identityType', 'SystemAssigned')), createObject()), if(not(empty(parameters('defaultCatalog'))), createObject('defaultCatalog', createObject('initialName', '', 'initialType', tryGet(parameters('defaultCatalog'), 'initialType'))), createObject()), if(or(or(not(empty(parameters('automaticClusterUpdate'))), not(empty(parameters('complianceStandards')))), not(empty(parameters('enhancedSecurityMonitoring')))), createObject('enhancedSecurityCompliance', createObject('automaticClusterUpdate', createObject('value', parameters('automaticClusterUpdate')), 'complianceSecurityProfile', createObject('complianceStandards', parameters('complianceStandards'), 'value', parameters('complianceSecurityProfileValue')), 'enhancedSecurityMonitoring', createObject('value', parameters('enhancedSecurityMonitoring')))), createObject())))]", "dependsOn": [ - "cMKManagedDiskKeyVault::cMKKey", "cMKKeyVault::cMKKey", + "cMKManagedDiskKeyVault::cMKKey", "cMKKeyVault", "cMKManagedDiskKeyVault" ] @@ -1095,6 +1095,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-workspace-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -1853,6 +1855,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-workspacestorage-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('storageAccountPrivateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('storageAccountPrivateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('storageAccountPrivateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('storageAccountPrivateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" diff --git a/avm/res/db-for-postgre-sql/flexible-server/main.bicep b/avm/res/db-for-postgre-sql/flexible-server/main.bicep index 08a780886b..dc508d19a4 100644 --- a/avm/res/db-for-postgre-sql/flexible-server/main.bicep +++ b/avm/res/db-for-postgre-sql/flexible-server/main.bicep @@ -453,15 +453,10 @@ resource flexibleServer_diagnosticSettings 'Microsoft.Insights/diagnosticSetting module server_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.10.1' = [ for (privateEndpoint, index) in (privateEndpoints ?? []): if (empty(delegatedSubnetResourceId)) { name: '${uniqueString(deployment().name, location)}-PostgreSQL-PrivateEndpoint-${index}' - scope: !empty(privateEndpoint.?resourceGroupResourceId) - ? resourceGroup( - split((privateEndpoint.?resourceGroupResourceId ?? '//'), '/')[2], - split((privateEndpoint.?resourceGroupResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((privateEndpoint.?subnetResourceId ?? '//'), '/')[2], - split((privateEndpoint.?subnetResourceId ?? '////'), '/')[4] - ) + scope: resourceGroup( + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] + ) params: { name: privateEndpoint.?name ?? 'pep-${last(split(flexibleServer.id, '/'))}-${privateEndpoint.?service ?? 'postgresqlServer'}-${index}' privateLinkServiceConnections: privateEndpoint.?isManualConnection != true diff --git a/avm/res/db-for-postgre-sql/flexible-server/main.json b/avm/res/db-for-postgre-sql/flexible-server/main.json index 111ad605cf..6f63a1e86e 100644 --- a/avm/res/db-for-postgre-sql/flexible-server/main.json +++ b/avm/res/db-for-postgre-sql/flexible-server/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.33.13.18514", - "templateHash": "8102121291373013517" + "templateHash": "17738367672833372176" }, "name": "DBforPostgreSQL Flexible Servers", "description": "This module deploys a DBforPostgreSQL Flexible Server." @@ -1731,6 +1731,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-PostgreSQL-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" diff --git a/avm/res/key-vault/vault/README.md b/avm/res/key-vault/vault/README.md index 2b076102a2..4fe0b74122 100644 --- a/avm/res/key-vault/vault/README.md +++ b/avm/res/key-vault/vault/README.md @@ -463,6 +463,7 @@ module vault 'br/public:avm/res/key-vault/vault:' = { } ] } + resourceGroupResourceId: '' subnetResourceId: '' } ] @@ -731,6 +732,7 @@ module vault 'br/public:avm/res/key-vault/vault:' = { } ] }, + "resourceGroupResourceId": "", "subnetResourceId": "" } ] @@ -989,6 +991,7 @@ param privateEndpoints = [ } ] } + resourceGroupResourceId: '' subnetResourceId: '' } ] @@ -3168,7 +3171,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.9.0` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.10.1` | Remote reference | | `br/public:avm/utl/types/avm-common-types:0.5.1` | Remote reference | ## Data Collection diff --git a/avm/res/key-vault/vault/access-policy/main.json b/avm/res/key-vault/vault/access-policy/main.json index 74ccbb8e5b..1b7d43a370 100644 --- a/avm/res/key-vault/vault/access-policy/main.json +++ b/avm/res/key-vault/vault/access-policy/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "6744070574147884656" + "version": "0.33.13.18514", + "templateHash": "15662374115599475123" }, "name": "Key Vault Access Policies", "description": "This module deploys a Key Vault Access Policy." diff --git a/avm/res/key-vault/vault/key/main.json b/avm/res/key-vault/vault/key/main.json index 562c4cda7c..ecd8d6c830 100644 --- a/avm/res/key-vault/vault/key/main.json +++ b/avm/res/key-vault/vault/key/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "15884853996194439605" + "version": "0.33.13.18514", + "templateHash": "8627699258587559559" }, "name": "Key Vault Keys", "description": "This module deploys a Key Vault Key." diff --git a/avm/res/key-vault/vault/main.bicep b/avm/res/key-vault/vault/main.bicep index 654bcab7d0..3c0200eca1 100644 --- a/avm/res/key-vault/vault/main.bicep +++ b/avm/res/key-vault/vault/main.bicep @@ -304,18 +304,13 @@ module keyVault_keys 'key/main.bicep' = [ } ] -module keyVault_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.9.0' = [ +module keyVault_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.10.1' = [ for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-keyVault-PrivateEndpoint-${index}' - scope: !empty(privateEndpoint.?resourceGroupResourceId) - ? resourceGroup( - split((privateEndpoint.?resourceGroupResourceId ?? '//'), '/')[2], - split((privateEndpoint.?resourceGroupResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((privateEndpoint.?subnetResourceId ?? '//'), '/')[2], - split((privateEndpoint.?subnetResourceId ?? '////'), '/')[4] - ) + scope: resourceGroup( + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] + ) params: { name: privateEndpoint.?name ?? 'pep-${last(split(keyVault.id, '/'))}-${privateEndpoint.?service ?? 'vault'}-${index}' privateLinkServiceConnections: privateEndpoint.?isManualConnection != true @@ -403,8 +398,8 @@ output privateEndpoints privateEndpointOutputType[] = [ for (item, index) in (privateEndpoints ?? []): { name: keyVault_privateEndpoints[index].outputs.name resourceId: keyVault_privateEndpoints[index].outputs.resourceId - groupId: keyVault_privateEndpoints[index].outputs.groupId - customDnsConfigs: keyVault_privateEndpoints[index].outputs.customDnsConfig + groupId: keyVault_privateEndpoints[index].outputs.?groupId! + customDnsConfigs: keyVault_privateEndpoints[index].outputs.customDnsConfigs networkInterfaceResourceIds: keyVault_privateEndpoints[index].outputs.networkInterfaceResourceIds } ] @@ -432,7 +427,6 @@ output keys credentialOutputType[] = [ // Definitions // // ================ // @export() -@description('The type for a private endpoint output.') type privateEndpointOutputType = { @description('The name of the private endpoint.') name: string diff --git a/avm/res/key-vault/vault/main.json b/avm/res/key-vault/vault/main.json index 9bce3471d7..451db99b7b 100644 --- a/avm/res/key-vault/vault/main.json +++ b/avm/res/key-vault/vault/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "5900566328584197217" + "version": "0.33.13.18514", + "templateHash": "10562288197267069295" }, "name": "Key Vaults", "description": "This module deploys a Key Vault." @@ -72,8 +72,7 @@ } }, "metadata": { - "__bicep_export!": true, - "description": "The type for a private endpoint output." + "__bicep_export!": true } }, "credentialOutputType": { @@ -1385,8 +1384,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "6744070574147884656" + "version": "0.33.13.18514", + "templateHash": "15662374115599475123" }, "name": "Key Vault Access Policies", "description": "This module deploys a Key Vault Access Policy." @@ -1651,8 +1650,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "6967022677055315423" + "version": "0.33.13.18514", + "templateHash": "7030946530357291103" }, "name": "Key Vault Secrets", "description": "This module deploys a Key Vault Secret." @@ -1965,8 +1964,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "15884853996194439605" + "version": "0.33.13.18514", + "templateHash": "8627699258587559559" }, "name": "Key Vault Keys", "description": "This module deploys a Key Vault Key." @@ -2273,6 +2272,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-keyVault-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2325,12 +2326,11 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "6724714132049298262" + "version": "0.33.13.18514", + "templateHash": "15954548978129725136" }, "name": "Private Endpoints", - "description": "This module deploys a Private Endpoint.", - "owner": "Azure/module-maintainers" + "description": "This module deploys a Private Endpoint." }, "definitions": { "privateDnsZoneGroupType": { @@ -2397,50 +2397,6 @@ "__bicep_export!": true } }, - "manualPrivateLinkServiceConnectionType": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, - "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string array `[]`." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } - }, - "requestMessage": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } - } - }, - "metadata": { - "description": "Required. Properties of private link service connection." - } - } - }, - "metadata": { - "__bicep_export!": true - } - }, "privateLinkServiceConnectionType": { "type": "object", "properties": { @@ -2535,7 +2491,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.2.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" } } }, @@ -2633,7 +2589,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.2.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" } } } @@ -2729,11 +2685,11 @@ "manualPrivateLinkServiceConnections": { "type": "array", "items": { - "$ref": "#/definitions/manualPrivateLinkServiceConnectionType" + "$ref": "#/definitions/privateLinkServiceConnectionType" }, "nullable": true, "metadata": { - "description": "Optional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource." + "description": "Conditional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource. Required if `privateLinkServiceConnections` is empty." } }, "privateLinkServiceConnections": { @@ -2743,7 +2699,7 @@ }, "nullable": true, "metadata": { - "description": "Optional. A grouping of information about the connection to the remote resource." + "description": "Conditional. A grouping of information about the connection to the remote resource. Required if `manualPrivateLinkServiceConnections` is empty." } }, "enableTelemetry": { @@ -2780,7 +2736,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.9.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.10.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -2886,12 +2842,11 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "12329174801198479603" + "version": "0.33.13.18514", + "templateHash": "5440815542537978381" }, "name": "Private Endpoint Private DNS Zone Groups", - "description": "This module deploys a Private Endpoint Private DNS Zone Group.", - "owner": "Azure/module-maintainers" + "description": "This module deploys a Private Endpoint Private DNS Zone Group." }, "definitions": { "privateDnsZoneGroupConfigType": { @@ -2969,10 +2924,7 @@ "name": "[format('{0}/{1}', parameters('privateEndpointName'), parameters('name'))]", "properties": { "privateDnsZoneConfigs": "[variables('privateDnsZoneConfigsVar')]" - }, - "dependsOn": [ - "privateEndpoint" - ] + } } }, "outputs": { @@ -3034,7 +2986,7 @@ }, "value": "[reference('privateEndpoint', '2023-11-01', 'full').location]" }, - "customDnsConfig": { + "customDnsConfigs": { "type": "array", "items": { "$ref": "#/definitions/customDnsConfigType" @@ -3119,8 +3071,8 @@ "input": { "name": "[reference(format('keyVault_privateEndpoints[{0}]', copyIndex())).outputs.name.value]", "resourceId": "[reference(format('keyVault_privateEndpoints[{0}]', copyIndex())).outputs.resourceId.value]", - "groupId": "[reference(format('keyVault_privateEndpoints[{0}]', copyIndex())).outputs.groupId.value]", - "customDnsConfigs": "[reference(format('keyVault_privateEndpoints[{0}]', copyIndex())).outputs.customDnsConfig.value]", + "groupId": "[tryGet(tryGet(reference(format('keyVault_privateEndpoints[{0}]', copyIndex())).outputs, 'groupId'), 'value')]", + "customDnsConfigs": "[reference(format('keyVault_privateEndpoints[{0}]', copyIndex())).outputs.customDnsConfigs.value]", "networkInterfaceResourceIds": "[reference(format('keyVault_privateEndpoints[{0}]', copyIndex())).outputs.networkInterfaceResourceIds.value]" } } diff --git a/avm/res/key-vault/vault/secret/main.json b/avm/res/key-vault/vault/secret/main.json index 6cdad0ef47..75557e043c 100644 --- a/avm/res/key-vault/vault/secret/main.json +++ b/avm/res/key-vault/vault/secret/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "6967022677055315423" + "version": "0.33.13.18514", + "templateHash": "7030946530357291103" }, "name": "Key Vault Secrets", "description": "This module deploys a Key Vault Secret." diff --git a/avm/res/key-vault/vault/tests/e2e/max/main.test.bicep b/avm/res/key-vault/vault/tests/e2e/max/main.test.bicep index daeb6d673f..896844e9de 100644 --- a/avm/res/key-vault/vault/tests/e2e/max/main.test.bicep +++ b/avm/res/key-vault/vault/tests/e2e/max/main.test.bicep @@ -249,6 +249,7 @@ module testDeployment '../../../main.bicep' = [ } ] } + resourceGroupResourceId: resourceGroup.id subnetResourceId: nestedDependencies.outputs.subnetResourceId } ] diff --git a/avm/res/purview/account/main.bicep b/avm/res/purview/account/main.bicep index 6821e5bcda..678cd98182 100644 --- a/avm/res/purview/account/main.bicep +++ b/avm/res/purview/account/main.bicep @@ -190,15 +190,10 @@ resource account_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021- module account_accountPrivateEndpoints 'br/public:avm/res/network/private-endpoint:0.10.1' = [ for (privateEndpoint, index) in (accountPrivateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-account-PrivateEndpoint-${index}' - scope: !empty(privateEndpoint.?resourceGroupResourceId) - ? resourceGroup( - split((privateEndpoint.?resourceGroupResourceId ?? '//'), '/')[2], - split((privateEndpoint.?resourceGroupResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((privateEndpoint.?subnetResourceId ?? '//'), '/')[2], - split((privateEndpoint.?subnetResourceId ?? '////'), '/')[4] - ) + scope: resourceGroup( + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] + ) params: { name: privateEndpoint.?name ?? 'pep-${last(split(account.id, '/'))}-${privateEndpoint.?service ?? 'account'}-${index}' privateLinkServiceConnections: privateEndpoint.?isManualConnection != true @@ -250,15 +245,10 @@ module account_accountPrivateEndpoints 'br/public:avm/res/network/private-endpoi module account_portalPrivateEndpoints 'br/public:avm/res/network/private-endpoint:0.10.1' = [ for (privateEndpoint, index) in (portalPrivateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-portal-PrivateEndpoint-${index}' - scope: !empty(privateEndpoint.?resourceGroupResourceId) - ? resourceGroup( - split((privateEndpoint.?resourceGroupResourceId ?? '//'), '/')[2], - split((privateEndpoint.?resourceGroupResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((privateEndpoint.?subnetResourceId ?? '//'), '/')[2], - split((privateEndpoint.?subnetResourceId ?? '////'), '/')[4] - ) + scope: resourceGroup( + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] + ) params: { name: privateEndpoint.?name ?? 'pep-${last(split(account.id, '/'))}-${privateEndpoint.?service ?? 'portal'}-${index}' privateLinkServiceConnections: privateEndpoint.?isManualConnection != true @@ -310,15 +300,10 @@ module account_portalPrivateEndpoints 'br/public:avm/res/network/private-endpoin module account_storageBlobPrivateEndpoints 'br/public:avm/res/network/private-endpoint:0.10.1' = [ for (privateEndpoint, index) in (storageBlobPrivateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-blob-PrivateEndpoint-${index}' - scope: !empty(privateEndpoint.?resourceGroupResourceId) - ? resourceGroup( - split((privateEndpoint.?resourceGroupResourceId ?? '//'), '/')[2], - split((privateEndpoint.?resourceGroupResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((privateEndpoint.?subnetResourceId ?? '//'), '/')[2], - split((privateEndpoint.?subnetResourceId ?? '////'), '/')[4] - ) + scope: resourceGroup( + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] + ) params: { name: privateEndpoint.?name ?? 'pep-${last(split(account.id, '/'))}-${privateEndpoint.?service ?? 'blob'}-${index}' privateLinkServiceConnections: privateEndpoint.?isManualConnection != true @@ -370,15 +355,10 @@ module account_storageBlobPrivateEndpoints 'br/public:avm/res/network/private-en module account_storageQueuePrivateEndpoints 'br/public:avm/res/network/private-endpoint:0.10.1' = [ for (privateEndpoint, index) in (storageQueuePrivateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-queue-PrivateEndpoint-${index}' - scope: !empty(privateEndpoint.?resourceGroupResourceId) - ? resourceGroup( - split((privateEndpoint.?resourceGroupResourceId ?? '//'), '/')[2], - split((privateEndpoint.?resourceGroupResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((privateEndpoint.?subnetResourceId ?? '//'), '/')[2], - split((privateEndpoint.?subnetResourceId ?? '////'), '/')[4] - ) + scope: resourceGroup( + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] + ) params: { name: privateEndpoint.?name ?? 'pep-${last(split(account.id, '/'))}-${privateEndpoint.?service ?? 'queue'}-${index}' privateLinkServiceConnections: privateEndpoint.?isManualConnection != true @@ -430,15 +410,10 @@ module account_storageQueuePrivateEndpoints 'br/public:avm/res/network/private-e module account_eventHubPrivateEndpoints 'br/public:avm/res/network/private-endpoint:0.10.1' = [ for (privateEndpoint, index) in (eventHubPrivateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-eventHub-PrivateEndpoint-${index}' - scope: !empty(privateEndpoint.?resourceGroupResourceId) - ? resourceGroup( - split((privateEndpoint.?resourceGroupResourceId ?? '//'), '/')[2], - split((privateEndpoint.?resourceGroupResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((privateEndpoint.?subnetResourceId ?? '//'), '/')[2], - split((privateEndpoint.?subnetResourceId ?? '////'), '/')[4] - ) + scope: resourceGroup( + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] + ) params: { name: privateEndpoint.?name ?? 'pep-${last(split(account.id, '/'))}-${privateEndpoint.?service ?? 'namespace'}-${index}' privateLinkServiceConnections: privateEndpoint.?isManualConnection != true diff --git a/avm/res/purview/account/main.json b/avm/res/purview/account/main.json index b06c5e1fc1..886766ba2f 100644 --- a/avm/res/purview/account/main.json +++ b/avm/res/purview/account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.33.13.18514", - "templateHash": "12517935064774862493" + "templateHash": "17913522692754850617" }, "name": "Purview Accounts", "description": "This module deploys a Purview Account." @@ -875,6 +875,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-account-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('accountPrivateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('accountPrivateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('accountPrivateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('accountPrivateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -1630,6 +1632,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-portal-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('portalPrivateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('portalPrivateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('portalPrivateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('portalPrivateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2385,6 +2389,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-blob-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('storageBlobPrivateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('storageBlobPrivateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('storageBlobPrivateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('storageBlobPrivateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3140,6 +3146,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-queue-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('storageQueuePrivateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('storageQueuePrivateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('storageQueuePrivateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('storageQueuePrivateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -3895,6 +3903,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-eventHub-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('eventHubPrivateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('eventHubPrivateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('eventHubPrivateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('eventHubPrivateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" diff --git a/avm/res/recovery-services/vault/main.bicep b/avm/res/recovery-services/vault/main.bicep index 96e98b1f01..888cf7054c 100644 --- a/avm/res/recovery-services/vault/main.bicep +++ b/avm/res/recovery-services/vault/main.bicep @@ -194,15 +194,15 @@ resource rsv 'Microsoft.RecoveryServices/vaults@2024-04-01' = { ? { azureMonitorAlertSettings: !empty(monitoringSettings.?azureMonitorAlertSettings) ? { - alertsForAllFailoverIssues: monitoringSettings!.azureMonitorAlertSettings.?alertsForAllFailoverIssues ?? 'Enabled' - alertsForAllJobFailures: monitoringSettings!.azureMonitorAlertSettings.?alertsForAllJobFailures ?? 'Enabled' - alertsForAllReplicationIssues: monitoringSettings!.azureMonitorAlertSettings.?alertsForAllReplicationIssues ?? 'Enabled' + alertsForAllFailoverIssues: monitoringSettings!.?azureMonitorAlertSettings.?alertsForAllFailoverIssues ?? 'Enabled' + alertsForAllJobFailures: monitoringSettings!.?azureMonitorAlertSettings.?alertsForAllJobFailures ?? 'Enabled' + alertsForAllReplicationIssues: monitoringSettings!.?azureMonitorAlertSettings.?alertsForAllReplicationIssues ?? 'Enabled' } : null classicAlertSettings: !empty(monitoringSettings.?classicAlertSettings) ? { - alertsForCriticalOperations: monitoringSettings!.classicAlertSettings.?alertsForCriticalOperations ?? 'Enabled' - emailNotificationsForSiteRecovery: monitoringSettings!.classicAlertSettings.?emailNotificationsForSiteRecovery ?? 'Enabled' + alertsForCriticalOperations: monitoringSettings!.?classicAlertSettings.?alertsForCriticalOperations ?? 'Enabled' + emailNotificationsForSiteRecovery: monitoringSettings!.?classicAlertSettings.?emailNotificationsForSiteRecovery ?? 'Enabled' } : null } @@ -223,7 +223,7 @@ resource rsv 'Microsoft.RecoveryServices/vaults@2024-04-01' = { } keyVaultProperties: { keyUri: !empty(customerManagedKey.?keyVersion) - ? '${cMKKeyVault::cMKKey.properties.keyUri}/${customerManagedKey!.keyVersion}' + ? '${cMKKeyVault::cMKKey.properties.keyUri}/${customerManagedKey!.?keyVersion}' : (customerManagedKey.?autoRotationEnabled ?? true) ? cMKKeyVault::cMKKey.properties.keyUri : cMKKeyVault::cMKKey.properties.keyUriWithVersion @@ -266,8 +266,8 @@ module rsv_backupStorageConfiguration 'backup-storage-config/main.bicep' = if (! name: '${uniqueString(deployment().name, location)}-RSV-BackupStorageConfig' params: { recoveryVaultName: rsv.name - storageModelType: backupStorageConfig!.storageModelType - crossRegionRestoreFlag: backupStorageConfig!.crossRegionRestoreFlag + storageModelType: backupStorageConfig!.?storageModelType + crossRegionRestoreFlag: backupStorageConfig!.?crossRegionRestoreFlag } } @@ -369,15 +369,10 @@ resource rsv_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-0 module rsv_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.10.1' = [ for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-rsv-PrivateEndpoint-${index}' - scope: !empty(privateEndpoint.?resourceGroupResourceId) - ? resourceGroup( - split((privateEndpoint.?resourceGroupResourceId ?? '//'), '/')[2], - split((privateEndpoint.?resourceGroupResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((privateEndpoint.?subnetResourceId ?? '//'), '/')[2], - split((privateEndpoint.?subnetResourceId ?? '////'), '/')[4] - ) + scope: resourceGroup( + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] + ) params: { name: privateEndpoint.?name ?? 'pep-${last(split(rsv.id, '/'))}-${privateEndpoint.?service ?? 'AzureSiteRecovery'}-${index}' privateLinkServiceConnections: privateEndpoint.?isManualConnection != true diff --git a/avm/res/recovery-services/vault/main.json b/avm/res/recovery-services/vault/main.json index c162dc8dab..189515ddce 100644 --- a/avm/res/recovery-services/vault/main.json +++ b/avm/res/recovery-services/vault/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.33.13.18514", - "templateHash": "1404292748211985740" + "templateHash": "16908039055526294885" }, "name": "Recovery Services Vaults", "description": "This module deploys a Recovery Services Vault." @@ -1496,12 +1496,12 @@ "tier": "Standard" }, "properties": { - "monitoringSettings": "[if(not(empty(parameters('monitoringSettings'))), createObject('azureMonitorAlertSettings', if(not(empty(tryGet(parameters('monitoringSettings'), 'azureMonitorAlertSettings'))), createObject('alertsForAllFailoverIssues', coalesce(tryGet(parameters('monitoringSettings').azureMonitorAlertSettings, 'alertsForAllFailoverIssues'), 'Enabled'), 'alertsForAllJobFailures', coalesce(tryGet(parameters('monitoringSettings').azureMonitorAlertSettings, 'alertsForAllJobFailures'), 'Enabled'), 'alertsForAllReplicationIssues', coalesce(tryGet(parameters('monitoringSettings').azureMonitorAlertSettings, 'alertsForAllReplicationIssues'), 'Enabled')), null()), 'classicAlertSettings', if(not(empty(tryGet(parameters('monitoringSettings'), 'classicAlertSettings'))), createObject('alertsForCriticalOperations', coalesce(tryGet(parameters('monitoringSettings').classicAlertSettings, 'alertsForCriticalOperations'), 'Enabled'), 'emailNotificationsForSiteRecovery', coalesce(tryGet(parameters('monitoringSettings').classicAlertSettings, 'emailNotificationsForSiteRecovery'), 'Enabled')), null())), null())]", + "monitoringSettings": "[if(not(empty(parameters('monitoringSettings'))), createObject('azureMonitorAlertSettings', if(not(empty(tryGet(parameters('monitoringSettings'), 'azureMonitorAlertSettings'))), createObject('alertsForAllFailoverIssues', coalesce(tryGet(tryGet(parameters('monitoringSettings'), 'azureMonitorAlertSettings'), 'alertsForAllFailoverIssues'), 'Enabled'), 'alertsForAllJobFailures', coalesce(tryGet(tryGet(parameters('monitoringSettings'), 'azureMonitorAlertSettings'), 'alertsForAllJobFailures'), 'Enabled'), 'alertsForAllReplicationIssues', coalesce(tryGet(tryGet(parameters('monitoringSettings'), 'azureMonitorAlertSettings'), 'alertsForAllReplicationIssues'), 'Enabled')), null()), 'classicAlertSettings', if(not(empty(tryGet(parameters('monitoringSettings'), 'classicAlertSettings'))), createObject('alertsForCriticalOperations', coalesce(tryGet(tryGet(parameters('monitoringSettings'), 'classicAlertSettings'), 'alertsForCriticalOperations'), 'Enabled'), 'emailNotificationsForSiteRecovery', coalesce(tryGet(tryGet(parameters('monitoringSettings'), 'classicAlertSettings'), 'emailNotificationsForSiteRecovery'), 'Enabled')), null())), null())]", "securitySettings": "[parameters('securitySettings')]", "publicNetworkAccess": "[parameters('publicNetworkAccess')]", "redundancySettings": "[parameters('redundancySettings')]", "restoreSettings": "[parameters('restoreSettings')]", - "encryption": "[if(not(empty(parameters('customerManagedKey'))), createObject('infrastructureEncryption', 'Enabled', 'kekIdentity', if(not(empty(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'))), createObject('userAssignedIdentity', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'), '////'), '/')[4]), 'Microsoft.ManagedIdentity/userAssignedIdentities', last(split(coalesce(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'), 'dummyMsi'), '/')))), createObject('useSystemAssignedIdentity', empty(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId')))), 'keyVaultProperties', createObject('keyUri', if(not(empty(tryGet(parameters('customerManagedKey'), 'keyVersion'))), format('{0}/{1}', reference('cMKKeyVault::cMKKey').keyUri, parameters('customerManagedKey').keyVersion), if(coalesce(tryGet(parameters('customerManagedKey'), 'autoRotationEnabled'), true()), reference('cMKKeyVault::cMKKey').keyUri, reference('cMKKeyVault::cMKKey').keyUriWithVersion)))), null())]" + "encryption": "[if(not(empty(parameters('customerManagedKey'))), createObject('infrastructureEncryption', 'Enabled', 'kekIdentity', if(not(empty(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'))), createObject('userAssignedIdentity', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'), '////'), '/')[4]), 'Microsoft.ManagedIdentity/userAssignedIdentities', last(split(coalesce(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'), 'dummyMsi'), '/')))), createObject('useSystemAssignedIdentity', empty(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId')))), 'keyVaultProperties', createObject('keyUri', if(not(empty(tryGet(parameters('customerManagedKey'), 'keyVersion'))), format('{0}/{1}', reference('cMKKeyVault::cMKKey').keyUri, tryGet(parameters('customerManagedKey'), 'keyVersion')), if(coalesce(tryGet(parameters('customerManagedKey'), 'autoRotationEnabled'), true()), reference('cMKKeyVault::cMKKey').keyUri, reference('cMKKeyVault::cMKKey').keyUriWithVersion)))), null())]" }, "dependsOn": [ "cMKKeyVault::cMKKey" @@ -2297,10 +2297,10 @@ "value": "[parameters('name')]" }, "storageModelType": { - "value": "[parameters('backupStorageConfig').storageModelType]" + "value": "[tryGet(parameters('backupStorageConfig'), 'storageModelType')]" }, "crossRegionRestoreFlag": { - "value": "[parameters('backupStorageConfig').crossRegionRestoreFlag]" + "value": "[tryGet(parameters('backupStorageConfig'), 'crossRegionRestoreFlag')]" } }, "template": { @@ -2953,6 +2953,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-rsv-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" diff --git a/avm/res/relay/namespace/main.bicep b/avm/res/relay/namespace/main.bicep index b20ac876a2..5de0130cc8 100644 --- a/avm/res/relay/namespace/main.bicep +++ b/avm/res/relay/namespace/main.bicep @@ -218,15 +218,10 @@ resource namespace_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@202 module namespace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.10.1' = [ for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-namespace-PrivateEndpoint-${index}' - scope: !empty(privateEndpoint.?resourceGroupResourceId) - ? resourceGroup( - split((privateEndpoint.?resourceGroupResourceId ?? '//'), '/')[2], - split((privateEndpoint.?resourceGroupResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((privateEndpoint.?subnetResourceId ?? '//'), '/')[2], - split((privateEndpoint.?subnetResourceId ?? '////'), '/')[4] - ) + scope: resourceGroup( + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] + ) params: { name: privateEndpoint.?name ?? 'pep-${last(split(namespace.id, '/'))}-${privateEndpoint.?service ?? 'namespace'}-${index}' privateLinkServiceConnections: privateEndpoint.?isManualConnection != true diff --git a/avm/res/relay/namespace/main.json b/avm/res/relay/namespace/main.json index 9974d7667d..cbfc6ea08c 100644 --- a/avm/res/relay/namespace/main.json +++ b/avm/res/relay/namespace/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.33.13.18514", - "templateHash": "10302508139309191094" + "templateHash": "7449491400928242470" }, "name": "Relay Namespaces", "description": "This module deploys a Relay Namespace" @@ -1931,6 +1931,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-namespace-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" diff --git a/avm/res/service-bus/namespace/main.bicep b/avm/res/service-bus/namespace/main.bicep index 0861cba24b..ef6fcf6ca5 100644 --- a/avm/res/service-bus/namespace/main.bicep +++ b/avm/res/service-bus/namespace/main.bicep @@ -378,15 +378,10 @@ resource serviceBusNamespace_diagnosticSettings 'Microsoft.Insights/diagnosticSe module serviceBusNamespace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.10.1' = [ for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-serviceBusNamespace-PrivateEndpoint-${index}' - scope: !empty(privateEndpoint.?resourceGroupResourceId) - ? resourceGroup( - split((privateEndpoint.?resourceGroupResourceId ?? '//'), '/')[2], - split((privateEndpoint.?resourceGroupResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((privateEndpoint.?subnetResourceId ?? '//'), '/')[2], - split((privateEndpoint.?subnetResourceId ?? '////'), '/')[4] - ) + scope: resourceGroup( + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] + ) params: { name: privateEndpoint.?name ?? 'pep-${last(split(serviceBusNamespace.id, '/'))}-${privateEndpoint.?service ?? 'namespace'}-${index}' privateLinkServiceConnections: privateEndpoint.?isManualConnection != true diff --git a/avm/res/service-bus/namespace/main.json b/avm/res/service-bus/namespace/main.json index f8e1241c21..3f9fba0140 100644 --- a/avm/res/service-bus/namespace/main.json +++ b/avm/res/service-bus/namespace/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "5605645467272297098" + "version": "0.33.13.18514", + "templateHash": "7837803421760030856" }, "name": "Service Bus Namespaces", "description": "This module deploys a Service Bus Namespace." @@ -1865,8 +1865,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "11843582332513126053" + "version": "0.33.13.18514", + "templateHash": "14374854229940696860" }, "name": "Service Bus Namespace Authorization Rules", "description": "This module deploys a Service Bus Namespace Authorization Rule." @@ -1968,8 +1968,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "953280430524155799" + "version": "0.33.13.18514", + "templateHash": "17399088623294854705" }, "name": "Service Bus Namespace Disaster Recovery Configs", "description": "This module deploys a Service Bus Namespace Disaster Recovery Config" @@ -2072,8 +2072,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "1185508580247696644" + "version": "0.33.13.18514", + "templateHash": "16312291233623934616" }, "name": "Service Bus Namespace Migration Configuration", "description": "This module deploys a Service Bus Namespace Migration Configuration." @@ -2176,8 +2176,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "286643555978658471" + "version": "0.33.13.18514", + "templateHash": "17182735425325794067" }, "name": "Service Bus Namespace Network Rule Sets", "description": "This module deploys a ServiceBus Namespace Network Rule Set." @@ -2375,8 +2375,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "2963369845110660460" + "version": "0.33.13.18514", + "templateHash": "4119251299070252186" }, "name": "Service Bus Namespace Queue", "description": "This module deploys a Service Bus Namespace Queue." @@ -2774,8 +2774,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "4106322932640263973" + "version": "0.33.13.18514", + "templateHash": "7526885294323298219" }, "name": "Service Bus Namespace Queue Authorization Rules", "description": "This module deploys a Service Bus Namespace Queue Authorization Rule." @@ -2954,8 +2954,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "4751434073420963969" + "version": "0.33.13.18514", + "templateHash": "15157624750923042287" }, "name": "Service Bus Namespace Topic", "description": "This module deploys a Service Bus Namespace Topic." @@ -3636,8 +3636,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "9054915416075794466" + "version": "0.33.13.18514", + "templateHash": "8184508565282070207" }, "name": "Service Bus Namespace Topic Authorization Rules", "description": "This module deploys a Service Bus Namespace Topic Authorization Rule." @@ -3789,8 +3789,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "3178099276922515439" + "version": "0.33.13.18514", + "templateHash": "13380479271935330273" }, "name": "Service Bus Namespace Topic Subscription", "description": "This module deploys a Service Bus Namespace Topic Subscription." @@ -4183,8 +4183,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "2622393872040722258" + "version": "0.33.13.18514", + "templateHash": "4831934980907711659" }, "name": "Service Bus Namespace Topic Subscription Rule", "description": "This module deploys a Service Bus Namespace Topic Subscription Rule." @@ -4375,6 +4375,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-serviceBusNamespace-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" diff --git a/avm/res/sql/server/main.bicep b/avm/res/sql/server/main.bicep index 363dd816ee..0e9d3a62cb 100644 --- a/avm/res/sql/server/main.bicep +++ b/avm/res/sql/server/main.bicep @@ -343,15 +343,10 @@ module server_elasticPools 'elastic-pool/main.bicep' = [ module server_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.10.1' = [ for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-server-PrivateEndpoint-${index}' - scope: !empty(privateEndpoint.?resourceGroupResourceId) - ? resourceGroup( - split((privateEndpoint.?resourceGroupResourceId ?? '//'), '/')[2], - split((privateEndpoint.?resourceGroupResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((privateEndpoint.?subnetResourceId ?? '//'), '/')[2], - split((privateEndpoint.?subnetResourceId ?? '////'), '/')[4] - ) + scope: resourceGroup( + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] + ) params: { name: privateEndpoint.?name ?? 'pep-${last(split(server.id, '/'))}-${privateEndpoint.?service ?? 'sqlServer'}-${index}' privateLinkServiceConnections: privateEndpoint.?isManualConnection != true diff --git a/avm/res/sql/server/main.json b/avm/res/sql/server/main.json index cc2f195da1..070453a235 100644 --- a/avm/res/sql/server/main.json +++ b/avm/res/sql/server/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.33.13.18514", - "templateHash": "2433863119343202155" + "templateHash": "11930227683565093918" }, "name": "Azure SQL Servers", "description": "This module deploys an Azure SQL Server." @@ -3685,6 +3685,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-server-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" diff --git a/avm/res/storage/storage-account/main.bicep b/avm/res/storage/storage-account/main.bicep index 91ee043a7e..66b9fc6703 100644 --- a/avm/res/storage/storage-account/main.bicep +++ b/avm/res/storage/storage-account/main.bicep @@ -502,15 +502,10 @@ resource storageAccount_roleAssignments 'Microsoft.Authorization/roleAssignments module storageAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.10.1' = [ for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-storageAccount-PrivateEndpoint-${index}' - scope: !empty(privateEndpoint.?resourceGroupResourceId) - ? resourceGroup( - split((privateEndpoint.?resourceGroupResourceId ?? '//'), '/')[2], - split((privateEndpoint.?resourceGroupResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((privateEndpoint.?subnetResourceId ?? '//'), '/')[2], - split((privateEndpoint.?subnetResourceId ?? '////'), '/')[4] - ) + scope: resourceGroup( + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] + ) params: { name: privateEndpoint.?name ?? 'pep-${last(split(storageAccount.id, '/'))}-${privateEndpoint.service}-${index}' privateLinkServiceConnections: privateEndpoint.?isManualConnection != true diff --git a/avm/res/storage/storage-account/main.json b/avm/res/storage/storage-account/main.json index b3193cf49f..0d22a420a4 100644 --- a/avm/res/storage/storage-account/main.json +++ b/avm/res/storage/storage-account/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "17960260729884623690" + "version": "0.33.13.18514", + "templateHash": "3424685276444889234" }, "name": "Storage Accounts", "description": "This module deploys a Storage Account." @@ -1451,6 +1451,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-storageAccount-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2222,8 +2224,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "10504956743360699891" + "version": "0.33.13.18514", + "templateHash": "4967204006599351003" }, "name": "Storage Account Management Policies", "description": "This module deploys a Storage Account Management Policy." @@ -2331,8 +2333,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "5655292159520921149" + "version": "0.33.13.18514", + "templateHash": "2528560857012083896" }, "name": "Storage Account Local Users", "description": "This module deploys a Storage Account Local User, which is used for SFTP authentication." @@ -2569,8 +2571,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "2058460323623594433" + "version": "0.33.13.18514", + "templateHash": "14339432978450199921" }, "name": "Storage Account blob Services", "description": "This module deploys a Storage Account Blob Service." @@ -3036,8 +3038,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "2991444340097371621" + "version": "0.33.13.18514", + "templateHash": "10816586207828434096" }, "name": "Storage Account Blob Containers", "description": "This module deploys a Storage Account Blob Container." @@ -3325,8 +3327,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "8061556339565534458" + "version": "0.33.13.18514", + "templateHash": "2769922037435749045" }, "name": "Storage Account Blob Container Immutability Policies", "description": "This module deploys a Storage Account Blob Container Immutability Policy." @@ -3505,8 +3507,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "3168394810831105529" + "version": "0.33.13.18514", + "templateHash": "987643333058038389" }, "name": "Storage Account File Share Services", "description": "This module deploys a Storage Account File Share Service." @@ -3859,8 +3861,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "12044655551245282190" + "version": "0.33.13.18514", + "templateHash": "15193761941438215308" }, "name": "Storage Account File Shares", "description": "This module deploys a Storage Account File Share." @@ -4294,8 +4296,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "1736438454543575457" + "version": "0.33.13.18514", + "templateHash": "8158577333548255612" }, "name": "Storage Account Queue Services", "description": "This module deploys a Storage Account Queue Service." @@ -4613,8 +4615,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "6383154227554431205" + "version": "0.33.13.18514", + "templateHash": "9877120144610775153" }, "name": "Storage Account Queues", "description": "This module deploys a Storage Account Queue." @@ -4883,8 +4885,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "12583903411447171294" + "version": "0.33.13.18514", + "templateHash": "541986423744885003" }, "name": "Storage Account Table Services", "description": "This module deploys a Storage Account Table Service." @@ -5199,8 +5201,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "1369356397929898951" + "version": "0.33.13.18514", + "templateHash": "11234204519679347949" }, "name": "Storage Account Table", "description": "This module deploys a Storage Account Table." @@ -5453,8 +5455,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.33.93.31351", - "templateHash": "2275047425860597278" + "version": "0.33.13.18514", + "templateHash": "14510275109257916717" } }, "definitions": { diff --git a/avm/res/synapse/workspace/main.bicep b/avm/res/synapse/workspace/main.bicep index fb3e2fefa9..2bc090c5f4 100644 --- a/avm/res/synapse/workspace/main.bicep +++ b/avm/res/synapse/workspace/main.bicep @@ -352,15 +352,10 @@ module workspace_firewallRules 'firewall-rules/main.bicep' = [ module workspace_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.9.1' = [ for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-workspace-PrivateEndpoint-${index}' - scope: !empty(privateEndpoint.?resourceGroupResourceId) - ? resourceGroup( - split((privateEndpoint.?resourceGroupResourceId ?? '//'), '/')[2], - split((privateEndpoint.?resourceGroupResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((privateEndpoint.?subnetResourceId ?? '//'), '/')[2], - split((privateEndpoint.?subnetResourceId ?? '////'), '/')[4] - ) + scope: resourceGroup( + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] + ) params: { name: privateEndpoint.?name ?? 'pep-${last(split(workspace.id, '/'))}-${privateEndpoint.service}-${index}' privateLinkServiceConnections: privateEndpoint.?isManualConnection != true diff --git a/avm/res/synapse/workspace/main.json b/avm/res/synapse/workspace/main.json index 6982279774..c58cd50e2f 100644 --- a/avm/res/synapse/workspace/main.json +++ b/avm/res/synapse/workspace/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "17815795427207375469" + "version": "0.33.13.18514", + "templateHash": "4395970160208281653" }, "name": "Synapse Workspaces", "description": "This module deploys a Synapse Workspace." @@ -1067,8 +1067,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "1357925296617686979" + "version": "0.33.13.18514", + "templateHash": "18124614252428623156" }, "name": "Synapse Workspace Integration Runtimes", "description": "This module deploys a Synapse Workspace Integration Runtime." @@ -1166,8 +1166,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "5168623611246542439" + "version": "0.33.13.18514", + "templateHash": "4658877837973777703" } }, "parameters": { @@ -1254,8 +1254,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "9285184380796627148" + "version": "0.33.13.18514", + "templateHash": "18134135357281825028" }, "name": "Synapse Workspaces Keys", "description": "This module deploys a Synapse Workspaces Key." @@ -1360,8 +1360,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "7870636790140091356" + "version": "0.33.13.18514", + "templateHash": "6961828897310133803" }, "name": "Synapse Workspaces Administrators", "description": "This module deploys Synapse Workspaces Administrators." @@ -1474,8 +1474,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "3403338957196025610" + "version": "0.33.13.18514", + "templateHash": "4218971273589711859" }, "name": "Synapse Workspaces Firewall Rules", "description": "This module deploys Synapse Workspaces Firewall Rules." @@ -1554,6 +1554,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-workspace-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" diff --git a/avm/res/web/site/main.bicep b/avm/res/web/site/main.bicep index 39729295db..8d62479680 100644 --- a/avm/res/web/site/main.bicep +++ b/avm/res/web/site/main.bicep @@ -484,15 +484,10 @@ resource app_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01 module app_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.7.1' = [ for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-app-PrivateEndpoint-${index}' - scope: !empty(privateEndpoint.?resourceGroupResourceId) - ? resourceGroup( - split((privateEndpoint.?resourceGroupResourceId ?? '//'), '/')[2], - split((privateEndpoint.?resourceGroupResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((privateEndpoint.?subnetResourceId ?? '//'), '/')[2], - split((privateEndpoint.?subnetResourceId ?? '////'), '/')[4] - ) + scope: resourceGroup( + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] + ) params: { name: privateEndpoint.?name ?? 'pep-${last(split(app.id, '/'))}-${privateEndpoint.?service ?? 'sites'}-${index}' privateLinkServiceConnections: privateEndpoint.?isManualConnection != true diff --git a/avm/res/web/site/main.json b/avm/res/web/site/main.json index 24e3af3ecf..dec2e20b5f 100644 --- a/avm/res/web/site/main.json +++ b/avm/res/web/site/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "11078104901059265686" + "version": "0.33.13.18514", + "templateHash": "1510038828157796019" }, "name": "Web/Function Apps", "description": "This module deploys a Web or Function App." @@ -1084,8 +1084,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "6410547302386858558" + "version": "0.33.13.18514", + "templateHash": "3773744005628323179" }, "name": "Site App Settings", "description": "This module deploys a Site App Setting." @@ -1246,8 +1246,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "11113399312695963924" + "version": "0.33.13.18514", + "templateHash": "12604769145311962317" }, "name": "Site Auth Settings V2 Config", "description": "This module deploys a Site Auth Settings V2 Configuration." @@ -1349,8 +1349,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "7848470524705559903" + "version": "0.33.13.18514", + "templateHash": "10353279242186955906" }, "name": "Site logs Config", "description": "This module deploys a Site logs Configuration." @@ -1440,8 +1440,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "17229460238192107968" + "version": "0.33.13.18514", + "templateHash": "15063123874711680503" }, "name": "Site Web Config", "description": "This module deploys web settings configuration available under sites/config name: web." @@ -1530,8 +1530,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "18138875055545072289" + "version": "0.33.13.18514", + "templateHash": "10653723640225381902" }, "name": "Site Deployment Extension ", "description": "This module deploys a Site extension for MSDeploy." @@ -1748,8 +1748,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12729018089714646839" + "version": "0.33.13.18514", + "templateHash": "15803822027091526791" }, "name": "Web/Function App Deployment Slots", "description": "This module deploys a Web or Function App Deployment Slot." @@ -2784,8 +2784,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "10124842813698211071" + "version": "0.33.13.18514", + "templateHash": "6379851449588708934" }, "name": "Site Slot App Settings", "description": "This module deploys a Site Slot App Setting." @@ -2961,8 +2961,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "7246612330843636406" + "version": "0.33.13.18514", + "templateHash": "4192061847386712633" }, "name": "Site Slot Auth Settings V2 Config", "description": "This module deploys a Site Auth Settings V2 Configuration." @@ -3081,8 +3081,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "13728299747043713048" + "version": "0.33.13.18514", + "templateHash": "13483227944246460692" }, "name": "Web Site Slot Basic Publishing Credentials Policies", "description": "This module deploys a Web Site Slot Basic Publishing Credentials Policy." @@ -3205,8 +3205,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "1399655044962772411" + "version": "0.33.13.18514", + "templateHash": "17428168852439619558" }, "name": "Web/Function Apps Slot Hybrid Connection Relay", "description": "This module deploys a Site Slot Hybrid Connection Namespace Relay." @@ -3309,8 +3309,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "18138875055545072289" + "version": "0.33.13.18514", + "templateHash": "10653723640225381902" }, "name": "Site Deployment Extension ", "description": "This module deploys a Site extension for MSDeploy." @@ -3379,6 +3379,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-slot-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -4230,8 +4232,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "7686713695944836722" + "version": "0.33.13.18514", + "templateHash": "1499299399255876013" }, "name": "Web Site Basic Publishing Credentials Policies", "description": "This module deploys a Web Site Basic Publishing Credentials Policy." @@ -4345,8 +4347,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "6378705059063789109" + "version": "0.33.13.18514", + "templateHash": "3864138738153964150" }, "name": "Web/Function Apps Hybrid Connection Relay", "description": "This module deploys a Site Hybrid Connection Namespace Relay." @@ -4426,6 +4428,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-app-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" diff --git a/avm/res/web/site/slot/main.bicep b/avm/res/web/site/slot/main.bicep index 56758d1f5c..f41579ba90 100644 --- a/avm/res/web/site/slot/main.bicep +++ b/avm/res/web/site/slot/main.bicep @@ -377,15 +377,10 @@ resource slot_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-0 module slot_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.7.1' = [ for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-slot-PrivateEndpoint-${index}' - scope: !empty(privateEndpoint.?resourceGroupResourceId) - ? resourceGroup( - split((privateEndpoint.?resourceGroupResourceId ?? '//'), '/')[2], - split((privateEndpoint.?resourceGroupResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((privateEndpoint.?subnetResourceId ?? '//'), '/')[2], - split((privateEndpoint.?subnetResourceId ?? '////'), '/')[4] - ) + scope: resourceGroup( + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] + ) params: { name: privateEndpoint.?name ?? 'pep-${last(split(app.id, '/'))}-${privateEndpoint.?service ?? 'sites-${slot.name}'}-${index}' privateLinkServiceConnections: privateEndpoint.?isManualConnection != true diff --git a/avm/res/web/site/slot/main.json b/avm/res/web/site/slot/main.json index 06e32b96c3..f7a5a18c95 100644 --- a/avm/res/web/site/slot/main.json +++ b/avm/res/web/site/slot/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12729018089714646839" + "version": "0.33.13.18514", + "templateHash": "15803822027091526791" }, "name": "Web/Function App Deployment Slots", "description": "This module deploys a Web or Function App Deployment Slot." @@ -1041,8 +1041,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "10124842813698211071" + "version": "0.33.13.18514", + "templateHash": "6379851449588708934" }, "name": "Site Slot App Settings", "description": "This module deploys a Site Slot App Setting." @@ -1218,8 +1218,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "7246612330843636406" + "version": "0.33.13.18514", + "templateHash": "4192061847386712633" }, "name": "Site Slot Auth Settings V2 Config", "description": "This module deploys a Site Auth Settings V2 Configuration." @@ -1338,8 +1338,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "13728299747043713048" + "version": "0.33.13.18514", + "templateHash": "13483227944246460692" }, "name": "Web Site Slot Basic Publishing Credentials Policies", "description": "This module deploys a Web Site Slot Basic Publishing Credentials Policy." @@ -1462,8 +1462,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "1399655044962772411" + "version": "0.33.13.18514", + "templateHash": "17428168852439619558" }, "name": "Web/Function Apps Slot Hybrid Connection Relay", "description": "This module deploys a Site Slot Hybrid Connection Namespace Relay." @@ -1566,8 +1566,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "18138875055545072289" + "version": "0.33.13.18514", + "templateHash": "10653723640225381902" }, "name": "Site Deployment Extension ", "description": "This module deploys a Site extension for MSDeploy." @@ -1636,6 +1636,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-slot-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner" diff --git a/avm/res/web/static-site/main.bicep b/avm/res/web/static-site/main.bicep index 2eab05ab58..f3387107ab 100644 --- a/avm/res/web/static-site/main.bicep +++ b/avm/res/web/static-site/main.bicep @@ -247,15 +247,10 @@ resource staticSite_roleAssignments 'Microsoft.Authorization/roleAssignments@202 module staticSite_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.7.1' = [ for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-staticSite-PrivateEndpoint-${index}' - scope: !empty(privateEndpoint.?resourceGroupResourceId) - ? resourceGroup( - split((privateEndpoint.?resourceGroupResourceId ?? '//'), '/')[2], - split((privateEndpoint.?resourceGroupResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((privateEndpoint.?subnetResourceId ?? '//'), '/')[2], - split((privateEndpoint.?subnetResourceId ?? '////'), '/')[4] - ) + scope: resourceGroup( + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], + split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] + ) params: { name: privateEndpoint.?name ?? 'pep-${last(split(staticSite.id, '/'))}-${privateEndpoint.?service ?? 'staticSites'}-${index}' privateLinkServiceConnections: privateEndpoint.?isManualConnection != true diff --git a/avm/res/web/static-site/main.json b/avm/res/web/static-site/main.json index 33de8d5d87..4ce780a6b8 100644 --- a/avm/res/web/static-site/main.json +++ b/avm/res/web/static-site/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "7497371071073742378" + "version": "0.33.13.18514", + "templateHash": "5409964564427816888" }, "name": "Static Web Apps", "description": "This module deploys a Static Web App." @@ -701,8 +701,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "8275628450081231495" + "version": "0.33.13.18514", + "templateHash": "6117646567314030149" }, "name": "Static Web App Site Linked Backends", "description": "This module deploys a Custom Function App into a Static Web App Site using the Linked Backends property." @@ -802,8 +802,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12709536246529127181" + "version": "0.33.13.18514", + "templateHash": "7998567469554918663" }, "name": "Static Web App Site Config", "description": "This module deploys a Static Web App Site Config." @@ -896,8 +896,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "12709536246529127181" + "version": "0.33.13.18514", + "templateHash": "7998567469554918663" }, "name": "Static Web App Site Config", "description": "This module deploys a Static Web App Site Config." @@ -991,8 +991,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "2208155866464160058" + "version": "0.33.13.18514", + "templateHash": "3686358111815300788" }, "name": "Static Web App Site Custom Domains", "description": "This module deploys a Static Web App Site Custom Domain." @@ -1065,6 +1065,8 @@ "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-staticSite-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'subnetResourceId')), '/')[4]]", "properties": { "expressionEvaluationOptions": { "scope": "inner"