diff --git a/avm/res/document-db/database-account/README.md b/avm/res/document-db/database-account/README.md index 4aa14673be..a48419fb6a 100644 --- a/avm/res/document-db/database-account/README.md +++ b/avm/res/document-db/database-account/README.md @@ -50,8 +50,8 @@ The following section provides usage examples for the module, which were used to - [Deploying multiple regions](#example-8-deploying-multiple-regions) - [Plain](#example-9-plain) - [Public network restricted access with ACL](#example-10-public-network-restricted-access-with-acl) -- [Deploying with a sql role definision and assignment](#example-11-deploying-with-a-sql-role-definision-and-assignment) -- [SQL Database](#example-12-sql-database) +- [SQL Database](#example-11-sql-database) +- [Deploying with a sql role definision and assignment](#example-12-deploying-with-a-sql-role-definision-and-assignment) - [API for Table](#example-13-api-for-table) - [WAF-aligned](#example-14-waf-aligned) @@ -320,20 +320,6 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: capabilitiesToAdd: [ 'EnableGremlin' ] - diagnosticSettings: [ - { - eventHubAuthorizationRuleResourceId: '' - eventHubName: '' - metricCategories: [ - { - category: 'AllMetrics' - } - ] - name: 'customSetting' - storageAccountResourceId: '' - workspaceResourceId: '' - } - ] gremlinDatabases: [ { graphs: [ @@ -384,44 +370,6 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: } ] location: '' - locations: [ - { - failoverPriority: 0 - isZoneRedundant: false - locationName: '' - } - { - failoverPriority: 1 - isZoneRedundant: false - locationName: '' - } - ] - managedIdentities: { - systemAssigned: true - } - roleAssignments: [ - { - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Owner' - } - { - name: '' - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c' - } - { - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: '' - } - ] - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } } } ``` @@ -448,22 +396,6 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: "EnableGremlin" ] }, - "diagnosticSettings": { - "value": [ - { - "eventHubAuthorizationRuleResourceId": "", - "eventHubName": "", - "metricCategories": [ - { - "category": "AllMetrics" - } - ], - "name": "customSetting", - "storageAccountResourceId": "", - "workspaceResourceId": "" - } - ] - }, "gremlinDatabases": { "value": [ { @@ -517,52 +449,6 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: }, "location": { "value": "" - }, - "locations": { - "value": [ - { - "failoverPriority": 0, - "isZoneRedundant": false, - "locationName": "" - }, - { - "failoverPriority": 1, - "isZoneRedundant": false, - "locationName": "" - } - ] - }, - "managedIdentities": { - "value": { - "systemAssigned": true - } - }, - "roleAssignments": { - "value": [ - { - "principalId": "", - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Owner" - }, - { - "name": "", - "principalId": "", - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "b24988ac-6180-42a0-ab88-20f7382dd24c" - }, - { - "principalId": "", - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "" - } - ] - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } } } } @@ -584,20 +470,6 @@ param name = 'dddagrm002' param capabilitiesToAdd = [ 'EnableGremlin' ] -param diagnosticSettings = [ - { - eventHubAuthorizationRuleResourceId: '' - eventHubName: '' - metricCategories: [ - { - category: 'AllMetrics' - } - ] - name: 'customSetting' - storageAccountResourceId: '' - workspaceResourceId: '' - } -] param gremlinDatabases = [ { graphs: [ @@ -648,44 +520,6 @@ param gremlinDatabases = [ } ] param location = '' -param locations = [ - { - failoverPriority: 0 - isZoneRedundant: false - locationName: '' - } - { - failoverPriority: 1 - isZoneRedundant: false - locationName: '' - } -] -param managedIdentities = { - systemAssigned: true -} -param roleAssignments = [ - { - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Owner' - } - { - name: '' - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c' - } - { - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: '' - } -] -param tags = { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' -} ``` @@ -946,36 +780,7 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: // Required parameters name: 'dddamng001' // Non-required parameters - diagnosticSettings: [ - { - eventHubAuthorizationRuleResourceId: '' - eventHubName: '' - metricCategories: [ - { - category: 'AllMetrics' - } - ] - name: 'customSetting' - storageAccountResourceId: '' - workspaceResourceId: '' - } - ] location: '' - locations: [ - { - failoverPriority: 0 - isZoneRedundant: false - locationName: '' - } - { - failoverPriority: 1 - isZoneRedundant: false - locationName: '' - } - ] - managedIdentities: { - systemAssigned: true - } mongodbDatabases: [ { collections: [ @@ -1162,29 +967,6 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: name: 'mdb-dddamng-002' } ] - roleAssignments: [ - { - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Owner' - } - { - name: '' - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c' - } - { - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: '' - } - ] - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } } } ``` @@ -1206,44 +988,9 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: "value": "dddamng001" }, // Non-required parameters - "diagnosticSettings": { - "value": [ - { - "eventHubAuthorizationRuleResourceId": "", - "eventHubName": "", - "metricCategories": [ - { - "category": "AllMetrics" - } - ], - "name": "customSetting", - "storageAccountResourceId": "", - "workspaceResourceId": "" - } - ] - }, "location": { "value": "" }, - "locations": { - "value": [ - { - "failoverPriority": 0, - "isZoneRedundant": false, - "locationName": "" - }, - { - "failoverPriority": 1, - "isZoneRedundant": false, - "locationName": "" - } - ] - }, - "managedIdentities": { - "value": { - "systemAssigned": true - } - }, "mongodbDatabases": { "value": [ { @@ -1431,33 +1178,6 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: "name": "mdb-dddamng-002" } ] - }, - "roleAssignments": { - "value": [ - { - "principalId": "", - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Owner" - }, - { - "name": "", - "principalId": "", - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "b24988ac-6180-42a0-ab88-20f7382dd24c" - }, - { - "principalId": "", - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "" - } - ] - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } } } } @@ -1476,36 +1196,7 @@ using 'br/public:avm/res/document-db/database-account:' // Required parameters param name = 'dddamng001' // Non-required parameters -param diagnosticSettings = [ - { - eventHubAuthorizationRuleResourceId: '' - eventHubName: '' - metricCategories: [ - { - category: 'AllMetrics' - } - ] - name: 'customSetting' - storageAccountResourceId: '' - workspaceResourceId: '' - } -] param location = '' -param locations = [ - { - failoverPriority: 0 - isZoneRedundant: false - locationName: '' - } - { - failoverPriority: 1 - isZoneRedundant: false - locationName: '' - } -] -param managedIdentities = { - systemAssigned: true -} param mongodbDatabases = [ { collections: [ @@ -1692,29 +1383,6 @@ param mongodbDatabases = [ name: 'mdb-dddamng-002' } ] -param roleAssignments = [ - { - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Owner' - } - { - name: '' - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c' - } - { - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: '' - } -] -param tags = { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' -} ``` @@ -1736,7 +1404,7 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: // Required parameters name: 'multi-region' // Non-required parameters - automaticFailover: false + automaticFailover: true backupIntervalInMinutes: 300 backupPolicyType: 'Periodic' backupRetentionIntervalInHours: 16 @@ -1782,7 +1450,7 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: }, // Non-required parameters "automaticFailover": { - "value": false + "value": true }, "backupIntervalInMinutes": { "value": 300 @@ -1840,7 +1508,7 @@ using 'br/public:avm/res/document-db/database-account:' // Required parameters param name = 'multi-region' // Non-required parameters -param automaticFailover = false +param automaticFailover = true param backupIntervalInMinutes = 300 param backupPolicyType = 'Periodic' param backupRetentionIntervalInHours = 16 @@ -1885,11 +1553,11 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: // Required parameters name: 'dddapln001' // Non-required parameters - backupPolicyContinuousTier: 'Continuous7Days' - backupPolicyType: 'Continuous' - defaultConsistencyLevel: 'ConsistentPrefix' - disableKeyBasedMetadataWriteAccess: true - disableLocalAuth: true + capabilitiesToAdd: [ + 'EnableServerless' + ] + databaseAccountOfferType: 'Standard' + enableTelemetry: false location: '' locations: [ { @@ -1898,11 +1566,21 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: locationName: '' } ] + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } sqlDatabases: [ { name: 'no-containers-specified' } ] + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + totalThroughputLimit: 4000 } } ``` @@ -1924,20 +1602,16 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: "value": "dddapln001" }, // Non-required parameters - "backupPolicyContinuousTier": { - "value": "Continuous7Days" - }, - "backupPolicyType": { - "value": "Continuous" - }, - "defaultConsistencyLevel": { - "value": "ConsistentPrefix" + "capabilitiesToAdd": { + "value": [ + "EnableServerless" + ] }, - "disableKeyBasedMetadataWriteAccess": { - "value": true + "databaseAccountOfferType": { + "value": "Standard" }, - "disableLocalAuth": { - "value": true + "enableTelemetry": { + "value": false }, "location": { "value": "" @@ -1951,12 +1625,28 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: } ] }, + "lock": { + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } + }, "sqlDatabases": { "value": [ { "name": "no-containers-specified" } ] + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + }, + "totalThroughputLimit": { + "value": 4000 } } } @@ -1975,11 +1665,11 @@ using 'br/public:avm/res/document-db/database-account:' // Required parameters param name = 'dddapln001' // Non-required parameters -param backupPolicyContinuousTier = 'Continuous7Days' -param backupPolicyType = 'Continuous' -param defaultConsistencyLevel = 'ConsistentPrefix' -param disableKeyBasedMetadataWriteAccess = true -param disableLocalAuth = true +param capabilitiesToAdd = [ + 'EnableServerless' +] +param databaseAccountOfferType = 'Standard' +param enableTelemetry = false param location = '' param locations = [ { @@ -1988,11 +1678,21 @@ param locations = [ locationName: '' } ] +param lock = { + kind: 'CanNotDelete' + name: 'myCustomLockName' +} param sqlDatabases = [ { name: 'no-containers-specified' } ] +param tags = { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' +} +param totalThroughputLimit = 4000 ``` @@ -2101,110 +1801,18 @@ param networkRestrictions = { ipRules: [ '79.0.0.0' '80.0.0.0' - ] - networkAclBypass: 'AzureServices' - publicNetworkAccess: 'Enabled' - virtualNetworkRules: [ - { - subnetResourceId: '' - } - ] -} -param sqlDatabases = [ - { - name: 'no-containers-specified' - } -] -``` - - -

- -### Example 11: _Deploying with a sql role definision and assignment_ - -This instance deploys the module with sql role definision and assignment - - -

- -via Bicep module - -```bicep -module databaseAccount 'br/public:avm/res/document-db/database-account:' = { - name: 'databaseAccountDeployment' - params: { - // Required parameters - name: 'role-ref' - // Non-required parameters - location: '' - sqlRoleAssignmentsPrincipalIds: [ - '' - ] - sqlRoleDefinitions: [ - { - name: 'cosmos-sql-role-test' - } - ] - } -} -``` - -
-

- -

- -via JSON parameters file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "name": { - "value": "role-ref" - }, - // Non-required parameters - "location": { - "value": "" - }, - "sqlRoleAssignmentsPrincipalIds": { - "value": [ - "" - ] - }, - "sqlRoleDefinitions": { - "value": [ - { - "name": "cosmos-sql-role-test" - } - ] - } - } -} -``` - -
-

- -

- -via Bicep parameters file - -```bicep-params -using 'br/public:avm/res/document-db/database-account:' - -// Required parameters -param name = 'role-ref' -// Non-required parameters -param location = '' -param sqlRoleAssignmentsPrincipalIds = [ - '' -] -param sqlRoleDefinitions = [ + ] + networkAclBypass: 'AzureServices' + publicNetworkAccess: 'Enabled' + virtualNetworkRules: [ + { + subnetResourceId: '' + } + ] +} +param sqlDatabases = [ { - name: 'cosmos-sql-role-test' + name: 'no-containers-specified' } ] ``` @@ -2212,7 +1820,7 @@ param sqlRoleDefinitions = [

-### Example 12: _SQL Database_ +### Example 11: _SQL Database_ This instance deploys the module with a SQL Database. @@ -2230,13 +1838,6 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: // Non-required parameters enableAnalyticalStorage: true location: '' - locations: [ - { - failoverPriority: 0 - isZoneRedundant: false - locationName: '' - } - ] sqlDatabases: [ { containers: [ @@ -2514,15 +2115,6 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: "location": { "value": "" }, - "locations": { - "value": [ - { - "failoverPriority": 0, - "isZoneRedundant": false, - "locationName": "" - } - ] - }, "sqlDatabases": { "value": [ { @@ -2794,13 +2386,6 @@ param name = 'dddasql001' // Non-required parameters param enableAnalyticalStorage = true param location = '' -param locations = [ - { - failoverPriority: 0 - isZoneRedundant: false - locationName: '' - } -] param sqlDatabases = [ { containers: [ @@ -3056,6 +2641,98 @@ param sqlDatabases = [

+### Example 12: _Deploying with a sql role definision and assignment_ + +This instance deploys the module with sql role definision and assignment + + +

+ +via Bicep module + +```bicep +module databaseAccount 'br/public:avm/res/document-db/database-account:' = { + name: 'databaseAccountDeployment' + params: { + // Required parameters + name: 'role-ref' + // Non-required parameters + location: '' + sqlRoleAssignmentsPrincipalIds: [ + '' + ] + sqlRoleDefinitions: [ + { + name: 'cosmos-sql-role-test' + } + ] + } +} +``` + +
+

+ +

+ +via JSON parameters file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "role-ref" + }, + // Non-required parameters + "location": { + "value": "" + }, + "sqlRoleAssignmentsPrincipalIds": { + "value": [ + "" + ] + }, + "sqlRoleDefinitions": { + "value": [ + { + "name": "cosmos-sql-role-test" + } + ] + } + } +} +``` + +
+

+ +

+ +via Bicep parameters file + +```bicep-params +using 'br/public:avm/res/document-db/database-account:' + +// Required parameters +param name = 'role-ref' +// Non-required parameters +param location = '' +param sqlRoleAssignmentsPrincipalIds = [ + '' +] +param sqlRoleDefinitions = [ + { + name: 'cosmos-sql-role-test' + } +] +``` + +
+

+ ### Example 13: _API for Table_ This instance deploys the module for an Azure Cosmos DB for Table account with two example tables. @@ -3179,6 +2856,7 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: // Required parameters name: 'dddawaf001' // Non-required parameters + automaticFailover: true diagnosticSettings: [ { eventHubAuthorizationRuleResourceId: '' @@ -3188,10 +2866,12 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: } ] disableKeyBasedMetadataWriteAccess: true + disableLocalAuth: true location: '' - lock: { - kind: 'CanNotDelete' - name: 'myCustomLockName' + minimumTlsVersion: 'Tls12' + networkRestrictions: { + networkAclBypass: 'None' + publicNetworkAccess: 'Disabled' } privateEndpoints: [ { @@ -3204,32 +2884,13 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: } service: 'Sql' subnetResourceId: '' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } } ] sqlDatabases: [ { - containers: [ - { - kind: 'Hash' - name: 'container-001' - paths: [ - '/myPartitionKey1' - ] - } - ] - name: 'sql-dddawaf-001' + name: 'no-containers-specified' } ] - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } } } ``` @@ -3251,6 +2912,9 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: "value": "dddawaf001" }, // Non-required parameters + "automaticFailover": { + "value": true + }, "diagnosticSettings": { "value": [ { @@ -3264,13 +2928,19 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: "disableKeyBasedMetadataWriteAccess": { "value": true }, + "disableLocalAuth": { + "value": true + }, "location": { "value": "" }, - "lock": { + "minimumTlsVersion": { + "value": "Tls12" + }, + "networkRestrictions": { "value": { - "kind": "CanNotDelete", - "name": "myCustomLockName" + "networkAclBypass": "None", + "publicNetworkAccess": "Disabled" } }, "privateEndpoints": { @@ -3284,37 +2954,16 @@ module databaseAccount 'br/public:avm/res/document-db/database-account: ] }, "service": "Sql", - "subnetResourceId": "", - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } + "subnetResourceId": "" } ] }, "sqlDatabases": { "value": [ { - "containers": [ - { - "kind": "Hash", - "name": "container-001", - "paths": [ - "/myPartitionKey1" - ] - } - ], - "name": "sql-dddawaf-001" + "name": "no-containers-specified" } ] - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } } } } @@ -3333,6 +2982,7 @@ using 'br/public:avm/res/document-db/database-account:' // Required parameters param name = 'dddawaf001' // Non-required parameters +param automaticFailover = true param diagnosticSettings = [ { eventHubAuthorizationRuleResourceId: '' @@ -3342,10 +2992,12 @@ param diagnosticSettings = [ } ] param disableKeyBasedMetadataWriteAccess = true +param disableLocalAuth = true param location = '' -param lock = { - kind: 'CanNotDelete' - name: 'myCustomLockName' +param minimumTlsVersion = 'Tls12' +param networkRestrictions = { + networkAclBypass: 'None' + publicNetworkAccess: 'Disabled' } param privateEndpoints = [ { @@ -3358,32 +3010,13 @@ param privateEndpoints = [ } service: 'Sql' subnetResourceId: '' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } } ] param sqlDatabases = [ { - containers: [ - { - kind: 'Hash' - name: 'container-001' - paths: [ - '/myPartitionKey1' - ] - } - ] - name: 'sql-dddawaf-001' + name: 'no-containers-specified' } ] -param tags = { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' -} ``` @@ -3401,7 +3034,7 @@ param tags = { | Parameter | Type | Description | | :-- | :-- | :-- | -| [`automaticFailover`](#parameter-automaticfailover) | bool | Enable automatic failover for regions. | +| [`automaticFailover`](#parameter-automaticfailover) | bool | Default to true. Enable automatic failover for regions. | | [`backupIntervalInMinutes`](#parameter-backupintervalinminutes) | int | Default to 240. An integer representing the interval in minutes between two backups. Only applies to periodic backup type. | | [`backupPolicyContinuousTier`](#parameter-backuppolicycontinuoustier) | string | Default to Continuous30Days. Configuration values for continuous mode backup. | | [`backupPolicyType`](#parameter-backuppolicytype) | string | Default to Continuous. Describes the mode of backups. Periodic backup must be used if multiple write locations are used. | @@ -3411,11 +3044,11 @@ param tags = { | [`databaseAccountOfferType`](#parameter-databaseaccountoffertype) | string | Default to Standard. The offer type for the Azure Cosmos DB database account. | | [`defaultConsistencyLevel`](#parameter-defaultconsistencylevel) | string | Default to Session. The default consistency level of the Cosmos DB account. | | [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. | -| [`disableKeyBasedMetadataWriteAccess`](#parameter-disablekeybasedmetadatawriteaccess) | bool | Disable write operations on metadata resources (databases, containers, throughput) via account keys. | -| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. | -| [`enableAnalyticalStorage`](#parameter-enableanalyticalstorage) | bool | Flag to indicate whether to enable storage analytics. | -| [`enableFreeTier`](#parameter-enablefreetier) | bool | Flag to indicate whether Free Tier is enabled. | -| [`enableMultipleWriteLocations`](#parameter-enablemultiplewritelocations) | bool | Enables the account to write in multiple locations. Periodic backup must be used if enabled. | +| [`disableKeyBasedMetadataWriteAccess`](#parameter-disablekeybasedmetadatawriteaccess) | bool | Default to true. Disable write operations on metadata resources (databases, containers, throughput) via account keys. | +| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | Default to true. Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. | +| [`enableAnalyticalStorage`](#parameter-enableanalyticalstorage) | bool | Default to false. Flag to indicate whether to enable storage analytics. | +| [`enableFreeTier`](#parameter-enablefreetier) | bool | Default to false. Flag to indicate whether Free Tier is enabled. | +| [`enableMultipleWriteLocations`](#parameter-enablemultiplewritelocations) | bool | Default to false. Enables the account to write in multiple locations. Periodic backup must be used if enabled. | | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | | [`gremlinDatabases`](#parameter-gremlindatabases) | array | Gremlin Databases configurations. | | [`location`](#parameter-location) | string | Default to current resource group scope location. Location for all resources. | @@ -3436,6 +3069,7 @@ param tags = { | [`sqlRoleDefinitions`](#parameter-sqlroledefinitions) | array | SQL Role Definitions configurations. | | [`tables`](#parameter-tables) | array | Table configurations. | | [`tags`](#parameter-tags) | object | Tags of the Database Account resource. | +| [`totalThroughputLimit`](#parameter-totalthroughputlimit) | int | Default to unlimited. The total throughput limit imposed on this Cosmos DB account (RU/s). | ### Parameter: `name` @@ -3446,7 +3080,7 @@ Name of the Database Account. ### Parameter: `automaticFailover` -Enable automatic failover for regions. +Default to true. Enable automatic failover for regions. - Required: No - Type: bool @@ -3716,7 +3350,7 @@ Resource ID of the diagnostic log analytics workspace. For security reasons, it ### Parameter: `disableKeyBasedMetadataWriteAccess` -Disable write operations on metadata resources (databases, containers, throughput) via account keys. +Default to true. Disable write operations on metadata resources (databases, containers, throughput) via account keys. - Required: No - Type: bool @@ -3724,7 +3358,7 @@ Disable write operations on metadata resources (databases, containers, throughpu ### Parameter: `disableLocalAuth` -Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. +Default to true. Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication. - Required: No - Type: bool @@ -3732,7 +3366,7 @@ Opt-out of local authentication and ensure only MSI and AAD can be used exclusiv ### Parameter: `enableAnalyticalStorage` -Flag to indicate whether to enable storage analytics. +Default to false. Flag to indicate whether to enable storage analytics. - Required: No - Type: bool @@ -3740,7 +3374,7 @@ Flag to indicate whether to enable storage analytics. ### Parameter: `enableFreeTier` -Flag to indicate whether Free Tier is enabled. +Default to false. Flag to indicate whether Free Tier is enabled. - Required: No - Type: bool @@ -3748,7 +3382,7 @@ Flag to indicate whether Free Tier is enabled. ### Parameter: `enableMultipleWriteLocations` -Enables the account to write in multiple locations. Periodic backup must be used if enabled. +Default to false. Enables the account to write in multiple locations. Periodic backup must be used if enabled. - Required: No - Type: bool @@ -3910,8 +3544,6 @@ Default to TLS 1.2. Enum to indicate the minimum allowed TLS version. Azure Cosm - Allowed: ```Bicep [ - 'Tls' - 'Tls11' 'Tls12' ] ``` @@ -3939,50 +3571,25 @@ The network configuration of this module. Defaults to `{ ipRules: [], virtualNet } ``` -**Required parameters** +**Optional parameters** | Parameter | Type | Description | | :-- | :-- | :-- | | [`ipRules`](#parameter-networkrestrictionsiprules) | array | A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: "23.40.210.245" or "23.40.210.0/8". | +| [`networkAclBypass`](#parameter-networkrestrictionsnetworkaclbypass) | string | Default to None. Specifies the network ACL bypass for Azure services. | +| [`publicNetworkAccess`](#parameter-networkrestrictionspublicnetworkaccess) | string | Default to Disabled. Whether requests from Public Network are allowed. | | [`virtualNetworkRules`](#parameter-networkrestrictionsvirtualnetworkrules) | array | List of Virtual Network ACL rules configured for the Cosmos DB account.. | -**Optional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`networkAclBypass`](#parameter-networkrestrictionsnetworkaclbypass) | string | Default to AzureServices. Specifies the network ACL bypass for Azure services. | -| [`publicNetworkAccess`](#parameter-networkrestrictionspublicnetworkaccess) | string | Default to Enabled. Whether requests from Public Network are allowed. | - ### Parameter: `networkRestrictions.ipRules` A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: "23.40.210.245" or "23.40.210.0/8". -- Required: Yes -- Type: array - -### Parameter: `networkRestrictions.virtualNetworkRules` - -List of Virtual Network ACL rules configured for the Cosmos DB account.. - -- Required: Yes +- Required: No - Type: array -**Required parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`subnetResourceId`](#parameter-networkrestrictionsvirtualnetworkrulessubnetresourceid) | string | Resource ID of a subnet. | - -### Parameter: `networkRestrictions.virtualNetworkRules.subnetResourceId` - -Resource ID of a subnet. - -- Required: Yes -- Type: string - ### Parameter: `networkRestrictions.networkAclBypass` -Default to AzureServices. Specifies the network ACL bypass for Azure services. +Default to None. Specifies the network ACL bypass for Azure services. - Required: No - Type: string @@ -3996,7 +3603,7 @@ Default to AzureServices. Specifies the network ACL bypass for Azure services. ### Parameter: `networkRestrictions.publicNetworkAccess` -Default to Enabled. Whether requests from Public Network are allowed. +Default to Disabled. Whether requests from Public Network are allowed. - Required: No - Type: string @@ -4008,6 +3615,26 @@ Default to Enabled. Whether requests from Public Network are allowed. ] ``` +### Parameter: `networkRestrictions.virtualNetworkRules` + +List of Virtual Network ACL rules configured for the Cosmos DB account.. + +- Required: No +- Type: array + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-networkrestrictionsvirtualnetworkrulessubnetresourceid) | string | Resource ID of a subnet. | + +### Parameter: `networkRestrictions.virtualNetworkRules.subnetResourceId` + +Resource ID of a subnet. + +- Required: Yes +- Type: string + ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. @@ -4931,6 +4558,14 @@ Tags of the Database Account resource. - Required: No - Type: object +### Parameter: `totalThroughputLimit` + +Default to unlimited. The total throughput limit imposed on this Cosmos DB account (RU/s). + +- Required: No +- Type: int +- Default: `-1` + ## Outputs | Output | Type | Description | diff --git a/avm/res/document-db/database-account/gremlin-database/graph/main.json b/avm/res/document-db/database-account/gremlin-database/graph/main.json index 96761953b4..e032fe503b 100644 --- a/avm/res/document-db/database-account/gremlin-database/graph/main.json +++ b/avm/res/document-db/database-account/gremlin-database/graph/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "5396990720772518636" + "version": "0.31.92.45157", + "templateHash": "16994331830326213766" }, "name": "DocumentDB Database Accounts Gremlin Databases Graphs", "description": "This module deploys a DocumentDB Database Accounts Gremlin Database Graph.", diff --git a/avm/res/document-db/database-account/gremlin-database/main.json b/avm/res/document-db/database-account/gremlin-database/main.json index 5dcde760ef..b4f2a36c82 100644 --- a/avm/res/document-db/database-account/gremlin-database/main.json +++ b/avm/res/document-db/database-account/gremlin-database/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "14612267479855031826" + "version": "0.31.92.45157", + "templateHash": "6528096364275148764" }, "name": "DocumentDB Database Account Gremlin Databases", "description": "This module deploys a Gremlin Database within a CosmosDB Account.", @@ -111,8 +111,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "5396990720772518636" + "version": "0.31.92.45157", + "templateHash": "16994331830326213766" }, "name": "DocumentDB Database Accounts Gremlin Databases Graphs", "description": "This module deploys a DocumentDB Database Accounts Gremlin Database Graph.", diff --git a/avm/res/document-db/database-account/main.bicep b/avm/res/document-db/database-account/main.bicep index bcb3560306..bf92e3aaaf 100644 --- a/avm/res/document-db/database-account/main.bicep +++ b/avm/res/document-db/database-account/main.bicep @@ -33,22 +33,22 @@ param locations failoverLocationsType[] = [] @description('Optional. Default to Session. The default consistency level of the Cosmos DB account.') param defaultConsistencyLevel string = 'Session' -@description('Optional. Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication.') +@description('Optional. Default to true. Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication.') param disableLocalAuth bool = true -@description('Optional. Flag to indicate whether to enable storage analytics.') +@description('Optional. Default to false. Flag to indicate whether to enable storage analytics.') param enableAnalyticalStorage bool = false -@description('Optional. Enable automatic failover for regions.') +@description('Optional. Default to true. Enable automatic failover for regions.') param automaticFailover bool = true -@description('Optional. Flag to indicate whether Free Tier is enabled.') +@description('Optional. Default to false. Flag to indicate whether Free Tier is enabled.') param enableFreeTier bool = false -@description('Optional. Enables the account to write in multiple locations. Periodic backup must be used if enabled.') +@description('Optional. Default to false. Enables the account to write in multiple locations. Periodic backup must be used if enabled.') param enableMultipleWriteLocations bool = false -@description('Optional. Disable write operations on metadata resources (databases, containers, throughput) via account keys.') +@description('Optional. Default to true. Disable write operations on metadata resources (databases, containers, throughput) via account keys.') param disableKeyBasedMetadataWriteAccess bool = true @minValue(1) @@ -94,6 +94,9 @@ param tables array = [] @description('Optional. Enable/Disable usage telemetry for module.') param enableTelemetry bool = true +@description('Optional. Default to unlimited. The total throughput limit imposed on this Cosmos DB account (RU/s).') +param totalThroughputLimit int = -1 + @description('Optional. The lock settings of the service.') param lock lockType @@ -163,8 +166,6 @@ param networkRestrictions networkRestrictionsType = { } @allowed([ - 'Tls' - 'Tls11' 'Tls12' ]) @description('Optional. Default to TLS 1.2. Enum to indicate the minimum allowed TLS version. Azure Cosmos DB for MongoDB RU and Apache Cassandra only work with TLS 1.2 or later.') @@ -264,7 +265,11 @@ var databaseAccountProperties = union( { databaseAccountOfferType: databaseAccountOfferType backupPolicy: backupPolicy + capabilities: capabilities minimalTlsVersion: minimumTlsVersion + capacity: { + totalThrougputLimit: totalThroughputLimit + } }, ((!empty(sqlDatabases) || !empty(mongodbDatabases) || !empty(gremlinDatabases) || !empty(tables)) ? { @@ -275,11 +280,10 @@ var databaseAccountProperties = union( ipRules: ipRules virtualNetworkRules: virtualNetworkRules - networkAclBypass: networkRestrictions.?networkAclBypass ?? 'AzureServices' - publicNetworkAccess: networkRestrictions.?publicNetworkAccess ?? 'Enabled' + networkAclBypass: networkRestrictions.?networkAclBypass ?? 'None' + publicNetworkAccess: networkRestrictions.?publicNetworkAccess ?? 'Disabled' isVirtualNetworkFilterEnabled: !empty(ipRules) || !empty(virtualNetworkRules) - capabilities: capabilities enableFreeTier: enableFreeTier enableAutomaticFailover: automaticFailover enableAnalyticalStorage: enableAnalyticalStorage @@ -964,18 +968,18 @@ type secretsOutputType = { } type networkRestrictionsType = { - @description('Required. A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: "23.40.210.245" or "23.40.210.0/8".') - ipRules: string[] + @description('Optional. A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: "23.40.210.245" or "23.40.210.0/8".') + ipRules: string[]? - @description('Optional. Default to AzureServices. Specifies the network ACL bypass for Azure services.') + @description('Optional. Default to None. Specifies the network ACL bypass for Azure services.') networkAclBypass: ('AzureServices' | 'None')? - @description('Optional. Default to Enabled. Whether requests from Public Network are allowed.') + @description('Optional. Default to Disabled. Whether requests from Public Network are allowed.') publicNetworkAccess: ('Enabled' | 'Disabled')? - @description('Required. List of Virtual Network ACL rules configured for the Cosmos DB account..') + @description('Optional. List of Virtual Network ACL rules configured for the Cosmos DB account..') virtualNetworkRules: { @description('Required. Resource ID of a subnet.') subnetResourceId: string - }[] + }[]? } diff --git a/avm/res/document-db/database-account/main.json b/avm/res/document-db/database-account/main.json index da1073c7de..9572791de3 100644 --- a/avm/res/document-db/database-account/main.json +++ b/avm/res/document-db/database-account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.31.92.45157", - "templateHash": "15087724607037385937" + "templateHash": "10855021340496431236" }, "name": "DocumentDB Database Accounts", "description": "This module deploys a DocumentDB Database Account.", @@ -790,8 +790,9 @@ "items": { "type": "string" }, + "nullable": true, "metadata": { - "description": "Required. A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: \"23.40.210.245\" or \"23.40.210.0/8\"." + "description": "Optional. A single IPv4 address or a single IPv4 address range in CIDR format. Provided IPs must be well-formatted and cannot be contained in one of the following ranges: 10.0.0.0/8, 100.64.0.0/10, 172.16.0.0/12, 192.168.0.0/16, since these are not enforceable by the IP address filter. Example of valid inputs: \"23.40.210.245\" or \"23.40.210.0/8\"." } }, "networkAclBypass": { @@ -802,7 +803,7 @@ ], "nullable": true, "metadata": { - "description": "Optional. Default to AzureServices. Specifies the network ACL bypass for Azure services." + "description": "Optional. Default to None. Specifies the network ACL bypass for Azure services." } }, "publicNetworkAccess": { @@ -813,7 +814,7 @@ ], "nullable": true, "metadata": { - "description": "Optional. Default to Enabled. Whether requests from Public Network are allowed." + "description": "Optional. Default to Disabled. Whether requests from Public Network are allowed." } }, "virtualNetworkRules": { @@ -829,8 +830,9 @@ } } }, + "nullable": true, "metadata": { - "description": "Required. List of Virtual Network ACL rules configured for the Cosmos DB account.." + "description": "Optional. List of Virtual Network ACL rules configured for the Cosmos DB account.." } } } @@ -923,42 +925,42 @@ "type": "bool", "defaultValue": true, "metadata": { - "description": "Optional. Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication." + "description": "Optional. Default to true. Opt-out of local authentication and ensure only MSI and AAD can be used exclusively for authentication." } }, "enableAnalyticalStorage": { "type": "bool", "defaultValue": false, "metadata": { - "description": "Optional. Flag to indicate whether to enable storage analytics." + "description": "Optional. Default to false. Flag to indicate whether to enable storage analytics." } }, "automaticFailover": { "type": "bool", "defaultValue": true, "metadata": { - "description": "Optional. Enable automatic failover for regions." + "description": "Optional. Default to true. Enable automatic failover for regions." } }, "enableFreeTier": { "type": "bool", "defaultValue": false, "metadata": { - "description": "Optional. Flag to indicate whether Free Tier is enabled." + "description": "Optional. Default to false. Flag to indicate whether Free Tier is enabled." } }, "enableMultipleWriteLocations": { "type": "bool", "defaultValue": false, "metadata": { - "description": "Optional. Enables the account to write in multiple locations. Periodic backup must be used if enabled." + "description": "Optional. Default to false. Enables the account to write in multiple locations. Periodic backup must be used if enabled." } }, "disableKeyBasedMetadataWriteAccess": { "type": "bool", "defaultValue": true, "metadata": { - "description": "Optional. Disable write operations on metadata resources (databases, containers, throughput) via account keys." + "description": "Optional. Default to true. Disable write operations on metadata resources (databases, containers, throughput) via account keys." } }, "maxStalenessPrefix": { @@ -1046,6 +1048,13 @@ "description": "Optional. Enable/Disable usage telemetry for module." } }, + "totalThroughputLimit": { + "type": "int", + "defaultValue": -1, + "metadata": { + "description": "Optional. Default to unlimited. The total throughput limit imposed on this Cosmos DB account (RU/s)." + } + }, "lock": { "$ref": "#/definitions/lockType", "metadata": { @@ -1165,8 +1174,6 @@ "type": "string", "defaultValue": "Tls12", "allowedValues": [ - "Tls", - "Tls11", "Tls12" ], "metadata": { @@ -1243,7 +1250,7 @@ ], "kind": "[if(or(not(empty(parameters('sqlDatabases'))), not(empty(parameters('gremlinDatabases')))), 'GlobalDocumentDB', if(not(empty(parameters('mongodbDatabases'))), 'MongoDB', 'GlobalDocumentDB'))]", "backupPolicy": "[if(equals(parameters('backupPolicyType'), 'Continuous'), createObject('type', parameters('backupPolicyType'), 'continuousModeProperties', createObject('tier', parameters('backupPolicyContinuousTier'))), createObject('type', parameters('backupPolicyType'), 'periodicModeProperties', createObject('backupIntervalInMinutes', parameters('backupIntervalInMinutes'), 'backupRetentionIntervalInHours', parameters('backupRetentionIntervalInHours'), 'backupStorageRedundancy', parameters('backupStorageRedundancy'))))]", - "databaseAccountProperties": "[union(createObject('databaseAccountOfferType', parameters('databaseAccountOfferType'), 'backupPolicy', variables('backupPolicy'), 'minimalTlsVersion', parameters('minimumTlsVersion')), if(or(or(or(not(empty(parameters('sqlDatabases'))), not(empty(parameters('mongodbDatabases')))), not(empty(parameters('gremlinDatabases')))), not(empty(parameters('tables')))), createObject('consistencyPolicy', variables('consistencyPolicy')[parameters('defaultConsistencyLevel')], 'enableMultipleWriteLocations', parameters('enableMultipleWriteLocations'), 'locations', if(empty(variables('databaseAccount_locations')), variables('defaultFailoverLocation'), variables('databaseAccount_locations')), 'ipRules', variables('ipRules'), 'virtualNetworkRules', variables('virtualNetworkRules'), 'networkAclBypass', coalesce(tryGet(parameters('networkRestrictions'), 'networkAclBypass'), 'AzureServices'), 'publicNetworkAccess', coalesce(tryGet(parameters('networkRestrictions'), 'publicNetworkAccess'), 'Enabled'), 'isVirtualNetworkFilterEnabled', or(not(empty(variables('ipRules'))), not(empty(variables('virtualNetworkRules')))), 'capabilities', variables('capabilities'), 'enableFreeTier', parameters('enableFreeTier'), 'enableAutomaticFailover', parameters('automaticFailover'), 'enableAnalyticalStorage', parameters('enableAnalyticalStorage')), createObject()), if(or(not(empty(parameters('sqlDatabases'))), not(empty(parameters('tables')))), createObject('disableLocalAuth', parameters('disableLocalAuth'), 'disableKeyBasedMetadataWriteAccess', parameters('disableKeyBasedMetadataWriteAccess')), createObject()), if(not(empty(parameters('mongodbDatabases'))), createObject('apiProperties', createObject('serverVersion', parameters('serverVersion'))), createObject()))]", + "databaseAccountProperties": "[union(createObject('databaseAccountOfferType', parameters('databaseAccountOfferType'), 'backupPolicy', variables('backupPolicy'), 'capabilities', variables('capabilities'), 'minimalTlsVersion', parameters('minimumTlsVersion'), 'capacity', createObject('totalThrougputLimit', parameters('totalThroughputLimit'))), if(or(or(or(not(empty(parameters('sqlDatabases'))), not(empty(parameters('mongodbDatabases')))), not(empty(parameters('gremlinDatabases')))), not(empty(parameters('tables')))), createObject('consistencyPolicy', variables('consistencyPolicy')[parameters('defaultConsistencyLevel')], 'enableMultipleWriteLocations', parameters('enableMultipleWriteLocations'), 'locations', if(empty(variables('databaseAccount_locations')), variables('defaultFailoverLocation'), variables('databaseAccount_locations')), 'ipRules', variables('ipRules'), 'virtualNetworkRules', variables('virtualNetworkRules'), 'networkAclBypass', coalesce(tryGet(parameters('networkRestrictions'), 'networkAclBypass'), 'None'), 'publicNetworkAccess', coalesce(tryGet(parameters('networkRestrictions'), 'publicNetworkAccess'), 'Disabled'), 'isVirtualNetworkFilterEnabled', or(not(empty(variables('ipRules'))), not(empty(variables('virtualNetworkRules')))), 'enableFreeTier', parameters('enableFreeTier'), 'enableAutomaticFailover', parameters('automaticFailover'), 'enableAnalyticalStorage', parameters('enableAnalyticalStorage')), createObject()), if(or(not(empty(parameters('sqlDatabases'))), not(empty(parameters('tables')))), createObject('disableLocalAuth', parameters('disableLocalAuth'), 'disableKeyBasedMetadataWriteAccess', parameters('disableKeyBasedMetadataWriteAccess')), createObject()), if(not(empty(parameters('mongodbDatabases'))), createObject('apiProperties', createObject('serverVersion', parameters('serverVersion'))), createObject()))]", "builtInRoleNames": { "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", "Cosmos DB Account Reader Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fbdf93bf-df7d-467e-a4d2-9458aa1360c8')]", diff --git a/avm/res/document-db/database-account/mongodb-database/collection/main.json b/avm/res/document-db/database-account/mongodb-database/collection/main.json index f40b7ac4c3..cda65c0191 100644 --- a/avm/res/document-db/database-account/mongodb-database/collection/main.json +++ b/avm/res/document-db/database-account/mongodb-database/collection/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "1358778299011674509" + "version": "0.31.92.45157", + "templateHash": "9799909568020880663" }, "name": "DocumentDB Database Account MongoDB Database Collections", "description": "This module deploys a MongoDB Database Collection.", diff --git a/avm/res/document-db/database-account/mongodb-database/main.json b/avm/res/document-db/database-account/mongodb-database/main.json index dd4a34ab45..4810186569 100644 --- a/avm/res/document-db/database-account/mongodb-database/main.json +++ b/avm/res/document-db/database-account/mongodb-database/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "1169635175830874795" + "version": "0.31.92.45157", + "templateHash": "18295016247574474595" }, "name": "DocumentDB Database Account MongoDB Databases", "description": "This module deploys a MongoDB Database within a CosmosDB Account.", @@ -108,8 +108,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "1358778299011674509" + "version": "0.31.92.45157", + "templateHash": "9799909568020880663" }, "name": "DocumentDB Database Account MongoDB Database Collections", "description": "This module deploys a MongoDB Database Collection.", diff --git a/avm/res/document-db/database-account/sql-database/container/main.json b/avm/res/document-db/database-account/sql-database/container/main.json index 8cac0c2a0e..e28c27d04b 100644 --- a/avm/res/document-db/database-account/sql-database/container/main.json +++ b/avm/res/document-db/database-account/sql-database/container/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "165408036680070575" + "version": "0.31.92.45157", + "templateHash": "1471754747460263407" }, "name": "DocumentDB Database Account SQL Database Containers", "description": "This module deploys a SQL Database Container in a CosmosDB Account.", diff --git a/avm/res/document-db/database-account/sql-database/main.json b/avm/res/document-db/database-account/sql-database/main.json index f2458dc625..d86c1554fa 100644 --- a/avm/res/document-db/database-account/sql-database/main.json +++ b/avm/res/document-db/database-account/sql-database/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "10274585444287252550" + "version": "0.31.92.45157", + "templateHash": "14039021912249335209" }, "name": "DocumentDB Database Account SQL Databases", "description": "This module deploys a SQL Database in a CosmosDB Account.", @@ -138,8 +138,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "165408036680070575" + "version": "0.31.92.45157", + "templateHash": "1471754747460263407" }, "name": "DocumentDB Database Account SQL Database Containers", "description": "This module deploys a SQL Database Container in a CosmosDB Account.", diff --git a/avm/res/document-db/database-account/sql-role/main.json b/avm/res/document-db/database-account/sql-role/main.json index 9aed15aeb5..b23d9bf1bd 100644 --- a/avm/res/document-db/database-account/sql-role/main.json +++ b/avm/res/document-db/database-account/sql-role/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "13088569006752107887" + "version": "0.31.92.45157", + "templateHash": "3860121931480041680" }, "name": "DocumentDB Database Account SQL Role.", "description": "This module deploys SQL Role Definision and Assignment in a CosmosDB Account.", @@ -91,8 +91,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "5054354703268051893" + "version": "0.31.92.45157", + "templateHash": "2222650596260487600" }, "name": "DocumentDB Database Account SQL Role Definitions.", "description": "This module deploys a SQL Role Definision in a CosmosDB Account.", @@ -212,8 +212,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "4561927123418147924" + "version": "0.31.92.45157", + "templateHash": "12993275952067538651" }, "name": "DocumentDB Database Account SQL Role Assignments.", "description": "This module deploys a SQL Role Assignment in a CosmosDB Account.", diff --git a/avm/res/document-db/database-account/sql-role/sql-role-assignments/main.json b/avm/res/document-db/database-account/sql-role/sql-role-assignments/main.json index cb563bafe6..1a4bb60619 100644 --- a/avm/res/document-db/database-account/sql-role/sql-role-assignments/main.json +++ b/avm/res/document-db/database-account/sql-role/sql-role-assignments/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "4561927123418147924" + "version": "0.31.92.45157", + "templateHash": "12993275952067538651" }, "name": "DocumentDB Database Account SQL Role Assignments.", "description": "This module deploys a SQL Role Assignment in a CosmosDB Account.", diff --git a/avm/res/document-db/database-account/sql-role/sql-role-definitions/main.json b/avm/res/document-db/database-account/sql-role/sql-role-definitions/main.json index 6a2e1eee82..1c51e78dbb 100644 --- a/avm/res/document-db/database-account/sql-role/sql-role-definitions/main.json +++ b/avm/res/document-db/database-account/sql-role/sql-role-definitions/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "5054354703268051893" + "version": "0.31.92.45157", + "templateHash": "2222650596260487600" }, "name": "DocumentDB Database Account SQL Role Definitions.", "description": "This module deploys a SQL Role Definision in a CosmosDB Account.", diff --git a/avm/res/document-db/database-account/table/main.json b/avm/res/document-db/database-account/table/main.json index fc12ec0229..0ee46be7c0 100644 --- a/avm/res/document-db/database-account/table/main.json +++ b/avm/res/document-db/database-account/table/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "15712676324433329983" + "version": "0.31.92.45157", + "templateHash": "6722170581524078621" }, "name": "Azure Cosmos DB account tables", "description": "This module deploys a table within an Azure Cosmos DB Account.", diff --git a/avm/res/document-db/database-account/tests/e2e/analytical/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/analytical/main.test.bicep index 9b0cd336ab..8583aa4dc8 100644 --- a/avm/res/document-db/database-account/tests/e2e/analytical/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/analytical/main.test.bicep @@ -19,7 +19,7 @@ param namePrefix string = '#_namePrefix_#' // The default pipeline is selecting random regions which don't have capacity for Azure Cosmos DB or support all Azure Cosmos DB features when creating new accounts. #disable-next-line no-hardcoded-location -var enforcedLocation = 'eastus2' +var enforcedLocation = 'spaincentral' // ============== // // General resources diff --git a/avm/res/document-db/database-account/tests/e2e/boundedConsistency/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/boundedConsistency/main.test.bicep index da06bc091a..cdbef5bfe3 100644 --- a/avm/res/document-db/database-account/tests/e2e/boundedConsistency/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/boundedConsistency/main.test.bicep @@ -19,7 +19,7 @@ param namePrefix string = '#_namePrefix_#' // The default pipeline is selecting random regions which don't have capacity for Azure Cosmos DB or support all Azure Cosmos DB features when creating new accounts. #disable-next-line no-hardcoded-location -var enforcedLocation = 'eastus2' +var enforcedLocation = 'spaincentral' // ============== // // General resources diff --git a/avm/res/document-db/database-account/tests/e2e/defaults/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/defaults/main.test.bicep index f82b846cc7..4ffb4ba6da 100644 --- a/avm/res/document-db/database-account/tests/e2e/defaults/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/defaults/main.test.bicep @@ -19,7 +19,7 @@ param namePrefix string = '#_namePrefix_#' // The default pipeline is selecting random regions which don't have capacity for Azure Cosmos DB or support all Azure Cosmos DB features when creating new accounts. #disable-next-line no-hardcoded-location -var enforcedLocation = 'eastus2' +var enforcedLocation = 'spaincentral' // ============ // // Dependencies // diff --git a/avm/res/document-db/database-account/tests/e2e/gremlindb/dependencies.bicep b/avm/res/document-db/database-account/tests/e2e/gremlindb/dependencies.bicep deleted file mode 100644 index fff7781e6b..0000000000 --- a/avm/res/document-db/database-account/tests/e2e/gremlindb/dependencies.bicep +++ /dev/null @@ -1,52 +0,0 @@ -@description('Optional. The location to deploy to.') -param location string = resourceGroup().location - -@description('Required. The name of the Managed Identity to create.') -param managedIdentityName string - -@description('Required. The name of the Deployment Script to create to get the paired region name.') -param pairedRegionScriptName string - -resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { - name: managedIdentityName - location: location -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { - name: guid('msi-${location}-${managedIdentity.id}-Reader-RoleAssignment') - properties: { - principalId: managedIdentity.properties.principalId - roleDefinitionId: subscriptionResourceId( - 'Microsoft.Authorization/roleDefinitions', - 'acdd72a7-3385-48ef-bd42-f606fba81ae7' - ) // Reader - principalType: 'ServicePrincipal' - } -} - -resource getPairedRegionScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = { - name: pairedRegionScriptName - location: location - kind: 'AzurePowerShell' - identity: { - type: 'UserAssigned' - userAssignedIdentities: { - '${managedIdentity.id}': {} - } - } - properties: { - azPowerShellVersion: '8.0' - retentionInterval: 'P1D' - arguments: '-Location \\"${location}\\"' - scriptContent: loadTextContent('../../../../../../utilities/e2e-template-assets/scripts/Get-PairedRegion.ps1') - } - dependsOn: [ - roleAssignment - ] -} - -@description('The name of the paired region.') -output pairedRegionName string = getPairedRegionScript.properties.outputs.pairedRegionName - -@description('The principal ID of the created Managed Identity.') -output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/avm/res/document-db/database-account/tests/e2e/gremlindb/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/gremlindb/main.test.bicep index 1c3416efa0..688c10311e 100644 --- a/avm/res/document-db/database-account/tests/e2e/gremlindb/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/gremlindb/main.test.bicep @@ -19,7 +19,7 @@ param namePrefix string = '#_namePrefix_#' // The default pipeline is selecting random regions which don't have capacity for Azure Cosmos DB or support all Azure Cosmos DB features when creating new accounts. #disable-next-line no-hardcoded-location -var enforcedLocation = 'eastus2' +var enforcedLocation = 'spaincentral' // ============ // // Dependencies // @@ -32,30 +32,6 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2022-09-01' = { location: enforcedLocation } -module nestedDependencies 'dependencies.bicep' = { - scope: resourceGroup - name: '${uniqueString(deployment().name, enforcedLocation)}-nestedDependencies' - params: { - managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' - pairedRegionScriptName: 'dep-${namePrefix}-ds-${serviceShort}' - location: enforcedLocation - } -} - -// Diagnostics -// =========== -module diagnosticDependencies '../../../../../../utilities/e2e-template-assets/templates/diagnostic.dependencies.bicep' = { - scope: resourceGroup - name: '${uniqueString(deployment().name, enforcedLocation)}-diagnosticDependencies' - params: { - storageAccountName: 'dep${namePrefix}diasa${serviceShort}01' - logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' - eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}' - eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}' - location: enforcedLocation - } -} - // ============== // // Test Execution // // ============== // @@ -67,35 +43,10 @@ module testDeployment '../../../main.bicep' = [ name: '${uniqueString(deployment().name, enforcedLocation)}-test-${serviceShort}-${iteration}' params: { name: '${namePrefix}${serviceShort}002' - locations: [ - { - failoverPriority: 0 - isZoneRedundant: false - locationName: enforcedLocation - } - { - failoverPriority: 1 - isZoneRedundant: false - locationName: nestedDependencies.outputs.pairedRegionName - } - ] + location: enforcedLocation capabilitiesToAdd: [ 'EnableGremlin' ] - diagnosticSettings: [ - { - name: 'customSetting' - metricCategories: [ - { - category: 'AllMetrics' - } - ] - eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId - storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId - workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId - } - ] gremlinDatabases: [ { graphs: [ @@ -145,36 +96,6 @@ module testDeployment '../../../main.bicep' = [ name: '${namePrefix}-gdb-${serviceShort}-002' } ] - location: enforcedLocation - roleAssignments: [ - { - roleDefinitionIdOrName: 'Owner' - principalId: nestedDependencies.outputs.managedIdentityPrincipalId - principalType: 'ServicePrincipal' - } - { - name: guid('Custom seed ${namePrefix}${serviceShort}') - roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c' - principalId: nestedDependencies.outputs.managedIdentityPrincipalId - principalType: 'ServicePrincipal' - } - { - roleDefinitionIdOrName: subscriptionResourceId( - 'Microsoft.Authorization/roleDefinitions', - 'acdd72a7-3385-48ef-bd42-f606fba81ae7' - ) - principalId: nestedDependencies.outputs.managedIdentityPrincipalId - principalType: 'ServicePrincipal' - } - ] - managedIdentities: { - systemAssigned: true - } - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } } } ] diff --git a/avm/res/document-db/database-account/tests/e2e/kvSecrets/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/kvSecrets/main.test.bicep index 4523b10735..61e282ac88 100644 --- a/avm/res/document-db/database-account/tests/e2e/kvSecrets/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/kvSecrets/main.test.bicep @@ -19,7 +19,7 @@ param namePrefix string = '#_namePrefix_#' // The default pipeline is selecting random regions which don't have capacity for Azure Cosmos DB or support all Azure Cosmos DB features when creating new accounts. #disable-next-line no-hardcoded-location -var enforcedLocation = 'eastus2' +var enforcedLocation = 'spaincentral' // ============== // // General resources diff --git a/avm/res/document-db/database-account/tests/e2e/managedIdentity/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/managedIdentity/main.test.bicep index 68c45535a2..fe841fdff1 100644 --- a/avm/res/document-db/database-account/tests/e2e/managedIdentity/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/managedIdentity/main.test.bicep @@ -19,7 +19,7 @@ param namePrefix string = '#_namePrefix_#' // The default pipeline is selecting random regions which don't have capacity for Azure Cosmos DB or support all Azure Cosmos DB features when creating new accounts. #disable-next-line no-hardcoded-location -var enforcedLocation = 'eastus2' +var enforcedLocation = 'spaincentral' // ============ // // Dependencies // diff --git a/avm/res/document-db/database-account/tests/e2e/mongodb/dependencies.bicep b/avm/res/document-db/database-account/tests/e2e/mongodb/dependencies.bicep deleted file mode 100644 index fff7781e6b..0000000000 --- a/avm/res/document-db/database-account/tests/e2e/mongodb/dependencies.bicep +++ /dev/null @@ -1,52 +0,0 @@ -@description('Optional. The location to deploy to.') -param location string = resourceGroup().location - -@description('Required. The name of the Managed Identity to create.') -param managedIdentityName string - -@description('Required. The name of the Deployment Script to create to get the paired region name.') -param pairedRegionScriptName string - -resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { - name: managedIdentityName - location: location -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { - name: guid('msi-${location}-${managedIdentity.id}-Reader-RoleAssignment') - properties: { - principalId: managedIdentity.properties.principalId - roleDefinitionId: subscriptionResourceId( - 'Microsoft.Authorization/roleDefinitions', - 'acdd72a7-3385-48ef-bd42-f606fba81ae7' - ) // Reader - principalType: 'ServicePrincipal' - } -} - -resource getPairedRegionScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = { - name: pairedRegionScriptName - location: location - kind: 'AzurePowerShell' - identity: { - type: 'UserAssigned' - userAssignedIdentities: { - '${managedIdentity.id}': {} - } - } - properties: { - azPowerShellVersion: '8.0' - retentionInterval: 'P1D' - arguments: '-Location \\"${location}\\"' - scriptContent: loadTextContent('../../../../../../utilities/e2e-template-assets/scripts/Get-PairedRegion.ps1') - } - dependsOn: [ - roleAssignment - ] -} - -@description('The name of the paired region.') -output pairedRegionName string = getPairedRegionScript.properties.outputs.pairedRegionName - -@description('The principal ID of the created Managed Identity.') -output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/avm/res/document-db/database-account/tests/e2e/mongodb/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/mongodb/main.test.bicep index 3e5184830c..e6f676b8a6 100644 --- a/avm/res/document-db/database-account/tests/e2e/mongodb/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/mongodb/main.test.bicep @@ -19,7 +19,7 @@ param namePrefix string = '#_namePrefix_#' // The default pipeline is selecting random regions which don't have capacity for Azure Cosmos DB or support all Azure Cosmos DB features when creating new accounts. #disable-next-line no-hardcoded-location -var enforcedLocation = 'eastus2' +var enforcedLocation = 'spaincentral' // ============ // // Dependencies // @@ -32,30 +32,6 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2022-09-01' = { location: enforcedLocation } -module nestedDependencies 'dependencies.bicep' = { - scope: resourceGroup - name: '${uniqueString(deployment().name, enforcedLocation)}-nestedDependencies' - params: { - managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' - pairedRegionScriptName: 'dep-${namePrefix}-ds-${serviceShort}' - location: enforcedLocation - } -} - -// Diagnostics -// =========== -module diagnosticDependencies '../../../../../../utilities/e2e-template-assets/templates/diagnostic.dependencies.bicep' = { - scope: resourceGroup - name: '${uniqueString(deployment().name, enforcedLocation)}-diagnosticDependencies' - params: { - storageAccountName: 'dep${namePrefix}diasa${serviceShort}01' - logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' - eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}' - eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}' - location: enforcedLocation - } -} - // ============== // // Test Execution // // ============== // @@ -67,32 +43,6 @@ module testDeployment '../../../main.bicep' = [ name: '${uniqueString(deployment().name, enforcedLocation)}-test-${serviceShort}-${iteration}' params: { name: '${namePrefix}${serviceShort}001' - locations: [ - { - failoverPriority: 0 - isZoneRedundant: false - locationName: enforcedLocation - } - { - failoverPriority: 1 - isZoneRedundant: false - locationName: nestedDependencies.outputs.pairedRegionName - } - ] - diagnosticSettings: [ - { - name: 'customSetting' - metricCategories: [ - { - category: 'AllMetrics' - } - ] - eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId - storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId - workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId - } - ] location: enforcedLocation mongodbDatabases: [ { @@ -280,35 +230,6 @@ module testDeployment '../../../main.bicep' = [ name: '${namePrefix}-mdb-${serviceShort}-002' } ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Owner' - principalId: nestedDependencies.outputs.managedIdentityPrincipalId - principalType: 'ServicePrincipal' - } - { - name: guid('Custom seed ${namePrefix}${serviceShort}') - roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c' - principalId: nestedDependencies.outputs.managedIdentityPrincipalId - principalType: 'ServicePrincipal' - } - { - roleDefinitionIdOrName: subscriptionResourceId( - 'Microsoft.Authorization/roleDefinitions', - 'acdd72a7-3385-48ef-bd42-f606fba81ae7' - ) - principalId: nestedDependencies.outputs.managedIdentityPrincipalId - principalType: 'ServicePrincipal' - } - ] - managedIdentities: { - systemAssigned: true - } - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } } } ] diff --git a/avm/res/document-db/database-account/tests/e2e/multiRegion/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/multiRegion/main.test.bicep index f7bd07e61b..6c431d8a02 100644 --- a/avm/res/document-db/database-account/tests/e2e/multiRegion/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/multiRegion/main.test.bicep @@ -39,14 +39,17 @@ module testDeployment '../../../main.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, enforcedLocation)}-test-${serviceShort}' params: { - automaticFailover: false location: enforcedLocation + name: '${namePrefix}-multi-region' + + automaticFailover: true + enableMultipleWriteLocations: true + backupPolicyType: 'Periodic' backupIntervalInMinutes: 300 backupStorageRedundancy: 'Zone' backupRetentionIntervalInHours: 16 - enableMultipleWriteLocations: true - name: '${namePrefix}-multi-region' + locations: [ { failoverPriority: 0 diff --git a/avm/res/document-db/database-account/tests/e2e/plain/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/plain/main.test.bicep index 589dee9f6e..a5c5bc331d 100644 --- a/avm/res/document-db/database-account/tests/e2e/plain/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/plain/main.test.bicep @@ -19,7 +19,7 @@ param namePrefix string = '#_namePrefix_#' // The default pipeline is selecting random regions which don't have capacity for Azure Cosmos DB or support all Azure Cosmos DB features when creating new accounts. #disable-next-line no-hardcoded-location -var enforcedLocation = 'eastus2' +var enforcedLocation = 'spaincentral' // ============== // // General resources @@ -41,11 +41,18 @@ module testDeployment '../../../main.bicep' = [ params: { name: '${namePrefix}${serviceShort}001' location: enforcedLocation - disableLocalAuth: true - backupPolicyType: 'Continuous' - disableKeyBasedMetadataWriteAccess: true - defaultConsistencyLevel: 'ConsistentPrefix' - backupPolicyContinuousTier: 'Continuous7Days' + + enableTelemetry: false + databaseAccountOfferType: 'Standard' + totalThroughputLimit: 4000 + capabilitiesToAdd: [ + 'EnableServerless' + ] + + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } locations: [ { failoverPriority: 0 @@ -58,6 +65,11 @@ module testDeployment '../../../main.bicep' = [ name: 'no-containers-specified' } ] + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' + } } } ] diff --git a/avm/res/document-db/database-account/tests/e2e/publicRestrictedAccess/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/publicRestrictedAccess/main.test.bicep index e7ec0e1c31..902a35566c 100644 --- a/avm/res/document-db/database-account/tests/e2e/publicRestrictedAccess/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/publicRestrictedAccess/main.test.bicep @@ -19,7 +19,7 @@ param namePrefix string = '#_namePrefix_#' // The default pipeline is selecting random regions which don't have capacity for Azure Cosmos DB or support all Azure Cosmos DB features when creating new accounts. #disable-next-line no-hardcoded-location -var enforcedLocation = 'eastus2' +var enforcedLocation = 'spaincentral' // ============ // // Dependencies // diff --git a/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep index fb686fd49b..0e1f223e18 100644 --- a/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/sqldb/main.test.bicep @@ -19,7 +19,7 @@ param namePrefix string = '#_namePrefix_#' // The default pipeline is selecting random regions which don't have capacity for Azure Cosmos DB or support all Azure Cosmos DB features when creating new accounts. #disable-next-line no-hardcoded-location -var enforcedLocation = 'eastus2' +var enforcedLocation = 'spaincentral' // ============== // // General resources @@ -40,13 +40,6 @@ module testDeployment '../../../main.bicep' = { location: enforcedLocation enableAnalyticalStorage: true name: '${namePrefix}${serviceShort}001' - locations: [ - { - failoverPriority: 0 - isZoneRedundant: false - locationName: enforcedLocation - } - ] sqlDatabases: [ { containers: [ diff --git a/avm/res/document-db/database-account/tests/e2e/role/dependencies.bicep b/avm/res/document-db/database-account/tests/e2e/sqlroles/dependencies.bicep similarity index 100% rename from avm/res/document-db/database-account/tests/e2e/role/dependencies.bicep rename to avm/res/document-db/database-account/tests/e2e/sqlroles/dependencies.bicep diff --git a/avm/res/document-db/database-account/tests/e2e/role/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/sqlroles/main.test.bicep similarity index 98% rename from avm/res/document-db/database-account/tests/e2e/role/main.test.bicep rename to avm/res/document-db/database-account/tests/e2e/sqlroles/main.test.bicep index 2227608475..986a067796 100644 --- a/avm/res/document-db/database-account/tests/e2e/role/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/sqlroles/main.test.bicep @@ -19,7 +19,7 @@ param namePrefix string = '#_namePrefix_#' // The default pipeline is selecting random regions which don't have capacity for Azure Cosmos DB or support all Azure Cosmos DB features when creating new accounts. #disable-next-line no-hardcoded-location -var enforcedLocation = 'eastus2' +var enforcedLocation = 'spaincentral' // ============== // // General resources diff --git a/avm/res/document-db/database-account/tests/e2e/table/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/table/main.test.bicep index c8bdb0337f..bcf549a915 100644 --- a/avm/res/document-db/database-account/tests/e2e/table/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/table/main.test.bicep @@ -19,7 +19,7 @@ param namePrefix string = '#_namePrefix_#' // The default pipeline is selecting random regions which don't have capacity for Azure Cosmos DB or support all Azure Cosmos DB features when creating new accounts. #disable-next-line no-hardcoded-location -var enforcedLocation = 'eastus2' +var enforcedLocation = 'spaincentral' // ============ // // Dependencies // diff --git a/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep b/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep index ab2ce5d564..aa2d40d347 100644 --- a/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/document-db/database-account/tests/e2e/waf-aligned/main.test.bicep @@ -19,7 +19,7 @@ param namePrefix string = '#_namePrefix_#' // The default pipeline is selecting random regions which don't have capacity for Azure Cosmos DB or support all Azure Cosmos DB features when creating new accounts. #disable-next-line no-hardcoded-location -var enforcedLocation = 'eastus2' +var enforcedLocation = 'spaincentral' // ============ // // Dependencies // @@ -67,10 +67,15 @@ module testDeployment '../../../main.bicep' = { params: { name: '${namePrefix}${serviceShort}001' location: enforcedLocation + + disableLocalAuth: true + automaticFailover: true + minimumTlsVersion: 'Tls12' disableKeyBasedMetadataWriteAccess: true - lock: { - kind: 'CanNotDelete' - name: 'myCustomLockName' + + networkRestrictions: { + networkAclBypass: 'None' + publicNetworkAccess: 'Disabled' } diagnosticSettings: [ { @@ -91,31 +96,12 @@ module testDeployment '../../../main.bicep' = { } service: 'Sql' subnetResourceId: nestedDependencies.outputs.subnetResourceId - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } } ] sqlDatabases: [ { - containers: [ - { - name: 'container-001' - kind: 'Hash' - paths: [ - '/myPartitionKey1' - ] - } - ] - name: '${namePrefix}-sql-${serviceShort}-001' + name: 'no-containers-specified' } ] - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' - } } } diff --git a/avm/res/document-db/database-account/version.json b/avm/res/document-db/database-account/version.json index b8b30a0125..a830c3d961 100644 --- a/avm/res/document-db/database-account/version.json +++ b/avm/res/document-db/database-account/version.json @@ -1,7 +1,7 @@ { - "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.9", - "pathFilters": [ - "./main.json" - ] + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.10", + "pathFilters": [ + "./main.json" + ] } \ No newline at end of file