Skip to content

Commit

Permalink
fix: Update avm/res/document-db/database-account (#3565)
Browse files Browse the repository at this point in the history
  • Loading branch information
@seesharprun
seesharprun authored Oct 17, 2024
1 parent 530ee21 commit 6736202
Show file tree
Hide file tree
Showing 17 changed files with 111 additions and 57 deletions.
27 changes: 26 additions & 1 deletion avm/res/document-db/database-account/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3315,6 +3315,7 @@ param tags = {
| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. |
| [`maxIntervalInSeconds`](#parameter-maxintervalinseconds) | int | Default to 300. Max lag time (minutes). Required for BoundedStaleness. Valid ranges, Single Region: 5 to 84600. Multi Region: 300 to 86400. |
| [`maxStalenessPrefix`](#parameter-maxstalenessprefix) | int | Default to 100000. Max stale requests. Required for BoundedStaleness. Valid ranges, Single Region: 10 to 1000000. Multi Region: 100000 to 1000000. |
| [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | Default to TLS 1.2. Enum to indicate the minimum allowed TLS version. Azure Cosmos DB for MongoDB RU and Apache Cassandra only work with TLS 1.2 or later. |
| [`mongodbDatabases`](#parameter-mongodbdatabases) | array | MongoDB Databases configurations. |
| [`networkRestrictions`](#parameter-networkrestrictions) | object | The network configuration of this module. |
| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. |
Expand Down Expand Up @@ -3606,7 +3607,7 @@ Disable write operations on metadata resources (databases, containers, throughpu

- Required: No
- Type: bool
- Default: `False`
- Default: `True`

### Parameter: `disableLocalAuth`

Expand Down Expand Up @@ -3786,6 +3787,22 @@ Default to 100000. Max stale requests. Required for BoundedStaleness. Valid rang
- Type: int
- Default: `100000`

### Parameter: `minimumTlsVersion`

Default to TLS 1.2. Enum to indicate the minimum allowed TLS version. Azure Cosmos DB for MongoDB RU and Apache Cassandra only work with TLS 1.2 or later.

- Required: No
- Type: string
- Default: `'Tls12'`
- Allowed:
```Bicep
[
'Tls'
'Tls11'
'Tls12'
]
```

### Parameter: `mongodbDatabases`

MongoDB Databases configurations.
Expand All @@ -3800,6 +3817,14 @@ The network configuration of this module.

- Required: No
- Type: object
- Default:
```Bicep
{
ipRules: []
publicNetworkAccess: 'Disabled'
virtualNetworkRules: []
}
```

**Optional parameters**

Expand Down
23 changes: 18 additions & 5 deletions avm/res/document-db/database-account/main.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ param enableFreeTier bool = false
param enableMultipleWriteLocations bool = false

@description('Optional. Disable write operations on metadata resources (databases, containers, throughput) via account keys.')
param disableKeyBasedMetadataWriteAccess bool = false
param disableKeyBasedMetadataWriteAccess bool = true

@minValue(1)
@maxValue(2147483647)
Expand Down Expand Up @@ -147,7 +147,19 @@ param privateEndpoints privateEndpointType
param secretsExportConfiguration secretsExportConfigurationType?

@description('Optional. The network configuration of this module.')
param networkRestrictions networkRestrictionsType?
param networkRestrictions networkRestrictionsType = {
ipRules: []
virtualNetworkRules: []
publicNetworkAccess: 'Disabled'
}

@allowed([
'Tls'
'Tls11'
'Tls12'
])
@description('Optional. Default to TLS 1.2. Enum to indicate the minimum allowed TLS version. Azure Cosmos DB for MongoDB RU and Apache Cassandra only work with TLS 1.2 or later.')
param minimumTlsVersion string = 'Tls12'

var formattedUserAssignedIdentities = reduce(
map((managedIdentities.?userAssignedResourceIds ?? []), (id) => { '${id}': {} }),
Expand Down Expand Up @@ -243,10 +255,11 @@ var databaseAccountProperties = union(
{
databaseAccountOfferType: databaseAccountOfferType
backupPolicy: backupPolicy
minimalTlsVersion: minimumTlsVersion
},
((!empty(sqlDatabases) || !empty(mongodbDatabases) || !empty(gremlinDatabases))
? {
// Common properties
// NoSQL, MongoDB RU, and Apache Gremlin common properties
consistencyPolicy: consistencyPolicy[defaultConsistencyLevel]
enableMultipleWriteLocations: enableMultipleWriteLocations
locations: empty(databaseAccount_locations) ? defaultFailoverLocation : databaseAccount_locations
Expand All @@ -265,14 +278,14 @@ var databaseAccountProperties = union(
: {}),
(!empty(sqlDatabases)
? {
// SQLDB properties
// NoSQL properties
disableLocalAuth: disableLocalAuth
disableKeyBasedMetadataWriteAccess: disableKeyBasedMetadataWriteAccess
}
: {}),
(!empty(mongodbDatabases)
? {
// MongoDb properties
// MongoDB RU properties
apiProperties: {
serverVersion: serverVersion
}
Expand Down
66 changes: 41 additions & 25 deletions avm/res/document-db/database-account/main.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "17113672202913052529"
"version": "0.30.23.60470",
"templateHash": "1683127699645349372"
},
"name": "DocumentDB Database Accounts",
"description": "This module deploys a DocumentDB Database Account.",
Expand Down Expand Up @@ -956,7 +956,7 @@
},
"disableKeyBasedMetadataWriteAccess": {
"type": "bool",
"defaultValue": false,
"defaultValue": true,
"metadata": {
"description": "Optional. Disable write operations on metadata resources (databases, containers, throughput) via account keys."
}
Expand Down Expand Up @@ -1139,10 +1139,26 @@
},
"networkRestrictions": {
"$ref": "#/definitions/networkRestrictionsType",
"nullable": true,
"defaultValue": {
"ipRules": [],
"virtualNetworkRules": [],
"publicNetworkAccess": "Disabled"
},
"metadata": {
"description": "Optional. The network configuration of this module."
}
},
"minimumTlsVersion": {
"type": "string",
"defaultValue": "Tls12",
"allowedValues": [
"Tls",
"Tls11",
"Tls12"
],
"metadata": {
"description": "Optional. Default to TLS 1.2. Enum to indicate the minimum allowed TLS version. Azure Cosmos DB for MongoDB RU and Apache Cassandra only work with TLS 1.2 or later."
}
}
},
"variables": {
Expand Down Expand Up @@ -1214,7 +1230,7 @@
],
"kind": "[if(or(not(empty(parameters('sqlDatabases'))), not(empty(parameters('gremlinDatabases')))), 'GlobalDocumentDB', if(not(empty(parameters('mongodbDatabases'))), 'MongoDB', 'GlobalDocumentDB'))]",
"backupPolicy": "[if(equals(parameters('backupPolicyType'), 'Continuous'), createObject('type', parameters('backupPolicyType'), 'continuousModeProperties', createObject('tier', parameters('backupPolicyContinuousTier'))), createObject('type', parameters('backupPolicyType'), 'periodicModeProperties', createObject('backupIntervalInMinutes', parameters('backupIntervalInMinutes'), 'backupRetentionIntervalInHours', parameters('backupRetentionIntervalInHours'), 'backupStorageRedundancy', parameters('backupStorageRedundancy'))))]",
"databaseAccountProperties": "[union(createObject('databaseAccountOfferType', parameters('databaseAccountOfferType'), 'backupPolicy', variables('backupPolicy')), if(or(or(not(empty(parameters('sqlDatabases'))), not(empty(parameters('mongodbDatabases')))), not(empty(parameters('gremlinDatabases')))), createObject('consistencyPolicy', variables('consistencyPolicy')[parameters('defaultConsistencyLevel')], 'enableMultipleWriteLocations', parameters('enableMultipleWriteLocations'), 'locations', if(empty(variables('databaseAccount_locations')), variables('defaultFailoverLocation'), variables('databaseAccount_locations')), 'ipRules', variables('ipRules'), 'virtualNetworkRules', variables('virtualNetworkRules'), 'networkAclBypass', coalesce(tryGet(parameters('networkRestrictions'), 'networkAclBypass'), 'AzureServices'), 'publicNetworkAccess', coalesce(tryGet(parameters('networkRestrictions'), 'publicNetworkAccess'), 'Enabled'), 'isVirtualNetworkFilterEnabled', or(not(empty(variables('ipRules'))), not(empty(variables('virtualNetworkRules')))), 'capabilities', variables('capabilities'), 'enableFreeTier', parameters('enableFreeTier'), 'enableAutomaticFailover', parameters('automaticFailover'), 'enableAnalyticalStorage', parameters('enableAnalyticalStorage')), createObject()), if(not(empty(parameters('sqlDatabases'))), createObject('disableLocalAuth', parameters('disableLocalAuth'), 'disableKeyBasedMetadataWriteAccess', parameters('disableKeyBasedMetadataWriteAccess')), createObject()), if(not(empty(parameters('mongodbDatabases'))), createObject('apiProperties', createObject('serverVersion', parameters('serverVersion'))), createObject()))]",
"databaseAccountProperties": "[union(createObject('databaseAccountOfferType', parameters('databaseAccountOfferType'), 'backupPolicy', variables('backupPolicy'), 'minimalTlsVersion', parameters('minimumTlsVersion')), if(or(or(not(empty(parameters('sqlDatabases'))), not(empty(parameters('mongodbDatabases')))), not(empty(parameters('gremlinDatabases')))), createObject('consistencyPolicy', variables('consistencyPolicy')[parameters('defaultConsistencyLevel')], 'enableMultipleWriteLocations', parameters('enableMultipleWriteLocations'), 'locations', if(empty(variables('databaseAccount_locations')), variables('defaultFailoverLocation'), variables('databaseAccount_locations')), 'ipRules', variables('ipRules'), 'virtualNetworkRules', variables('virtualNetworkRules'), 'networkAclBypass', coalesce(tryGet(parameters('networkRestrictions'), 'networkAclBypass'), 'AzureServices'), 'publicNetworkAccess', coalesce(tryGet(parameters('networkRestrictions'), 'publicNetworkAccess'), 'Enabled'), 'isVirtualNetworkFilterEnabled', or(not(empty(variables('ipRules'))), not(empty(variables('virtualNetworkRules')))), 'capabilities', variables('capabilities'), 'enableFreeTier', parameters('enableFreeTier'), 'enableAutomaticFailover', parameters('automaticFailover'), 'enableAnalyticalStorage', parameters('enableAnalyticalStorage')), createObject()), if(not(empty(parameters('sqlDatabases'))), createObject('disableLocalAuth', parameters('disableLocalAuth'), 'disableKeyBasedMetadataWriteAccess', parameters('disableKeyBasedMetadataWriteAccess')), createObject()), if(not(empty(parameters('mongodbDatabases'))), createObject('apiProperties', createObject('serverVersion', parameters('serverVersion'))), createObject()))]",
"builtInRoleNames": {
"Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
"Cosmos DB Account Reader Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fbdf93bf-df7d-467e-a4d2-9458aa1360c8')]",
Expand Down Expand Up @@ -1373,8 +1389,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "17028659150619761460"
"version": "0.30.23.60470",
"templateHash": "10274585444287252550"
},
"name": "DocumentDB Database Account SQL Databases",
"description": "This module deploys a SQL Database in a CosmosDB Account.",
Expand Down Expand Up @@ -1506,8 +1522,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "15811275148784494613"
"version": "0.30.23.60470",
"templateHash": "165408036680070575"
},
"name": "DocumentDB Database Account SQL Database Containers",
"description": "This module deploys a SQL Database Container in a CosmosDB Account.",
Expand Down Expand Up @@ -1763,8 +1779,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "8574173933379504173"
"version": "0.30.23.60470",
"templateHash": "2916914405670681340"
},
"name": "DocumentDB Database Account SQL Role.",
"description": "This module deploys SQL Role Definision and Assignment in a CosmosDB Account.",
Expand Down Expand Up @@ -1850,8 +1866,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "13173648139881140212"
"version": "0.30.23.60470",
"templateHash": "5054354703268051893"
},
"name": "DocumentDB Database Account SQL Role Definitions.",
"description": "This module deploys a SQL Role Definision in a CosmosDB Account.",
Expand Down Expand Up @@ -1971,8 +1987,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "16344872287220693060"
"version": "0.30.23.60470",
"templateHash": "14629860270436011718"
},
"name": "DocumentDB Database Account SQL Role Assignments.",
"description": "This module deploys a SQL Role Assignment in a CosmosDB Account.",
Expand Down Expand Up @@ -2085,8 +2101,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "5589296472144391886"
"version": "0.30.23.60470",
"templateHash": "1169635175830874795"
},
"name": "DocumentDB Database Account MongoDB Databases",
"description": "This module deploys a MongoDB Database within a CosmosDB Account.",
Expand Down Expand Up @@ -2188,8 +2204,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "2005645426653376123"
"version": "0.30.23.60470",
"templateHash": "1358778299011674509"
},
"name": "DocumentDB Database Account MongoDB Database Collections",
"description": "This module deploys a MongoDB Database Collection.",
Expand Down Expand Up @@ -2348,8 +2364,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "7926803681315745584"
"version": "0.30.23.60470",
"templateHash": "14612267479855031826"
},
"name": "DocumentDB Database Account Gremlin Databases",
"description": "This module deploys a Gremlin Database within a CosmosDB Account.",
Expand Down Expand Up @@ -2454,8 +2470,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "9917502444704809829"
"version": "0.30.23.60470",
"templateHash": "5396990720772518636"
},
"name": "DocumentDB Database Accounts Gremlin Databases Graphs",
"description": "This module deploys a DocumentDB Database Accounts Gremlin Database Graph.",
Expand Down Expand Up @@ -3389,8 +3405,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.29.47.4906",
"templateHash": "986606208324987345"
"version": "0.30.23.60470",
"templateHash": "12263717469683062316"
}
},
"definitions": {
Expand Down
4 changes: 2 additions & 2 deletions avm/res/document-db/database-account/tests/e2e/analytical/main.test.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@ param serviceShort string = 'dddaanl'
@description('Optional. A token to inject into the name of each resource.')
param namePrefix string = '#_namePrefix_#'

// Pipeline is selecting random regions which dont support all cosmos features and have constraints when creating new cosmos
// The default pipeline is selecting random regions which don't have capacity for Azure Cosmos DB or support all Azure Cosmos DB features when creating new accounts.
#disable-next-line no-hardcoded-location
var enforcedLocation = 'eastasia'
var enforcedLocation = 'eastus2'

// ============== //
// General resources
Expand Down
4 changes: 2 additions & 2 deletions avm/res/document-db/database-account/tests/e2e/boundedConsistency/main.test.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@ param serviceShort string = 'dddabco'
@description('Optional. A token to inject into the name of each resource.')
param namePrefix string = '#_namePrefix_#'

// Pipeline is selecting random regions which dont support all cosmos features and have constraints when creating new cosmos
// The default pipeline is selecting random regions which don't have capacity for Azure Cosmos DB or support all Azure Cosmos DB features when creating new accounts.
#disable-next-line no-hardcoded-location
var enforcedLocation = 'eastasia'
var enforcedLocation = 'eastus2'

// ============== //
// General resources
Expand Down
4 changes: 2 additions & 2 deletions avm/res/document-db/database-account/tests/e2e/defaults/main.test.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@ param serviceShort string = 'dddamin'
@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.')
param namePrefix string = '#_namePrefix_#'

// Pipeline is selecting random regions which dont support all cosmos features and have constraints when creating new cosmos
// The default pipeline is selecting random regions which don't have capacity for Azure Cosmos DB or support all Azure Cosmos DB features when creating new accounts.
#disable-next-line no-hardcoded-location
var enforcedLocation = 'eastasia'
var enforcedLocation = 'eastus2'

// ============ //
// Dependencies //
Expand Down
4 changes: 2 additions & 2 deletions avm/res/document-db/database-account/tests/e2e/gremlindb/main.test.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@ param serviceShort string = 'dddagrm'
@description('Optional. A token to inject into the name of each resource.')
param namePrefix string = '#_namePrefix_#'

// Pipeline is selecting random regions which dont support all cosmos features and have constraints when creating new cosmos
// The default pipeline is selecting random regions which don't have capacity for Azure Cosmos DB or support all Azure Cosmos DB features when creating new accounts.
#disable-next-line no-hardcoded-location
var enforcedLocation = 'eastasia'
var enforcedLocation = 'eastus2'

// ============ //
// Dependencies //
Expand Down
4 changes: 2 additions & 2 deletions avm/res/document-db/database-account/tests/e2e/kvSecrets/main.test.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@ param serviceShort string = 'dddaskvs'
@description('Optional. A token to inject into the name of each resource.')
param namePrefix string = '#_namePrefix_#'

// Pipeline is selecting random regions which dont support all cosmos features and have constraints when creating new cosmos
// The default pipeline is selecting random regions which don't have capacity for Azure Cosmos DB or support all Azure Cosmos DB features when creating new accounts.
#disable-next-line no-hardcoded-location
var enforcedLocation = 'eastasia'
var enforcedLocation = 'eastus2'

// ============== //
// General resources
Expand Down
4 changes: 2 additions & 2 deletions avm/res/document-db/database-account/tests/e2e/managedIdentity/main.test.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@ param serviceShort string = 'dddaumi'
@description('Optional. A token to inject into the name of each resource.')
param namePrefix string = '#_namePrefix_#'

// Pipeline is selecting random regions which dont support all cosmos features and have constraints when creating new cosmos
// The default pipeline is selecting random regions which don't have capacity for Azure Cosmos DB or support all Azure Cosmos DB features when creating new accounts.
#disable-next-line no-hardcoded-location
var enforcedLocation = 'eastasia'
var enforcedLocation = 'eastus2'

// ============ //
// Dependencies //
Expand Down
4 changes: 2 additions & 2 deletions avm/res/document-db/database-account/tests/e2e/mongodb/main.test.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@ param serviceShort string = 'dddamng'
@description('Optional. A token to inject into the name of each resource.')
param namePrefix string = '#_namePrefix_#'

// Pipeline is selecting random regions which dont support all cosmos features and have constraints when creating new cosmos
// The default pipeline is selecting random regions which don't have capacity for Azure Cosmos DB or support all Azure Cosmos DB features when creating new accounts.
#disable-next-line no-hardcoded-location
var enforcedLocation = 'eastasia'
var enforcedLocation = 'eastus2'

// ============ //
// Dependencies //
Expand Down
Loading

0 comments on commit 6736202

Please sign in to comment.