From 2e6b4a0c5abc6dd40fbe5cc46092e0fb900f394a Mon Sep 17 00:00:00 2001 From: Nicky Griffin <153103937+31Nick@users.noreply.github.com> Date: Sat, 30 Nov 2024 08:25:24 +0000 Subject: [PATCH 01/64] initial commit of sub placement code --- avm/ptn/lz/subscription-placement/main.bicep | 32 +++++++++++++ .../modules/helper.bicep | 10 ++++ .../tests/e2e/defaults/main.test.bicep | 48 +++++++++++++++++++ .../tests/e2e/waf-aligned/main.test.bicep | 48 +++++++++++++++++++ .../lz/subscription-placement/version.json | 7 +++ 5 files changed, 145 insertions(+) create mode 100644 avm/ptn/lz/subscription-placement/main.bicep create mode 100644 avm/ptn/lz/subscription-placement/modules/helper.bicep create mode 100644 avm/ptn/lz/subscription-placement/tests/e2e/defaults/main.test.bicep create mode 100644 avm/ptn/lz/subscription-placement/tests/e2e/waf-aligned/main.test.bicep create mode 100644 avm/ptn/lz/subscription-placement/version.json diff --git a/avm/ptn/lz/subscription-placement/main.bicep b/avm/ptn/lz/subscription-placement/main.bicep new file mode 100644 index 0000000000..b37945f529 --- /dev/null +++ b/avm/ptn/lz/subscription-placement/main.bicep @@ -0,0 +1,32 @@ +metadata name = 'subscription-placement' +metadata description = 'This module allows for placement of subscriptions to management groups ' +metadata owner = 'Azure/module-maintainers' + +targetScope = 'tenant' + +@description('Type definition for management group child containing management group ID and subscription IDs.') +type typMgChild = { + @description('The ID of the management group.') + managementGroupId: string + @description('The list of subscription IDs.') + subscriptionIds: string[] +}[] + +param parSubscriptionPlacement typMgChild = [ + { + managementGroupId: 'Group1' + subscriptionIds: ['SUBID1', 'SUBID2'] + } + { + managementGroupId: 'Group2' + subscriptionIds: ['SUBID3'] + } +] + +module customsubscriptionPlacement './modules/helper.bicep' = [for (subscriptionPlacement, index) in parSubscriptionPlacement: { + name: 'subPlacement${index}' + params: { + managementGroupId: subscriptionPlacement.managementGroupId + subscriptionIds: subscriptionPlacement.subscriptionIds + } +}] diff --git a/avm/ptn/lz/subscription-placement/modules/helper.bicep b/avm/ptn/lz/subscription-placement/modules/helper.bicep new file mode 100644 index 0000000000..036cf39b90 --- /dev/null +++ b/avm/ptn/lz/subscription-placement/modules/helper.bicep @@ -0,0 +1,10 @@ +targetScope = 'tenant' + +@description('The ID of the management group.') +param managementGroupId string +@description('The list of subscription IDs.') +param subscriptionIds array + +resource customsubscriptionPlacement 'Microsoft.Management/managementGroups/subscriptions@2023-04-01' = [for (subscription,i) in subscriptionIds: { + name: '${managementGroupId}/${subscription}' +}] diff --git a/avm/ptn/lz/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/lz/subscription-placement/tests/e2e/defaults/main.test.bicep new file mode 100644 index 0000000000..91ff598655 --- /dev/null +++ b/avm/ptn/lz/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -0,0 +1,48 @@ +targetScope = 'tenant' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +// e.g., for a module 'network/private-endpoint' you could use 'dep-dev-network.privateendpoints-${serviceShort}-rg' +param resourceGroupName string = 'dep-${namePrefix}---${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +// e.g., for a module 'network/private-endpoint' you could use 'npe' as a prefix and then 'waf' as a suffix for the waf-aligned test +param serviceShort string = 'lspdef' + +@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + // You parameters go here + name: '${namePrefix}${serviceShort}001' + location: resourceLocation + } + } +] diff --git a/avm/ptn/lz/subscription-placement/tests/e2e/waf-aligned/main.test.bicep b/avm/ptn/lz/subscription-placement/tests/e2e/waf-aligned/main.test.bicep new file mode 100644 index 0000000000..25bbb27438 --- /dev/null +++ b/avm/ptn/lz/subscription-placement/tests/e2e/waf-aligned/main.test.bicep @@ -0,0 +1,48 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +// e.g., for a module 'network/private-endpoint' you could use 'dep-dev-network.privateendpoints-${serviceShort}-rg' +param resourceGroupName string = 'dep-${namePrefix}---${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +// e.g., for a module 'network/private-endpoint' you could use 'npe' as a prefix and then 'waf' as a suffix for the waf-aligned test +param serviceShort string = 'lspwaf' + +@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + // You parameters go here + name: '${namePrefix}${serviceShort}001' + location: resourceLocation + } + } +] diff --git a/avm/ptn/lz/subscription-placement/version.json b/avm/ptn/lz/subscription-placement/version.json new file mode 100644 index 0000000000..dbef31b4c0 --- /dev/null +++ b/avm/ptn/lz/subscription-placement/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.1", + "pathFilters": [ + "./main.json" + ] +} From 49d06557350f17691516d329b015495293cccb74 Mon Sep 17 00:00:00 2001 From: Nicky Griffin Date: Sat, 30 Nov 2024 08:33:36 +0000 Subject: [PATCH 02/64] initial commit sub placement module --- avm/ptn/lz/subscription-placement/main.bicep | 64 ++++++------- .../modules/helper.bicep | 20 ++-- .../tests/e2e/defaults/main.test.bicep | 65 ++++--------- .../tests/e2e/waf-aligned/main.test.bicep | 96 +++++++++---------- 4 files changed, 107 insertions(+), 138 deletions(-) diff --git a/avm/ptn/lz/subscription-placement/main.bicep b/avm/ptn/lz/subscription-placement/main.bicep index b37945f529..ae43119ea5 100644 --- a/avm/ptn/lz/subscription-placement/main.bicep +++ b/avm/ptn/lz/subscription-placement/main.bicep @@ -1,32 +1,32 @@ -metadata name = 'subscription-placement' -metadata description = 'This module allows for placement of subscriptions to management groups ' -metadata owner = 'Azure/module-maintainers' - -targetScope = 'tenant' - -@description('Type definition for management group child containing management group ID and subscription IDs.') -type typMgChild = { - @description('The ID of the management group.') - managementGroupId: string - @description('The list of subscription IDs.') - subscriptionIds: string[] -}[] - -param parSubscriptionPlacement typMgChild = [ - { - managementGroupId: 'Group1' - subscriptionIds: ['SUBID1', 'SUBID2'] - } - { - managementGroupId: 'Group2' - subscriptionIds: ['SUBID3'] - } -] - -module customsubscriptionPlacement './modules/helper.bicep' = [for (subscriptionPlacement, index) in parSubscriptionPlacement: { - name: 'subPlacement${index}' - params: { - managementGroupId: subscriptionPlacement.managementGroupId - subscriptionIds: subscriptionPlacement.subscriptionIds - } -}] +metadata name = 'subscription-placement' +metadata description = 'This module allows for placement of subscriptions to management groups ' +metadata owner = 'Azure/module-maintainers' + +targetScope = 'tenant' + +@description('Type definition for management group child containing management group ID and subscription IDs.') +type typMgChild = { + @description('The ID of the management group.') + managementGroupId: string + @description('The list of subscription IDs.') + subscriptionIds: string[] +}[] + +param parSubscriptionPlacement typMgChild = [ + { + managementGroupId: 'Group1' + subscriptionIds: ['SUBID1', 'SUBID2'] + } + { + managementGroupId: 'Group2' + subscriptionIds: ['SUBID3'] + } +] + +module customsubscriptionPlacement './modules/helper.bicep' = [for (subscriptionPlacement, index) in parSubscriptionPlacement: { + name: 'subPlacement${index}' + params: { + managementGroupId: subscriptionPlacement.managementGroupId + subscriptionIds: subscriptionPlacement.subscriptionIds + } +}] diff --git a/avm/ptn/lz/subscription-placement/modules/helper.bicep b/avm/ptn/lz/subscription-placement/modules/helper.bicep index 036cf39b90..7697bae176 100644 --- a/avm/ptn/lz/subscription-placement/modules/helper.bicep +++ b/avm/ptn/lz/subscription-placement/modules/helper.bicep @@ -1,10 +1,10 @@ -targetScope = 'tenant' - -@description('The ID of the management group.') -param managementGroupId string -@description('The list of subscription IDs.') -param subscriptionIds array - -resource customsubscriptionPlacement 'Microsoft.Management/managementGroups/subscriptions@2023-04-01' = [for (subscription,i) in subscriptionIds: { - name: '${managementGroupId}/${subscription}' -}] +targetScope = 'tenant' + +@description('The ID of the management group.') +param managementGroupId string +@description('The list of subscription IDs.') +param subscriptionIds array + +resource customsubscriptionPlacement 'Microsoft.Management/managementGroups/subscriptions@2023-04-01' = [for (subscription,i) in subscriptionIds: { + name: '${managementGroupId}/${subscription}' +}] diff --git a/avm/ptn/lz/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/lz/subscription-placement/tests/e2e/defaults/main.test.bicep index 91ff598655..6775805ce1 100644 --- a/avm/ptn/lz/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/lz/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -1,48 +1,17 @@ -targetScope = 'tenant' - -// ========== // -// Parameters // -// ========== // - -@description('Optional. The name of the resource group to deploy for testing purposes.') -@maxLength(90) -// e.g., for a module 'network/private-endpoint' you could use 'dep-dev-network.privateendpoints-${serviceShort}-rg' -param resourceGroupName string = 'dep-${namePrefix}---${serviceShort}-rg' - -@description('Optional. The location to deploy resources to.') -param resourceLocation string = deployment().location - -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -// e.g., for a module 'network/private-endpoint' you could use 'npe' as a prefix and then 'waf' as a suffix for the waf-aligned test -param serviceShort string = 'lspdef' - -@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') -param namePrefix string = '#_namePrefix_#' - -// ============ // -// Dependencies // -// ============ // - -// General resources -// ================= -resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { - name: resourceGroupName - location: resourceLocation -} - -// ============== // -// Test Execution // -// ============== // - -@batchSize(1) -module testDeployment '../../../main.bicep' = [ - for iteration in ['init', 'idem']: { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' - params: { - // You parameters go here - name: '${namePrefix}${serviceShort}001' - location: resourceLocation - } - } -] +targetScope = 'tenant' + +// ============== // +// Test Execution // +// ============== // + +module testSubPlacement '../../../main.bicep' = { + name: 'testSubPlacement' + params: { + parSubscriptionPlacement: [ + { + managementGroupId: '' + subscriptionIds: [] + } + ] + } +} diff --git a/avm/ptn/lz/subscription-placement/tests/e2e/waf-aligned/main.test.bicep b/avm/ptn/lz/subscription-placement/tests/e2e/waf-aligned/main.test.bicep index 25bbb27438..562974b37b 100644 --- a/avm/ptn/lz/subscription-placement/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/ptn/lz/subscription-placement/tests/e2e/waf-aligned/main.test.bicep @@ -1,48 +1,48 @@ -targetScope = 'subscription' - -// ========== // -// Parameters // -// ========== // - -@description('Optional. The name of the resource group to deploy for testing purposes.') -@maxLength(90) -// e.g., for a module 'network/private-endpoint' you could use 'dep-dev-network.privateendpoints-${serviceShort}-rg' -param resourceGroupName string = 'dep-${namePrefix}---${serviceShort}-rg' - -@description('Optional. The location to deploy resources to.') -param resourceLocation string = deployment().location - -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -// e.g., for a module 'network/private-endpoint' you could use 'npe' as a prefix and then 'waf' as a suffix for the waf-aligned test -param serviceShort string = 'lspwaf' - -@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') -param namePrefix string = '#_namePrefix_#' - -// ============ // -// Dependencies // -// ============ // - -// General resources -// ================= -resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { - name: resourceGroupName - location: resourceLocation -} - -// ============== // -// Test Execution // -// ============== // - -@batchSize(1) -module testDeployment '../../../main.bicep' = [ - for iteration in ['init', 'idem']: { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' - params: { - // You parameters go here - name: '${namePrefix}${serviceShort}001' - location: resourceLocation - } - } -] +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +// e.g., for a module 'network/private-endpoint' you could use 'dep-dev-network.privateendpoints-${serviceShort}-rg' +param resourceGroupName string = 'dep-${namePrefix}---${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +// e.g., for a module 'network/private-endpoint' you could use 'npe' as a prefix and then 'waf' as a suffix for the waf-aligned test +param serviceShort string = 'lspwaf' + +@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + // You parameters go here + name: '${namePrefix}${serviceShort}001' + location: resourceLocation + } + } +] From 032eb8436919fc33e8f8e876724bb56bd044e81a Mon Sep 17 00:00:00 2001 From: Nicky Griffin Date: Sat, 30 Nov 2024 08:39:06 +0000 Subject: [PATCH 03/64] create workflow yml --- .../workflows/avm.ptn.lz.sub-placement.yml | 84 +++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 .github/workflows/avm.ptn.lz.sub-placement.yml diff --git a/.github/workflows/avm.ptn.lz.sub-placement.yml b/.github/workflows/avm.ptn.lz.sub-placement.yml new file mode 100644 index 0000000000..0b27dc990e --- /dev/null +++ b/.github/workflows/avm.ptn.lz.sub-placement.yml @@ -0,0 +1,84 @@ +name: "avm.ptn.lz.sub-placement" + +on: + workflow_dispatch: + inputs: + staticValidation: + type: boolean + description: "Execute static validation" + required: false + default: true + deploymentValidation: + type: boolean + description: "Execute deployment validation" + required: false + default: true + removeDeployment: + type: boolean + description: "Remove deployed module" + required: false + default: true + push: + branches: + - main + paths: + - ".github/actions/templates/avm-**" + - ".github/workflows/avm.template.module.yml" + - ".github/workflows/avm.ptn.lz.sub-placement" + - "avm/ptn/lz/sub-placement/**" + - "avm/utilities/pipelines/**" + - "!avm/utilities/pipelines/platform/**" + - "!*/**/README.md" + +env: + modulePath: "avm/ptn/lz/sub-placement" + workflowPath: ".github/workflows/avm.ptn.lz.sub-placement.yml" + +concurrency: + group: ${{ github.workflow }} + +jobs: + ########################### + # Initialize pipeline # + ########################### + job_initialize_pipeline: + runs-on: ubuntu-latest + name: "Initialize pipeline" + steps: + - name: "Checkout" + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: "Set input parameters to output variables" + id: get-workflow-param + uses: ./.github/actions/templates/avm-getWorkflowInput + with: + workflowPath: "${{ env.workflowPath}}" + - name: "Get module test file paths" + id: get-module-test-file-paths + uses: ./.github/actions/templates/avm-getModuleTestFiles + with: + modulePath: "${{ env.modulePath }}" + outputs: + workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }} + moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }} + psRuleModuleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.psRuleModuleTestFilePaths }} + modulePath: "${{ env.modulePath }}" + + ############################## + # Call reusable workflow # + ############################## + call-workflow-passing-data: + name: "Run" + permissions: + id-token: write # For OIDC + contents: write # For release tags + needs: + - job_initialize_pipeline + uses: ./.github/workflows/avm.template.module.yml + with: + workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}" + moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" + psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}" + modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}" + secrets: inherit From 01dc88aa06b8844e1b1fb200dbaced75c9e0ed73 Mon Sep 17 00:00:00 2001 From: Nicky Griffin Date: Sat, 30 Nov 2024 10:01:53 +0000 Subject: [PATCH 04/64] update dir name --- .../main.bicep | 0 .../modules/helper.bicep | 0 .../tests/e2e/defaults/main.test.bicep | 0 .../tests/e2e/waf-aligned/main.test.bicep | 0 .../version.json | 14 +++++++------- 5 files changed, 7 insertions(+), 7 deletions(-) rename avm/ptn/lz/{subscription-placement => sub-placement}/main.bicep (100%) rename avm/ptn/lz/{subscription-placement => sub-placement}/modules/helper.bicep (100%) rename avm/ptn/lz/{subscription-placement => sub-placement}/tests/e2e/defaults/main.test.bicep (100%) rename avm/ptn/lz/{subscription-placement => sub-placement}/tests/e2e/waf-aligned/main.test.bicep (100%) rename avm/ptn/lz/{subscription-placement => sub-placement}/version.json (95%) diff --git a/avm/ptn/lz/subscription-placement/main.bicep b/avm/ptn/lz/sub-placement/main.bicep similarity index 100% rename from avm/ptn/lz/subscription-placement/main.bicep rename to avm/ptn/lz/sub-placement/main.bicep diff --git a/avm/ptn/lz/subscription-placement/modules/helper.bicep b/avm/ptn/lz/sub-placement/modules/helper.bicep similarity index 100% rename from avm/ptn/lz/subscription-placement/modules/helper.bicep rename to avm/ptn/lz/sub-placement/modules/helper.bicep diff --git a/avm/ptn/lz/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/lz/sub-placement/tests/e2e/defaults/main.test.bicep similarity index 100% rename from avm/ptn/lz/subscription-placement/tests/e2e/defaults/main.test.bicep rename to avm/ptn/lz/sub-placement/tests/e2e/defaults/main.test.bicep diff --git a/avm/ptn/lz/subscription-placement/tests/e2e/waf-aligned/main.test.bicep b/avm/ptn/lz/sub-placement/tests/e2e/waf-aligned/main.test.bicep similarity index 100% rename from avm/ptn/lz/subscription-placement/tests/e2e/waf-aligned/main.test.bicep rename to avm/ptn/lz/sub-placement/tests/e2e/waf-aligned/main.test.bicep diff --git a/avm/ptn/lz/subscription-placement/version.json b/avm/ptn/lz/sub-placement/version.json similarity index 95% rename from avm/ptn/lz/subscription-placement/version.json rename to avm/ptn/lz/sub-placement/version.json index dbef31b4c0..8def869ede 100644 --- a/avm/ptn/lz/subscription-placement/version.json +++ b/avm/ptn/lz/sub-placement/version.json @@ -1,7 +1,7 @@ -{ - "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.1", - "pathFilters": [ - "./main.json" - ] -} +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.1", + "pathFilters": [ + "./main.json" + ] +} From 2771a97b99217b3a43b252d4771fe2445f7421d3 Mon Sep 17 00:00:00 2001 From: Nicky Griffin Date: Sat, 30 Nov 2024 10:13:09 +0000 Subject: [PATCH 05/64] rem waf tests --- .../tests/e2e/waf-aligned/main.test.bicep | 48 ------------------- 1 file changed, 48 deletions(-) delete mode 100644 avm/ptn/lz/sub-placement/tests/e2e/waf-aligned/main.test.bicep diff --git a/avm/ptn/lz/sub-placement/tests/e2e/waf-aligned/main.test.bicep b/avm/ptn/lz/sub-placement/tests/e2e/waf-aligned/main.test.bicep deleted file mode 100644 index 562974b37b..0000000000 --- a/avm/ptn/lz/sub-placement/tests/e2e/waf-aligned/main.test.bicep +++ /dev/null @@ -1,48 +0,0 @@ -targetScope = 'subscription' - -// ========== // -// Parameters // -// ========== // - -@description('Optional. The name of the resource group to deploy for testing purposes.') -@maxLength(90) -// e.g., for a module 'network/private-endpoint' you could use 'dep-dev-network.privateendpoints-${serviceShort}-rg' -param resourceGroupName string = 'dep-${namePrefix}---${serviceShort}-rg' - -@description('Optional. The location to deploy resources to.') -param resourceLocation string = deployment().location - -@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -// e.g., for a module 'network/private-endpoint' you could use 'npe' as a prefix and then 'waf' as a suffix for the waf-aligned test -param serviceShort string = 'lspwaf' - -@description('Optional. A token to inject into the name of each resource. This value can be automatically injected by the CI.') -param namePrefix string = '#_namePrefix_#' - -// ============ // -// Dependencies // -// ============ // - -// General resources -// ================= -resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { - name: resourceGroupName - location: resourceLocation -} - -// ============== // -// Test Execution // -// ============== // - -@batchSize(1) -module testDeployment '../../../main.bicep' = [ - for iteration in ['init', 'idem']: { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' - params: { - // You parameters go here - name: '${namePrefix}${serviceShort}001' - location: resourceLocation - } - } -] From f56f77cb31d553e7262a6b57cbbca5abdb397720 Mon Sep 17 00:00:00 2001 From: Nicky Griffin Date: Mon, 2 Dec 2024 15:38:14 +0000 Subject: [PATCH 06/64] update files as per static code test output --- avm/ptn/lz/sub-placement/README.md | 1344 +++++++++++++++++++++++++++ avm/ptn/lz/sub-placement/main.bicep | 14 +- avm/ptn/lz/sub-placement/main.json | 50 + 3 files changed, 1402 insertions(+), 6 deletions(-) create mode 100644 avm/ptn/lz/sub-placement/README.md create mode 100644 avm/ptn/lz/sub-placement/main.json diff --git a/avm/ptn/lz/sub-placement/README.md b/avm/ptn/lz/sub-placement/README.md new file mode 100644 index 0000000000..ca8f7d5147 --- /dev/null +++ b/avm/ptn/lz/sub-placement/README.md @@ -0,0 +1,1344 @@ +# Sub-Placement `[Lz/SubPlacement]` + +This module allows for a hierarchical configuration of subscriptions to management group placement within an Azure tenant. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) +- [Data Collection](#Data-Collection) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | +| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | +| `Microsoft.ManagedIdentity/userAssignedIdentities` | [2023-01-31](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ManagedIdentity/2023-01-31/userAssignedIdentities) | +| `Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials` | [2023-01-31](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ManagedIdentity/2023-01-31/userAssignedIdentities/federatedIdentityCredentials) | +| `Microsoft.Management/managementGroups/subscriptions` | [2021-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Management/2021-04-01/managementGroups/subscriptions) | +| `Microsoft.Network/networkSecurityGroups` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-11-01/networkSecurityGroups) | +| `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | +| `Microsoft.Network/virtualHubs/hubVirtualNetworkConnections` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-11-01/virtualHubs/hubVirtualNetworkConnections) | +| `Microsoft.Network/virtualNetworks` | [2024-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-01-01/virtualNetworks) | +| `Microsoft.Network/virtualNetworks/subnets` | [2024-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-01-01/virtualNetworks/subnets) | +| `Microsoft.Network/virtualNetworks/virtualNetworkPeerings` | [2024-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-01-01/virtualNetworks/virtualNetworkPeerings) | +| `Microsoft.Resources/deploymentScripts` | [2023-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Resources/2023-08-01/deploymentScripts) | +| `Microsoft.Resources/resourceGroups` | [2021-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Resources/2021-04-01/resourceGroups) | +| `Microsoft.Resources/tags` | [2019-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Resources/tags) | +| `Microsoft.Storage/storageAccounts` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2022-09-01/storageAccounts) | +| `Microsoft.Storage/storageAccounts/blobServices` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2022-09-01/storageAccounts/blobServices) | +| `Microsoft.Storage/storageAccounts/blobServices/containers` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2022-09-01/storageAccounts/blobServices/containers) | +| `Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2022-09-01/storageAccounts/blobServices/containers/immutabilityPolicies) | +| `Microsoft.Storage/storageAccounts/fileServices` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2023-04-01/storageAccounts/fileServices) | +| `Microsoft.Storage/storageAccounts/fileServices/shares` | [2023-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2023-01-01/storageAccounts/fileServices/shares) | +| `Microsoft.Storage/storageAccounts/localUsers` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2023-04-01/storageAccounts/localUsers) | +| `Microsoft.Storage/storageAccounts/managementPolicies` | [2023-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2023-01-01/storageAccounts/managementPolicies) | +| `Microsoft.Storage/storageAccounts/queueServices` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2023-04-01/storageAccounts/queueServices) | +| `Microsoft.Storage/storageAccounts/queueServices/queues` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2023-04-01/storageAccounts/queueServices/queues) | +| `Microsoft.Storage/storageAccounts/tableServices` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2023-04-01/storageAccounts/tableServices) | +| `Microsoft.Storage/storageAccounts/tableServices/tables` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2023-04-01/storageAccounts/tableServices/tables) | +| `Microsoft.Subscription/aliases` | [2021-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Subscription/2021-10-01/aliases) | + +## Usage examples + +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. + +>**Note**: To reference the module, please use the following syntax `br/public:avm/ptn/lz/sub-placement:`. + +- [Using only defaults.](#example-1-using-only-defaults) + +### Example 1: _Using only defaults._ + +This instance deploys the module with the minimum set of required parameters. + +
+ +via Bicep module + +```bicep +module subPlacement 'br/public:avm/ptn/lz/sub-placement:' = { + name: 'subPlacementDeployment' + params: { + parSubscriptionPlacement: [ + { + managementGroupId: 'Group1' + subscriptionIds: ['SubID1', 'SubID2'] + } + { + managementGroupId: 'Group2' + subscriptionIds: ['SubID3'] + } + { + managementGroupId: 'Group3' + subscriptionIds: [] + } + ] + } +} +``` + +
+

+ +

+ +via JSON parameters file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "parSubscriptionPlacement": { + [ + { + "managementGroupId": "Group1", + "subscriptionIds": ["SUBID1", "SUBID2"] + }, + { + "managementGroupId": "Group2", + "subscriptionIds": ["SUBID3"] + }, + { + "managementGroupId": "Group3", + "subscriptionIds": [] + } + ] + } + } +} +``` + + +
+

+ +

+ +via Bicep parameters file + +```bicep-params +using 'br/public:avm/ptn/lz/sub-placement:' + +param parSubscriptionPlacement typMgChild = [ + { + managementGroupId: 'Group1' + subscriptionIds: ['SUBID1', 'SUBID2'] + }, + { + managementGroupId: 'Group2' + subscriptionIds: ['SUBID3'] + }, + { + managementGroupId: 'Group3' + subscriptionIds: [] + } +] +``` + +
+

+ +### Example 2: _Hub and spoke topology._ + +This instance deploys a subscription with a hub-spoke network topology. + + +

+ +via Bicep module + +```bicep +module subVending 'br/public:avm/ptn/lz/sub-vending:' = { + name: 'subVendingDeployment' + params: { + deploymentScriptLocation: '' + deploymentScriptManagedIdentityName: '' + deploymentScriptName: 'ds-ssahs' + deploymentScriptNetworkSecurityGroupName: '' + deploymentScriptResourceGroupName: '' + deploymentScriptStorageAccountName: '' + deploymentScriptVirtualNetworkName: '' + hubNetworkResourceId: '' + resourceProviders: { + 'Microsoft.AVS': [ + 'AzureServicesVm' + ] + 'Microsoft.HybridCompute': [ + 'ArcServerPrivateLinkPreview' + ] + } + roleAssignmentEnabled: true + roleAssignments: [ + { + definition: '/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7' + principalId: '896b1162-be44-4b28-888a-d01acc1b4271' + relativeScope: '' + } + ] + subscriptionAliasEnabled: true + subscriptionAliasName: '' + subscriptionBillingScope: '' + subscriptionDisplayName: '' + subscriptionManagementGroupAssociationEnabled: true + subscriptionManagementGroupId: 'bicep-lz-vending-automation-child' + subscriptionTags: { + namePrefix: '' + serviceShort: '' + } + subscriptionWorkload: 'Production' + virtualNetworkAddressSpace: [ + '10.110.0.0/16' + ] + virtualNetworkEnabled: true + virtualNetworkLocation: '' + virtualNetworkName: '' + virtualNetworkPeeringEnabled: true + virtualNetworkResourceGroupLockEnabled: false + virtualNetworkResourceGroupName: '' + virtualNetworkUseRemoteGateways: false + } +} +``` + +
+

+ +

+ +via JSON parameters file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "deploymentScriptLocation": { + "value": "" + }, + "deploymentScriptManagedIdentityName": { + "value": "" + }, + "deploymentScriptName": { + "value": "ds-ssahs" + }, + "deploymentScriptNetworkSecurityGroupName": { + "value": "" + }, + "deploymentScriptResourceGroupName": { + "value": "" + }, + "deploymentScriptStorageAccountName": { + "value": "" + }, + "deploymentScriptVirtualNetworkName": { + "value": "" + }, + "hubNetworkResourceId": { + "value": "" + }, + "resourceProviders": { + "value": { + "Microsoft.AVS": [ + "AzureServicesVm" + ], + "Microsoft.HybridCompute": [ + "ArcServerPrivateLinkPreview" + ] + } + }, + "roleAssignmentEnabled": { + "value": true + }, + "roleAssignments": { + "value": [ + { + "definition": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7", + "principalId": "896b1162-be44-4b28-888a-d01acc1b4271", + "relativeScope": "" + } + ] + }, + "subscriptionAliasEnabled": { + "value": true + }, + "subscriptionAliasName": { + "value": "" + }, + "subscriptionBillingScope": { + "value": "" + }, + "subscriptionDisplayName": { + "value": "" + }, + "subscriptionManagementGroupAssociationEnabled": { + "value": true + }, + "subscriptionManagementGroupId": { + "value": "bicep-lz-vending-automation-child" + }, + "subscriptionTags": { + "value": { + "namePrefix": "", + "serviceShort": "" + } + }, + "subscriptionWorkload": { + "value": "Production" + }, + "virtualNetworkAddressSpace": { + "value": [ + "10.110.0.0/16" + ] + }, + "virtualNetworkEnabled": { + "value": true + }, + "virtualNetworkLocation": { + "value": "" + }, + "virtualNetworkName": { + "value": "" + }, + "virtualNetworkPeeringEnabled": { + "value": true + }, + "virtualNetworkResourceGroupLockEnabled": { + "value": false + }, + "virtualNetworkResourceGroupName": { + "value": "" + }, + "virtualNetworkUseRemoteGateways": { + "value": false + } + } +} +``` + +
+

+ +

+ +via Bicep parameters file + +```bicep-params +using 'br/public:avm/ptn/lz/sub-vending:' + +param deploymentScriptLocation = '' +param deploymentScriptManagedIdentityName = '' +param deploymentScriptName = 'ds-ssahs' +param deploymentScriptNetworkSecurityGroupName = '' +param deploymentScriptResourceGroupName = '' +param deploymentScriptStorageAccountName = '' +param deploymentScriptVirtualNetworkName = '' +param hubNetworkResourceId = '' +param resourceProviders = { + 'Microsoft.AVS': [ + 'AzureServicesVm' + ] + 'Microsoft.HybridCompute': [ + 'ArcServerPrivateLinkPreview' + ] +} +param roleAssignmentEnabled = true +param roleAssignments = [ + { + definition: '/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7' + principalId: '896b1162-be44-4b28-888a-d01acc1b4271' + relativeScope: '' + } +] +param subscriptionAliasEnabled = true +param subscriptionAliasName = '' +param subscriptionBillingScope = '' +param subscriptionDisplayName = '' +param subscriptionManagementGroupAssociationEnabled = true +param subscriptionManagementGroupId = 'bicep-lz-vending-automation-child' +param subscriptionTags = { + namePrefix: '' + serviceShort: '' +} +param subscriptionWorkload = 'Production' +param virtualNetworkAddressSpace = [ + '10.110.0.0/16' +] +param virtualNetworkEnabled = true +param virtualNetworkLocation = '' +param virtualNetworkName = '' +param virtualNetworkPeeringEnabled = true +param virtualNetworkResourceGroupLockEnabled = false +param virtualNetworkResourceGroupName = '' +param virtualNetworkUseRemoteGateways = false +``` + +
+

+ +### Example 3: _Using RBAC conditions._ + +This instance deploys the module with RBAC conditions for the role assignments. + + +

+ +via Bicep module + +```bicep +module subVending 'br/public:avm/ptn/lz/sub-vending:' = { + name: 'subVendingDeployment' + params: { + resourceProviders: {} + roleAssignmentEnabled: true + roleAssignments: [ + { + definition: '/providers/Microsoft.Authorization/roleDefinitions/f58310d9-a9f6-439a-9e8d-f62e7b41a168' + principalId: '896b1162-be44-4b28-888a-d01acc1b4271' + relativeScope: '' + roleAssignmentCondition: { + roleConditionType: { + principleTypesToAssign: [ + 'Group' + 'ServicePrincipal' + ] + rolesToAssign: [ + 'b24988ac-6180-42a0-ab88-20f7382dd24c' + ] + templateName: 'constrainRolesAndPrincipalTypes' + } + } + } + ] + subscriptionAliasEnabled: true + subscriptionAliasName: '' + subscriptionBillingScope: '' + subscriptionDisplayName: '' + subscriptionManagementGroupAssociationEnabled: true + subscriptionManagementGroupId: 'bicep-lz-vending-automation-child' + subscriptionTags: { + namePrefix: '' + serviceShort: '' + } + subscriptionWorkload: 'Production' + } +} +``` + +
+

+ +

+ +via JSON parameters file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "resourceProviders": { + "value": {} + }, + "roleAssignmentEnabled": { + "value": true + }, + "roleAssignments": { + "value": [ + { + "definition": "/providers/Microsoft.Authorization/roleDefinitions/f58310d9-a9f6-439a-9e8d-f62e7b41a168", + "principalId": "896b1162-be44-4b28-888a-d01acc1b4271", + "relativeScope": "", + "roleAssignmentCondition": { + "roleConditionType": { + "principleTypesToAssign": [ + "Group", + "ServicePrincipal" + ], + "rolesToAssign": [ + "b24988ac-6180-42a0-ab88-20f7382dd24c" + ], + "templateName": "constrainRolesAndPrincipalTypes" + } + } + } + ] + }, + "subscriptionAliasEnabled": { + "value": true + }, + "subscriptionAliasName": { + "value": "" + }, + "subscriptionBillingScope": { + "value": "" + }, + "subscriptionDisplayName": { + "value": "" + }, + "subscriptionManagementGroupAssociationEnabled": { + "value": true + }, + "subscriptionManagementGroupId": { + "value": "bicep-lz-vending-automation-child" + }, + "subscriptionTags": { + "value": { + "namePrefix": "", + "serviceShort": "" + } + }, + "subscriptionWorkload": { + "value": "Production" + } + } +} +``` + +
+

+ +

+ +via Bicep parameters file + +```bicep-params +using 'br/public:avm/ptn/lz/sub-vending:' + +param resourceProviders = {} +param roleAssignmentEnabled = true +param roleAssignments = [ + { + definition: '/providers/Microsoft.Authorization/roleDefinitions/f58310d9-a9f6-439a-9e8d-f62e7b41a168' + principalId: '896b1162-be44-4b28-888a-d01acc1b4271' + relativeScope: '' + roleAssignmentCondition: { + roleConditionType: { + principleTypesToAssign: [ + 'Group' + 'ServicePrincipal' + ] + rolesToAssign: [ + 'b24988ac-6180-42a0-ab88-20f7382dd24c' + ] + templateName: 'constrainRolesAndPrincipalTypes' + } + } + } +] +param subscriptionAliasEnabled = true +param subscriptionAliasName = '' +param subscriptionBillingScope = '' +param subscriptionDisplayName = '' +param subscriptionManagementGroupAssociationEnabled = true +param subscriptionManagementGroupId = 'bicep-lz-vending-automation-child' +param subscriptionTags = { + namePrefix: '' + serviceShort: '' +} +param subscriptionWorkload = 'Production' +``` + +
+

+ +### Example 4: _Vwan topology._ + +This instance deploys a subscription with a vwan network topology. + + +

+ +via Bicep module + +```bicep +module subVending 'br/public:avm/ptn/lz/sub-vending:' = { + name: 'subVendingDeployment' + params: { + deploymentScriptLocation: '' + deploymentScriptManagedIdentityName: '' + deploymentScriptName: 'ds-ssawan' + deploymentScriptNetworkSecurityGroupName: '' + deploymentScriptResourceGroupName: '' + deploymentScriptStorageAccountName: '' + deploymentScriptVirtualNetworkName: '' + hubNetworkResourceId: '' + resourceProviders: {} + roleAssignmentEnabled: true + roleAssignments: [ + { + definition: '/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7' + principalId: '896b1162-be44-4b28-888a-d01acc1b4271' + relativeScope: '' + } + ] + subscriptionAliasEnabled: true + subscriptionAliasName: '' + subscriptionBillingScope: '' + subscriptionDisplayName: '' + subscriptionManagementGroupAssociationEnabled: true + subscriptionManagementGroupId: 'bicep-lz-vending-automation-child' + subscriptionTags: { + namePrefix: '' + serviceShort: '' + } + subscriptionWorkload: 'Production' + virtualNetworkAddressSpace: [ + '10.210.0.0/16' + ] + virtualNetworkEnabled: true + virtualNetworkLocation: '' + virtualNetworkName: '' + virtualNetworkPeeringEnabled: true + virtualNetworkResourceGroupLockEnabled: false + virtualNetworkResourceGroupName: '' + } +} +``` + +
+

+ +

+ +via JSON parameters file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "deploymentScriptLocation": { + "value": "" + }, + "deploymentScriptManagedIdentityName": { + "value": "" + }, + "deploymentScriptName": { + "value": "ds-ssawan" + }, + "deploymentScriptNetworkSecurityGroupName": { + "value": "" + }, + "deploymentScriptResourceGroupName": { + "value": "" + }, + "deploymentScriptStorageAccountName": { + "value": "" + }, + "deploymentScriptVirtualNetworkName": { + "value": "" + }, + "hubNetworkResourceId": { + "value": "" + }, + "resourceProviders": { + "value": {} + }, + "roleAssignmentEnabled": { + "value": true + }, + "roleAssignments": { + "value": [ + { + "definition": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7", + "principalId": "896b1162-be44-4b28-888a-d01acc1b4271", + "relativeScope": "" + } + ] + }, + "subscriptionAliasEnabled": { + "value": true + }, + "subscriptionAliasName": { + "value": "" + }, + "subscriptionBillingScope": { + "value": "" + }, + "subscriptionDisplayName": { + "value": "" + }, + "subscriptionManagementGroupAssociationEnabled": { + "value": true + }, + "subscriptionManagementGroupId": { + "value": "bicep-lz-vending-automation-child" + }, + "subscriptionTags": { + "value": { + "namePrefix": "", + "serviceShort": "" + } + }, + "subscriptionWorkload": { + "value": "Production" + }, + "virtualNetworkAddressSpace": { + "value": [ + "10.210.0.0/16" + ] + }, + "virtualNetworkEnabled": { + "value": true + }, + "virtualNetworkLocation": { + "value": "" + }, + "virtualNetworkName": { + "value": "" + }, + "virtualNetworkPeeringEnabled": { + "value": true + }, + "virtualNetworkResourceGroupLockEnabled": { + "value": false + }, + "virtualNetworkResourceGroupName": { + "value": "" + } + } +} +``` + +
+

+ +

+ +via Bicep parameters file + +```bicep-params +using 'br/public:avm/ptn/lz/sub-vending:' + +param deploymentScriptLocation = '' +param deploymentScriptManagedIdentityName = '' +param deploymentScriptName = 'ds-ssawan' +param deploymentScriptNetworkSecurityGroupName = '' +param deploymentScriptResourceGroupName = '' +param deploymentScriptStorageAccountName = '' +param deploymentScriptVirtualNetworkName = '' +param hubNetworkResourceId = '' +param resourceProviders = {} +param roleAssignmentEnabled = true +param roleAssignments = [ + { + definition: '/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7' + principalId: '896b1162-be44-4b28-888a-d01acc1b4271' + relativeScope: '' + } +] +param subscriptionAliasEnabled = true +param subscriptionAliasName = '' +param subscriptionBillingScope = '' +param subscriptionDisplayName = '' +param subscriptionManagementGroupAssociationEnabled = true +param subscriptionManagementGroupId = 'bicep-lz-vending-automation-child' +param subscriptionTags = { + namePrefix: '' + serviceShort: '' +} +param subscriptionWorkload = 'Production' +param virtualNetworkAddressSpace = [ + '10.210.0.0/16' +] +param virtualNetworkEnabled = true +param virtualNetworkLocation = '' +param virtualNetworkName = '' +param virtualNetworkPeeringEnabled = true +param virtualNetworkResourceGroupLockEnabled = false +param virtualNetworkResourceGroupName = '' +``` + +
+

+ +## Parameters + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`deploymentScriptLocation`](#parameter-deploymentscriptlocation) | string | The location of the deployment script. Use region shortnames e.g. uksouth, eastus, etc. | +| [`deploymentScriptManagedIdentityName`](#parameter-deploymentscriptmanagedidentityname) | string | The name of the user managed identity for the resource providers registration deployment script. | +| [`deploymentScriptName`](#parameter-deploymentscriptname) | string | The name of the deployment script to register resource providers. | +| [`deploymentScriptNetworkSecurityGroupName`](#parameter-deploymentscriptnetworksecuritygroupname) | string | The name of the network security group for the deployment script private subnet. | +| [`deploymentScriptResourceGroupName`](#parameter-deploymentscriptresourcegroupname) | string | The name of the resource group to create the deployment script for resource providers registration. | +| [`deploymentScriptStorageAccountName`](#parameter-deploymentscriptstorageaccountname) | string | The name of the storage account for the deployment script. | +| [`deploymentScriptVirtualNetworkName`](#parameter-deploymentscriptvirtualnetworkname) | string | The name of the private virtual network for the deployment script. The string must consist of a-z, A-Z, 0-9, -, _, and . (period) and be between 2 and 64 characters in length. | +| [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`existingSubscriptionId`](#parameter-existingsubscriptionid) | string | An existing subscription ID. Use this when you do not want the module to create a new subscription. But do want to manage the management group membership. A subscription ID should be provided in the example format `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`. | +| [`hubNetworkResourceId`](#parameter-hubnetworkresourceid) | string | The resource ID of the Virtual Network or Virtual WAN Hub in the hub to which the created Virtual Network, by this module, will be peered/connected to via Virtual Network Peering or a Virtual WAN Virtual Hub Connection.

| +| [`managementGroupAssociationDelayCount`](#parameter-managementgroupassociationdelaycount) | int | The number of blank ARM deployments to create sequentially to introduce a delay to the Subscription being moved to the target Management Group being, if set, to allow for background platform RBAC inheritance to occur. | +| [`resourceProviders`](#parameter-resourceproviders) | object | An object of resource providers and resource providers features to register. If left blank/empty, no resource providers will be registered.

| +| [`roleAssignmentEnabled`](#parameter-roleassignmentenabled) | bool | Whether to create role assignments or not. If true, supply the array of role assignment objects in the parameter called `roleAssignments`.

| +| [`roleAssignments`](#parameter-roleassignments) | array | Supply an array of objects containing the details of the role assignments to create.

Each object must contain the following `keys`:

  • `principalId` = The Object ID of the User, Group, SPN, Managed Identity to assign the RBAC role too.
  • `definition` = The Name of one of the pre-defined built-In RBAC Roles or a Resource ID of a Built-in or custom RBAC Role Definition as follows:

    - You can only provide the RBAC role name of the pre-defined roles (Contributor, Owner, Reader, Role Based Access Control Administrator (Preview), and User Access Administrator). We only provide those roles as they are the most common ones to assign to a new subscription, also to reduce the template size and complexity in case we define each and every Built-in RBAC role.

    - You can provide the Resource ID of a Built-in or custom RBAC Role Definition

    - e.g. `/providers/Microsoft.Authorization/roleDefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`

  • `relativeScope` = 2 options can be provided for input value:

    1. `''` *(empty string)* = Make RBAC Role Assignment to Subscription scope

    2. `'/resourceGroups/'` = Make RBAC Role Assignment to specified Resource Group.

    | +| [`subscriptionAliasEnabled`](#parameter-subscriptionaliasenabled) | bool | Whether to create a new Subscription using the Subscription Alias resource. If `false`, supply an existing Subscription''s ID in the parameter named `existingSubscriptionId` instead to deploy resources to an existing Subscription. | +| [`subscriptionAliasName`](#parameter-subscriptionaliasname) | string | The name of the Subscription Alias, that will be created by this module.

    The string must be comprised of `a-z`, `A-Z`, `0-9`, `-`, `_` and ` ` (space). The maximum length is 63 characters.

    > **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.

    | +| [`subscriptionBillingScope`](#parameter-subscriptionbillingscope) | string | The Billing Scope for the new Subscription alias, that will be created by this module.

    A valid Billing Scope looks like `/providers/Microsoft.Billing/billingAccounts/{billingAccountName}/enrollmentAccounts/{enrollmentAccountName}` and is case sensitive.

    > **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.

    | +| [`subscriptionDisplayName`](#parameter-subscriptiondisplayname) | string | The name of the subscription alias. The string must be comprised of a-z, A-Z, 0-9, - and _. The maximum length is 63 characters.

    The string must be comprised of `a-z`, `A-Z`, `0-9`, `-`, `_` and ` ` (space). The maximum length is 63 characters.

    > The value for this parameter and the parameter named `subscriptionAliasName` are usually set to the same value for simplicity. But they can be different if required for a reason.

    > **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.

    | +| [`subscriptionManagementGroupAssociationEnabled`](#parameter-subscriptionmanagementgroupassociationenabled) | bool | Whether to move the Subscription to the specified Management Group supplied in the parameter `subscriptionManagementGroupId`.

    | +| [`subscriptionManagementGroupId`](#parameter-subscriptionmanagementgroupid) | string | The destination Management Group ID for the new Subscription that will be created by this module (or the existing one provided in the parameter `existingSubscriptionId`).

    **IMPORTANT:** Do not supply the display name of the Management Group. The Management Group ID forms part of the Azure Resource ID. e.g., `/providers/Microsoft.Management/managementGroups/{managementGroupId}`.

    | +| [`subscriptionOwnerId`](#parameter-subscriptionownerid) | string | The Azure Active Directory principals object ID (GUID) to whom should be the Subscription Owner.

    > **Leave blank unless following this scenario only [Programmatically create MCA subscriptions across Azure Active Directory tenants](https://learn.microsoft.com/azure/cost-management-billing/manage/programmatically-create-subscription-microsoft-customer-agreement-across-tenants)**. | +| [`subscriptionTags`](#parameter-subscriptiontags) | object | An object of Tag key & value pairs to be appended to a Subscription.

    > **NOTE:** Tags will only be overwritten if existing tag exists with same key as provided in this parameter; values provided here win.

    | +| [`subscriptionTenantId`](#parameter-subscriptiontenantid) | string | The Azure Active Directory Tenant ID (GUID) to which the Subscription should be attached to.

    > **Leave blank unless following this scenario only [Programmatically create MCA subscriptions across Azure Active Directory tenants](https://learn.microsoft.com/azure/cost-management-billing/manage/programmatically-create-subscription-microsoft-customer-agreement-across-tenants)**. | +| [`subscriptionWorkload`](#parameter-subscriptionworkload) | string | The workload type can be either `Production` or `DevTest` and is case sensitive.

    > **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.

    | +| [`vHubRoutingIntentEnabled`](#parameter-vhubroutingintentenabled) | bool | Indicates whether routing intent is enabled on the Virtual Hub within the Virtual WAN.

    | +| [`virtualNetworkAddressSpace`](#parameter-virtualnetworkaddressspace) | array | The address space of the Virtual Network that will be created by this module, supplied as multiple CIDR blocks in an array, e.g. `["10.0.0.0/16","172.16.0.0/12"]`. | +| [`virtualNetworkDdosPlanResourceId`](#parameter-virtualnetworkddosplanresourceid) | string | The resource ID of an existing DDoS Network Protection Plan that you wish to link to this Virtual Network.

    | +| [`virtualNetworkDeploymentScriptAddressPrefix`](#parameter-virtualnetworkdeploymentscriptaddressprefix) | string | The address prefix of the private virtual network for the deployment script. | +| [`virtualNetworkDnsServers`](#parameter-virtualnetworkdnsservers) | array | The custom DNS servers to use on the Virtual Network, e.g. `["10.4.1.4", "10.2.1.5"]`. If left empty (default) then Azure DNS will be used for the Virtual Network.

    | +| [`virtualNetworkEnabled`](#parameter-virtualnetworkenabled) | bool | Whether to create a Virtual Network or not.

    If set to `true` ensure you also provide values for the following parameters at a minimum:

  • `virtualNetworkResourceGroupName`
  • `virtualNetworkResourceGroupLockEnabled`
  • `virtualNetworkLocation`
  • `virtualNetworkName`
  • `virtualNetworkAddressSpace`

    > Other parameters may need to be set based on other parameters that you enable that are listed above. Check each parameters documentation for further information.

    | +| [`virtualNetworkLocation`](#parameter-virtualnetworklocation) | string | The location of the virtual network. Use region shortnames e.g. `uksouth`, `eastus`, etc. Defaults to the region where the ARM/Bicep deployment is targeted to unless overridden.

    | +| [`virtualNetworkName`](#parameter-virtualnetworkname) | string | The name of the virtual network. The string must consist of a-z, A-Z, 0-9, -, _, and . (period) and be between 2 and 64 characters in length.

    | +| [`virtualNetworkPeeringEnabled`](#parameter-virtualnetworkpeeringenabled) | bool | Whether to enable peering/connection with the supplied hub Virtual Network or Virtual WAN Virtual Hub.

    | +| [`virtualNetworkResourceGroupLockEnabled`](#parameter-virtualnetworkresourcegrouplockenabled) | bool | Enables the deployment of a `CanNotDelete` resource locks to the Virtual Networks Resource Group that is created by this module.

    | +| [`virtualNetworkResourceGroupName`](#parameter-virtualnetworkresourcegroupname) | string | The name of the Resource Group to create the Virtual Network in that is created by this module.

    | +| [`virtualNetworkResourceGroupTags`](#parameter-virtualnetworkresourcegrouptags) | object | An object of Tag key & value pairs to be appended to the Resource Group that the Virtual Network is created in.

    > **NOTE:** Tags will only be overwritten if existing tag exists with same key as provided in this parameter; values provided here win.

    | +| [`virtualNetworkTags`](#parameter-virtualnetworktags) | object | An object of tag key/value pairs to be set on the Virtual Network that is created.

    > **NOTE:** Tags will be overwritten on resource if any exist already.

    | +| [`virtualNetworkUseRemoteGateways`](#parameter-virtualnetworkuseremotegateways) | bool | Enables the use of remote gateways in the specified hub virtual network.

    > **IMPORTANT:** If no gateways exist in the hub virtual network, set this to `false`, otherwise peering will fail to create.

    | +| [`virtualNetworkVwanAssociatedRouteTableResourceId`](#parameter-virtualnetworkvwanassociatedroutetableresourceid) | string | The resource ID of the virtual hub route table to associate to the virtual hub connection (this virtual network). If left blank/empty the `defaultRouteTable` will be associated.

    | +| [`virtualNetworkVwanEnableInternetSecurity`](#parameter-virtualnetworkvwanenableinternetsecurity) | bool | Enables the ability for the Virtual WAN Hub Connection to learn the default route 0.0.0.0/0 from the Hub.

    | +| [`virtualNetworkVwanPropagatedLabels`](#parameter-virtualnetworkvwanpropagatedlabels) | array | An array of virtual hub route table labels to propagate routes to. If left blank/empty the default label will be propagated to only.

    | +| [`virtualNetworkVwanPropagatedRouteTablesResourceIds`](#parameter-virtualnetworkvwanpropagatedroutetablesresourceids) | array | An array of of objects of virtual hub route table resource IDs to propagate routes to. If left blank/empty the `defaultRouteTable` will be propagated to only.

    Each object must contain the following `key`:

  • `id` = The Resource ID of the Virtual WAN Virtual Hub Route Table IDs you wish to propagate too

    > **IMPORTANT:** If you provide any Route Tables in this array of objects you must ensure you include also the `defaultRouteTable` Resource ID as an object in the array as it is not added by default when a value is provided for this parameter.

    | + +### Parameter: `deploymentScriptLocation` + +The location of the deployment script. Use region shortnames e.g. uksouth, eastus, etc. + +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `deploymentScriptManagedIdentityName` + +The name of the user managed identity for the resource providers registration deployment script. + +- Required: No +- Type: string +- Default: `[format('id-{0}', deployment().location)]` + +### Parameter: `deploymentScriptName` + +The name of the deployment script to register resource providers. + +- Required: No +- Type: string +- Default: `[format('ds-{0}', deployment().location)]` + +### Parameter: `deploymentScriptNetworkSecurityGroupName` + +The name of the network security group for the deployment script private subnet. + +- Required: No +- Type: string +- Default: `[format('nsg-{0}', deployment().location)]` + +### Parameter: `deploymentScriptResourceGroupName` + +The name of the resource group to create the deployment script for resource providers registration. + +- Required: No +- Type: string +- Default: `[format('rsg-{0}-ds', deployment().location)]` + +### Parameter: `deploymentScriptStorageAccountName` + +The name of the storage account for the deployment script. + +- Required: No +- Type: string +- Default: `[format('stgds{0}', substring(uniqueString(deployment().name, parameters('virtualNetworkLocation')), 0, 10))]` + +### Parameter: `deploymentScriptVirtualNetworkName` + +The name of the private virtual network for the deployment script. The string must consist of a-z, A-Z, 0-9, -, _, and . (period) and be between 2 and 64 characters in length. + +- Required: No +- Type: string +- Default: `[format('vnet-{0}', deployment().location)]` + +### Parameter: `enableTelemetry` + +Enable/Disable usage telemetry for module. + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `existingSubscriptionId` + +An existing subscription ID. Use this when you do not want the module to create a new subscription. But do want to manage the management group membership. A subscription ID should be provided in the example format `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `hubNetworkResourceId` + +The resource ID of the Virtual Network or Virtual WAN Hub in the hub to which the created Virtual Network, by this module, will be peered/connected to via Virtual Network Peering or a Virtual WAN Virtual Hub Connection.

    + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `managementGroupAssociationDelayCount` + +The number of blank ARM deployments to create sequentially to introduce a delay to the Subscription being moved to the target Management Group being, if set, to allow for background platform RBAC inheritance to occur. + +- Required: No +- Type: int +- Default: `15` + +### Parameter: `resourceProviders` + +An object of resource providers and resource providers features to register. If left blank/empty, no resource providers will be registered.

    + +- Required: No +- Type: object +- Default: + ```Bicep + { + 'Microsoft.ApiManagement': [] + 'Microsoft.AppPlatform': [] + 'Microsoft.Authorization': [] + 'Microsoft.Automation': [] + 'Microsoft.AVS': [] + 'Microsoft.Blueprint': [] + 'Microsoft.BotService': [] + 'Microsoft.Cache': [] + 'Microsoft.Cdn': [] + 'Microsoft.CognitiveServices': [] + 'Microsoft.Compute': [] + 'Microsoft.ContainerInstance': [] + 'Microsoft.ContainerRegistry': [] + 'Microsoft.ContainerService': [] + 'Microsoft.CostManagement': [] + 'Microsoft.CustomProviders': [] + 'Microsoft.Databricks': [] + 'Microsoft.DataLakeAnalytics': [] + 'Microsoft.DataLakeStore': [] + 'Microsoft.DataMigration': [] + 'Microsoft.DataProtection': [] + 'Microsoft.DBforMariaDB': [] + 'Microsoft.DBforMySQL': [] + 'Microsoft.DBforPostgreSQL': [] + 'Microsoft.DesktopVirtualization': [] + 'Microsoft.Devices': [] + 'Microsoft.DevTestLab': [] + 'Microsoft.DocumentDB': [] + 'Microsoft.EventGrid': [] + 'Microsoft.EventHub': [] + 'Microsoft.GuestConfiguration': [] + 'Microsoft.HDInsight': [] + 'Microsoft.HealthcareApis': [] + 'microsoft.insights': [] + 'Microsoft.KeyVault': [] + 'Microsoft.Kusto': [] + 'Microsoft.Logic': [] + 'Microsoft.MachineLearningServices': [] + 'Microsoft.Maintenance': [] + 'Microsoft.ManagedIdentity': [] + 'Microsoft.ManagedServices': [] + 'Microsoft.Management': [] + 'Microsoft.Maps': [] + 'Microsoft.MarketplaceOrdering': [] + 'Microsoft.Media': [] + 'Microsoft.MixedReality': [] + 'Microsoft.Network': [] + 'Microsoft.NotificationHubs': [] + 'Microsoft.OperationalInsights': [] + 'Microsoft.OperationsManagement': [] + 'Microsoft.PolicyInsights': [] + 'Microsoft.PowerBIDedicated': [] + 'Microsoft.RecoveryServices': [] + 'Microsoft.Relay': [] + 'Microsoft.Resources': [] + 'Microsoft.Search': [] + 'Microsoft.Security': [] + 'Microsoft.SecurityInsights': [] + 'Microsoft.ServiceBus': [] + 'Microsoft.ServiceFabric': [] + 'Microsoft.Sql': [] + 'Microsoft.Storage': [] + 'Microsoft.StreamAnalytics': [] + 'Microsoft.Web': [] + } + ``` + +### Parameter: `roleAssignmentEnabled` + +Whether to create role assignments or not. If true, supply the array of role assignment objects in the parameter called `roleAssignments`.

    + +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `roleAssignments` + +Supply an array of objects containing the details of the role assignments to create.

    Each object must contain the following `keys`:

  • `principalId` = The Object ID of the User, Group, SPN, Managed Identity to assign the RBAC role too.
  • `definition` = The Name of one of the pre-defined built-In RBAC Roles or a Resource ID of a Built-in or custom RBAC Role Definition as follows:

    - You can only provide the RBAC role name of the pre-defined roles (Contributor, Owner, Reader, Role Based Access Control Administrator (Preview), and User Access Administrator). We only provide those roles as they are the most common ones to assign to a new subscription, also to reduce the template size and complexity in case we define each and every Built-in RBAC role.

    - You can provide the Resource ID of a Built-in or custom RBAC Role Definition

    - e.g. `/providers/Microsoft.Authorization/roleDefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`

  • `relativeScope` = 2 options can be provided for input value:

    1. `''` *(empty string)* = Make RBAC Role Assignment to Subscription scope

    2. `'/resourceGroups/'` = Make RBAC Role Assignment to specified Resource Group.

    + +- Required: No +- Type: array +- Default: `[]` +- Example: + ```Bicep + [ + { + // Contributor role assignment at subscription scope + principalId: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' + definition: '/Contributor' + relativeScope: '' + } + { + // Owner role assignment at resource group scope + principalId: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' + definition: '/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635' + relativeScope: '/resourceGroups/{resourceGroupName}' + } + ] + ``` + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`definition`](#parameter-roleassignmentsdefinition) | string | The role definition ID or name. | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the user, group, or service principal. | +| [`relativeScope`](#parameter-roleassignmentsrelativescope) | string | The relative scope of the role assignment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`roleAssignmentCondition`](#parameter-roleassignmentsroleassignmentcondition) | object | The condition for the role assignment. | + +### Parameter: `roleAssignments.definition` + +The role definition ID or name. + +- Required: Yes +- Type: string + +### Parameter: `roleAssignments.principalId` + +The principal ID of the user, group, or service principal. + +- Required: Yes +- Type: string + +### Parameter: `roleAssignments.relativeScope` + +The relative scope of the role assignment. + +- Required: Yes +- Type: string + +### Parameter: `roleAssignments.roleAssignmentCondition` + +The condition for the role assignment. + +- Required: No +- Type: object + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`conditionVersion`](#parameter-roleassignmentsroleassignmentconditionconditionversion) | string | The version of the condition template. | +| [`delegationCode`](#parameter-roleassignmentsroleassignmentconditiondelegationcode) | string | The code for a custom condition if no template is used. The user should supply their own custom code if the available templates are not matching their requirements. If a value is provided, this will overwrite any added template. All single quotes needs to be skipped using '. | +| [`roleConditionType`](#parameter-roleassignmentsroleassignmentconditionroleconditiontype) | object | The type of template for the role assignment condition. | + +### Parameter: `roleAssignments.roleAssignmentCondition.conditionVersion` + +The version of the condition template. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` + +### Parameter: `roleAssignments.roleAssignmentCondition.delegationCode` + +The code for a custom condition if no template is used. The user should supply their own custom code if the available templates are not matching their requirements. If a value is provided, this will overwrite any added template. All single quotes needs to be skipped using '. + +- Required: No +- Type: string + +### Parameter: `roleAssignments.roleAssignmentCondition.roleConditionType` + +The type of template for the role assignment condition. + +- Required: No +- Type: object + +### Parameter: `subscriptionAliasEnabled` + +Whether to create a new Subscription using the Subscription Alias resource. If `false`, supply an existing Subscription''s ID in the parameter named `existingSubscriptionId` instead to deploy resources to an existing Subscription. + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `subscriptionAliasName` + +The name of the Subscription Alias, that will be created by this module.

    The string must be comprised of `a-z`, `A-Z`, `0-9`, `-`, `_` and ` ` (space). The maximum length is 63 characters.

    > **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.

    + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subscriptionBillingScope` + +The Billing Scope for the new Subscription alias, that will be created by this module.

    A valid Billing Scope looks like `/providers/Microsoft.Billing/billingAccounts/{billingAccountName}/enrollmentAccounts/{enrollmentAccountName}` and is case sensitive.

    > **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.

    + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subscriptionDisplayName` + +The name of the subscription alias. The string must be comprised of a-z, A-Z, 0-9, - and _. The maximum length is 63 characters.

    The string must be comprised of `a-z`, `A-Z`, `0-9`, `-`, `_` and ` ` (space). The maximum length is 63 characters.

    > The value for this parameter and the parameter named `subscriptionAliasName` are usually set to the same value for simplicity. But they can be different if required for a reason.

    > **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.

    + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subscriptionManagementGroupAssociationEnabled` + +Whether to move the Subscription to the specified Management Group supplied in the parameter `subscriptionManagementGroupId`.

    + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `subscriptionManagementGroupId` + +The destination Management Group ID for the new Subscription that will be created by this module (or the existing one provided in the parameter `existingSubscriptionId`).

    **IMPORTANT:** Do not supply the display name of the Management Group. The Management Group ID forms part of the Azure Resource ID. e.g., `/providers/Microsoft.Management/managementGroups/{managementGroupId}`.

    + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subscriptionOwnerId` + +The Azure Active Directory principals object ID (GUID) to whom should be the Subscription Owner.

    > **Leave blank unless following this scenario only [Programmatically create MCA subscriptions across Azure Active Directory tenants](https://learn.microsoft.com/azure/cost-management-billing/manage/programmatically-create-subscription-microsoft-customer-agreement-across-tenants)**. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subscriptionTags` + +An object of Tag key & value pairs to be appended to a Subscription.

    > **NOTE:** Tags will only be overwritten if existing tag exists with same key as provided in this parameter; values provided here win.

    + +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `subscriptionTenantId` + +The Azure Active Directory Tenant ID (GUID) to which the Subscription should be attached to.

    > **Leave blank unless following this scenario only [Programmatically create MCA subscriptions across Azure Active Directory tenants](https://learn.microsoft.com/azure/cost-management-billing/manage/programmatically-create-subscription-microsoft-customer-agreement-across-tenants)**. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subscriptionWorkload` + +The workload type can be either `Production` or `DevTest` and is case sensitive.

    > **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.

    + +- Required: No +- Type: string +- Default: `'Production'` +- Allowed: + ```Bicep + [ + 'DevTest' + 'Production' + ] + ``` + +### Parameter: `vHubRoutingIntentEnabled` + +Indicates whether routing intent is enabled on the Virtual Hub within the Virtual WAN.

    + +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `virtualNetworkAddressSpace` + +The address space of the Virtual Network that will be created by this module, supplied as multiple CIDR blocks in an array, e.g. `["10.0.0.0/16","172.16.0.0/12"]`. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `virtualNetworkDdosPlanResourceId` + +The resource ID of an existing DDoS Network Protection Plan that you wish to link to this Virtual Network.

    + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `virtualNetworkDeploymentScriptAddressPrefix` + +The address prefix of the private virtual network for the deployment script. + +- Required: No +- Type: string +- Default: `'192.168.0.0/24'` + +### Parameter: `virtualNetworkDnsServers` + +The custom DNS servers to use on the Virtual Network, e.g. `["10.4.1.4", "10.2.1.5"]`. If left empty (default) then Azure DNS will be used for the Virtual Network.

    + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `virtualNetworkEnabled` + +Whether to create a Virtual Network or not.

    If set to `true` ensure you also provide values for the following parameters at a minimum:

  • `virtualNetworkResourceGroupName`
  • `virtualNetworkResourceGroupLockEnabled`
  • `virtualNetworkLocation`
  • `virtualNetworkName`
  • `virtualNetworkAddressSpace`

    > Other parameters may need to be set based on other parameters that you enable that are listed above. Check each parameters documentation for further information.

    + +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `virtualNetworkLocation` + +The location of the virtual network. Use region shortnames e.g. `uksouth`, `eastus`, etc. Defaults to the region where the ARM/Bicep deployment is targeted to unless overridden.

    + +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `virtualNetworkName` + +The name of the virtual network. The string must consist of a-z, A-Z, 0-9, -, _, and . (period) and be between 2 and 64 characters in length.

    + +- Required: No +- Type: string + +### Parameter: `virtualNetworkPeeringEnabled` + +Whether to enable peering/connection with the supplied hub Virtual Network or Virtual WAN Virtual Hub.

    + +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `virtualNetworkResourceGroupLockEnabled` + +Enables the deployment of a `CanNotDelete` resource locks to the Virtual Networks Resource Group that is created by this module.

    + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `virtualNetworkResourceGroupName` + +The name of the Resource Group to create the Virtual Network in that is created by this module.

    + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `virtualNetworkResourceGroupTags` + +An object of Tag key & value pairs to be appended to the Resource Group that the Virtual Network is created in.

    > **NOTE:** Tags will only be overwritten if existing tag exists with same key as provided in this parameter; values provided here win.

    + +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `virtualNetworkTags` + +An object of tag key/value pairs to be set on the Virtual Network that is created.

    > **NOTE:** Tags will be overwritten on resource if any exist already.

    + +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `virtualNetworkUseRemoteGateways` + +Enables the use of remote gateways in the specified hub virtual network.

    > **IMPORTANT:** If no gateways exist in the hub virtual network, set this to `false`, otherwise peering will fail to create.

    + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `virtualNetworkVwanAssociatedRouteTableResourceId` + +The resource ID of the virtual hub route table to associate to the virtual hub connection (this virtual network). If left blank/empty the `defaultRouteTable` will be associated.

    + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `virtualNetworkVwanEnableInternetSecurity` + +Enables the ability for the Virtual WAN Hub Connection to learn the default route 0.0.0.0/0 from the Hub.

    + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `virtualNetworkVwanPropagatedLabels` + +An array of virtual hub route table labels to propagate routes to. If left blank/empty the default label will be propagated to only.

    + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `virtualNetworkVwanPropagatedRouteTablesResourceIds` + +An array of of objects of virtual hub route table resource IDs to propagate routes to. If left blank/empty the `defaultRouteTable` will be propagated to only.

    Each object must contain the following `key`:

  • `id` = The Resource ID of the Virtual WAN Virtual Hub Route Table IDs you wish to propagate too

    > **IMPORTANT:** If you provide any Route Tables in this array of objects you must ensure you include also the `defaultRouteTable` Resource ID as an object in the array as it is not added by default when a value is provided for this parameter.

    + +- Required: No +- Type: array +- Default: `[]` + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `failedResourceProviders` | string | The resource providers that failed to register. | +| `failedResourceProvidersFeatures` | string | The resource providers features that failed to register. | +| `subscriptionAcceptOwnershipState` | string | The Subscription Owner State. Only used when creating MCA Subscriptions across tenants. | +| `subscriptionAcceptOwnershipUrl` | string | The Subscription Ownership URL. Only used when creating MCA Subscriptions across tenants. | +| `subscriptionId` | string | The Subscription ID that has been created or provided. | +| `subscriptionResourceId` | string | The Subscription Resource ID that has been created or provided. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `br/public:avm/ptn/authorization/role-assignment:0.1.1` | Remote reference | +| `br/public:avm/res/managed-identity/user-assigned-identity:0.2.2` | Remote reference | +| `br/public:avm/res/network/network-security-group:0.3.0` | Remote reference | +| `br/public:avm/res/network/virtual-network:0.5.0` | Remote reference | +| `br/public:avm/res/resources/deployment-script:0.2.3` | Remote reference | +| `br/public:avm/res/resources/resource-group:0.2.4` | Remote reference | +| `br/public:avm/res/storage/storage-account:0.9.1` | Remote reference | + +## Data Collection + +The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the [repository](https://aka.ms/avm/telemetry). There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at . You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices. diff --git a/avm/ptn/lz/sub-placement/main.bicep b/avm/ptn/lz/sub-placement/main.bicep index ae43119ea5..9581c4ab3f 100644 --- a/avm/ptn/lz/sub-placement/main.bicep +++ b/avm/ptn/lz/sub-placement/main.bicep @@ -23,10 +23,12 @@ param parSubscriptionPlacement typMgChild = [ } ] -module customsubscriptionPlacement './modules/helper.bicep' = [for (subscriptionPlacement, index) in parSubscriptionPlacement: { - name: 'subPlacement${index}' - params: { - managementGroupId: subscriptionPlacement.managementGroupId - subscriptionIds: subscriptionPlacement.subscriptionIds +module customsubscriptionPlacement './modules/helper.bicep' = [ + for (subscriptionPlacement, index) in parSubscriptionPlacement: { + name: 'subPlacement${index}' + params: { + managementGroupId: subscriptionPlacement.managementGroupId + subscriptionIds: subscriptionPlacement.subscriptionIds + } } -}] +] diff --git a/avm/ptn/lz/sub-placement/main.json b/avm/ptn/lz/sub-placement/main.json new file mode 100644 index 0000000000..75127387a3 --- /dev/null +++ b/avm/ptn/lz/sub-placement/main.json @@ -0,0 +1,50 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "name": "subscription-placement", + "description": "This module allows for placement of subscriptions to management groups", + "owner": "Azure/module-maintainers" + }, + "targetScope": "tenant", + "parameters": { + "parSubscriptionPlacement": { + "type": "array", + "metadata": { + "description": "Type definition for management group child containing management group ID and subscription IDs." + }, + "defaultValue": [ + { + "managementGroupId": "Group1", + "subscriptionIds": ["SUBID1", "SUBID2"] + }, + { + "managementGroupId": "Group2", + "subscriptionIds": ["SUBID3"] + } + ] + } + }, + "resources": [ + { + "name": "[format('subPlacement{0}', copyIndex())]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "properties": { + "mode": "Incremental", + "templateLink": { + "uri": "./modules/helper.bicep", + "contentVersion": "1.0.0.0" + }, + "parameters": { + "managementGroupId": "[copyIndex().managementGroupId]", + "subscriptionIds": "[copyIndex().subscriptionIds]" + } + }, + "copy": { + "name": "customsubscriptionPlacement", + "count": "[length(parameters('parSubscriptionPlacement'))]" + } + } + ] +} From ab0c8d4e5734f2f3a686fb0bd882f049fee398cb Mon Sep 17 00:00:00 2001 From: Nicky Griffin <153103937+31Nick@users.noreply.github.com> Date: Mon, 2 Dec 2024 15:56:10 +0000 Subject: [PATCH 07/64] Update README.md --- avm/ptn/lz/sub-placement/README.md | 1216 +--------------------------- 1 file changed, 12 insertions(+), 1204 deletions(-) diff --git a/avm/ptn/lz/sub-placement/README.md b/avm/ptn/lz/sub-placement/README.md index ca8f7d5147..0bb2c95d28 100644 --- a/avm/ptn/lz/sub-placement/README.md +++ b/avm/ptn/lz/sub-placement/README.md @@ -7,43 +7,13 @@ This module allows for a hierarchical configuration of subscriptions to manageme - [Resource Types](#Resource-Types) - [Usage examples](#Usage-examples) - [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) - [Data Collection](#Data-Collection) ## Resource Types | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.ManagedIdentity/userAssignedIdentities` | [2023-01-31](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ManagedIdentity/2023-01-31/userAssignedIdentities) | -| `Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials` | [2023-01-31](https://learn.microsoft.com/en-us/azure/templates/Microsoft.ManagedIdentity/2023-01-31/userAssignedIdentities/federatedIdentityCredentials) | -| `Microsoft.Management/managementGroups/subscriptions` | [2021-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Management/2021-04-01/managementGroups/subscriptions) | -| `Microsoft.Network/networkSecurityGroups` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-11-01/networkSecurityGroups) | -| `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -| `Microsoft.Network/virtualHubs/hubVirtualNetworkConnections` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-11-01/virtualHubs/hubVirtualNetworkConnections) | -| `Microsoft.Network/virtualNetworks` | [2024-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-01-01/virtualNetworks) | -| `Microsoft.Network/virtualNetworks/subnets` | [2024-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-01-01/virtualNetworks/subnets) | -| `Microsoft.Network/virtualNetworks/virtualNetworkPeerings` | [2024-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-01-01/virtualNetworks/virtualNetworkPeerings) | -| `Microsoft.Resources/deploymentScripts` | [2023-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Resources/2023-08-01/deploymentScripts) | -| `Microsoft.Resources/resourceGroups` | [2021-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Resources/2021-04-01/resourceGroups) | -| `Microsoft.Resources/tags` | [2019-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Resources/tags) | -| `Microsoft.Storage/storageAccounts` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2022-09-01/storageAccounts) | -| `Microsoft.Storage/storageAccounts/blobServices` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2022-09-01/storageAccounts/blobServices) | -| `Microsoft.Storage/storageAccounts/blobServices/containers` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2022-09-01/storageAccounts/blobServices/containers) | -| `Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies` | [2022-09-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2022-09-01/storageAccounts/blobServices/containers/immutabilityPolicies) | -| `Microsoft.Storage/storageAccounts/fileServices` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2023-04-01/storageAccounts/fileServices) | -| `Microsoft.Storage/storageAccounts/fileServices/shares` | [2023-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2023-01-01/storageAccounts/fileServices/shares) | -| `Microsoft.Storage/storageAccounts/localUsers` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2023-04-01/storageAccounts/localUsers) | -| `Microsoft.Storage/storageAccounts/managementPolicies` | [2023-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2023-01-01/storageAccounts/managementPolicies) | -| `Microsoft.Storage/storageAccounts/queueServices` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2023-04-01/storageAccounts/queueServices) | -| `Microsoft.Storage/storageAccounts/queueServices/queues` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2023-04-01/storageAccounts/queueServices/queues) | -| `Microsoft.Storage/storageAccounts/tableServices` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2023-04-01/storageAccounts/tableServices) | -| `Microsoft.Storage/storageAccounts/tableServices/tables` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Storage/2023-04-01/storageAccounts/tableServices/tables) | -| `Microsoft.Subscription/aliases` | [2021-10-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Subscription/2021-10-01/aliases) | +| `Microsoft.Management/managementGroups/subscriptions` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Management/managementgroups/subscriptions) | ## Usage examples @@ -147,1197 +117,35 @@ param parSubscriptionPlacement typMgChild = [

    -### Example 2: _Hub and spoke topology._ - -This instance deploys a subscription with a hub-spoke network topology. - - -

    - -via Bicep module - -```bicep -module subVending 'br/public:avm/ptn/lz/sub-vending:' = { - name: 'subVendingDeployment' - params: { - deploymentScriptLocation: '' - deploymentScriptManagedIdentityName: '' - deploymentScriptName: 'ds-ssahs' - deploymentScriptNetworkSecurityGroupName: '' - deploymentScriptResourceGroupName: '' - deploymentScriptStorageAccountName: '' - deploymentScriptVirtualNetworkName: '' - hubNetworkResourceId: '' - resourceProviders: { - 'Microsoft.AVS': [ - 'AzureServicesVm' - ] - 'Microsoft.HybridCompute': [ - 'ArcServerPrivateLinkPreview' - ] - } - roleAssignmentEnabled: true - roleAssignments: [ - { - definition: '/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7' - principalId: '896b1162-be44-4b28-888a-d01acc1b4271' - relativeScope: '' - } - ] - subscriptionAliasEnabled: true - subscriptionAliasName: '' - subscriptionBillingScope: '' - subscriptionDisplayName: '' - subscriptionManagementGroupAssociationEnabled: true - subscriptionManagementGroupId: 'bicep-lz-vending-automation-child' - subscriptionTags: { - namePrefix: '' - serviceShort: '' - } - subscriptionWorkload: 'Production' - virtualNetworkAddressSpace: [ - '10.110.0.0/16' - ] - virtualNetworkEnabled: true - virtualNetworkLocation: '' - virtualNetworkName: '' - virtualNetworkPeeringEnabled: true - virtualNetworkResourceGroupLockEnabled: false - virtualNetworkResourceGroupName: '' - virtualNetworkUseRemoteGateways: false - } -} -``` - -
    -

    - -

    - -via JSON parameters file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "deploymentScriptLocation": { - "value": "" - }, - "deploymentScriptManagedIdentityName": { - "value": "" - }, - "deploymentScriptName": { - "value": "ds-ssahs" - }, - "deploymentScriptNetworkSecurityGroupName": { - "value": "" - }, - "deploymentScriptResourceGroupName": { - "value": "" - }, - "deploymentScriptStorageAccountName": { - "value": "" - }, - "deploymentScriptVirtualNetworkName": { - "value": "" - }, - "hubNetworkResourceId": { - "value": "" - }, - "resourceProviders": { - "value": { - "Microsoft.AVS": [ - "AzureServicesVm" - ], - "Microsoft.HybridCompute": [ - "ArcServerPrivateLinkPreview" - ] - } - }, - "roleAssignmentEnabled": { - "value": true - }, - "roleAssignments": { - "value": [ - { - "definition": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7", - "principalId": "896b1162-be44-4b28-888a-d01acc1b4271", - "relativeScope": "" - } - ] - }, - "subscriptionAliasEnabled": { - "value": true - }, - "subscriptionAliasName": { - "value": "" - }, - "subscriptionBillingScope": { - "value": "" - }, - "subscriptionDisplayName": { - "value": "" - }, - "subscriptionManagementGroupAssociationEnabled": { - "value": true - }, - "subscriptionManagementGroupId": { - "value": "bicep-lz-vending-automation-child" - }, - "subscriptionTags": { - "value": { - "namePrefix": "", - "serviceShort": "" - } - }, - "subscriptionWorkload": { - "value": "Production" - }, - "virtualNetworkAddressSpace": { - "value": [ - "10.110.0.0/16" - ] - }, - "virtualNetworkEnabled": { - "value": true - }, - "virtualNetworkLocation": { - "value": "" - }, - "virtualNetworkName": { - "value": "" - }, - "virtualNetworkPeeringEnabled": { - "value": true - }, - "virtualNetworkResourceGroupLockEnabled": { - "value": false - }, - "virtualNetworkResourceGroupName": { - "value": "" - }, - "virtualNetworkUseRemoteGateways": { - "value": false - } - } -} -``` - -
    -

    - -

    - -via Bicep parameters file - -```bicep-params -using 'br/public:avm/ptn/lz/sub-vending:' - -param deploymentScriptLocation = '' -param deploymentScriptManagedIdentityName = '' -param deploymentScriptName = 'ds-ssahs' -param deploymentScriptNetworkSecurityGroupName = '' -param deploymentScriptResourceGroupName = '' -param deploymentScriptStorageAccountName = '' -param deploymentScriptVirtualNetworkName = '' -param hubNetworkResourceId = '' -param resourceProviders = { - 'Microsoft.AVS': [ - 'AzureServicesVm' - ] - 'Microsoft.HybridCompute': [ - 'ArcServerPrivateLinkPreview' - ] -} -param roleAssignmentEnabled = true -param roleAssignments = [ - { - definition: '/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7' - principalId: '896b1162-be44-4b28-888a-d01acc1b4271' - relativeScope: '' - } -] -param subscriptionAliasEnabled = true -param subscriptionAliasName = '' -param subscriptionBillingScope = '' -param subscriptionDisplayName = '' -param subscriptionManagementGroupAssociationEnabled = true -param subscriptionManagementGroupId = 'bicep-lz-vending-automation-child' -param subscriptionTags = { - namePrefix: '' - serviceShort: '' -} -param subscriptionWorkload = 'Production' -param virtualNetworkAddressSpace = [ - '10.110.0.0/16' -] -param virtualNetworkEnabled = true -param virtualNetworkLocation = '' -param virtualNetworkName = '' -param virtualNetworkPeeringEnabled = true -param virtualNetworkResourceGroupLockEnabled = false -param virtualNetworkResourceGroupName = '' -param virtualNetworkUseRemoteGateways = false -``` - -
    -

    - -### Example 3: _Using RBAC conditions._ - -This instance deploys the module with RBAC conditions for the role assignments. - - -

    - -via Bicep module - -```bicep -module subVending 'br/public:avm/ptn/lz/sub-vending:' = { - name: 'subVendingDeployment' - params: { - resourceProviders: {} - roleAssignmentEnabled: true - roleAssignments: [ - { - definition: '/providers/Microsoft.Authorization/roleDefinitions/f58310d9-a9f6-439a-9e8d-f62e7b41a168' - principalId: '896b1162-be44-4b28-888a-d01acc1b4271' - relativeScope: '' - roleAssignmentCondition: { - roleConditionType: { - principleTypesToAssign: [ - 'Group' - 'ServicePrincipal' - ] - rolesToAssign: [ - 'b24988ac-6180-42a0-ab88-20f7382dd24c' - ] - templateName: 'constrainRolesAndPrincipalTypes' - } - } - } - ] - subscriptionAliasEnabled: true - subscriptionAliasName: '' - subscriptionBillingScope: '' - subscriptionDisplayName: '' - subscriptionManagementGroupAssociationEnabled: true - subscriptionManagementGroupId: 'bicep-lz-vending-automation-child' - subscriptionTags: { - namePrefix: '' - serviceShort: '' - } - subscriptionWorkload: 'Production' - } -} -``` - -
    -

    - -

    - -via JSON parameters file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "resourceProviders": { - "value": {} - }, - "roleAssignmentEnabled": { - "value": true - }, - "roleAssignments": { - "value": [ - { - "definition": "/providers/Microsoft.Authorization/roleDefinitions/f58310d9-a9f6-439a-9e8d-f62e7b41a168", - "principalId": "896b1162-be44-4b28-888a-d01acc1b4271", - "relativeScope": "", - "roleAssignmentCondition": { - "roleConditionType": { - "principleTypesToAssign": [ - "Group", - "ServicePrincipal" - ], - "rolesToAssign": [ - "b24988ac-6180-42a0-ab88-20f7382dd24c" - ], - "templateName": "constrainRolesAndPrincipalTypes" - } - } - } - ] - }, - "subscriptionAliasEnabled": { - "value": true - }, - "subscriptionAliasName": { - "value": "" - }, - "subscriptionBillingScope": { - "value": "" - }, - "subscriptionDisplayName": { - "value": "" - }, - "subscriptionManagementGroupAssociationEnabled": { - "value": true - }, - "subscriptionManagementGroupId": { - "value": "bicep-lz-vending-automation-child" - }, - "subscriptionTags": { - "value": { - "namePrefix": "", - "serviceShort": "" - } - }, - "subscriptionWorkload": { - "value": "Production" - } - } -} -``` - -
    -

    - -

    - -via Bicep parameters file - -```bicep-params -using 'br/public:avm/ptn/lz/sub-vending:' - -param resourceProviders = {} -param roleAssignmentEnabled = true -param roleAssignments = [ - { - definition: '/providers/Microsoft.Authorization/roleDefinitions/f58310d9-a9f6-439a-9e8d-f62e7b41a168' - principalId: '896b1162-be44-4b28-888a-d01acc1b4271' - relativeScope: '' - roleAssignmentCondition: { - roleConditionType: { - principleTypesToAssign: [ - 'Group' - 'ServicePrincipal' - ] - rolesToAssign: [ - 'b24988ac-6180-42a0-ab88-20f7382dd24c' - ] - templateName: 'constrainRolesAndPrincipalTypes' - } - } - } -] -param subscriptionAliasEnabled = true -param subscriptionAliasName = '' -param subscriptionBillingScope = '' -param subscriptionDisplayName = '' -param subscriptionManagementGroupAssociationEnabled = true -param subscriptionManagementGroupId = 'bicep-lz-vending-automation-child' -param subscriptionTags = { - namePrefix: '' - serviceShort: '' -} -param subscriptionWorkload = 'Production' -``` - -
    -

    - -### Example 4: _Vwan topology._ - -This instance deploys a subscription with a vwan network topology. - - -

    - -via Bicep module - -```bicep -module subVending 'br/public:avm/ptn/lz/sub-vending:' = { - name: 'subVendingDeployment' - params: { - deploymentScriptLocation: '' - deploymentScriptManagedIdentityName: '' - deploymentScriptName: 'ds-ssawan' - deploymentScriptNetworkSecurityGroupName: '' - deploymentScriptResourceGroupName: '' - deploymentScriptStorageAccountName: '' - deploymentScriptVirtualNetworkName: '' - hubNetworkResourceId: '' - resourceProviders: {} - roleAssignmentEnabled: true - roleAssignments: [ - { - definition: '/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7' - principalId: '896b1162-be44-4b28-888a-d01acc1b4271' - relativeScope: '' - } - ] - subscriptionAliasEnabled: true - subscriptionAliasName: '' - subscriptionBillingScope: '' - subscriptionDisplayName: '' - subscriptionManagementGroupAssociationEnabled: true - subscriptionManagementGroupId: 'bicep-lz-vending-automation-child' - subscriptionTags: { - namePrefix: '' - serviceShort: '' - } - subscriptionWorkload: 'Production' - virtualNetworkAddressSpace: [ - '10.210.0.0/16' - ] - virtualNetworkEnabled: true - virtualNetworkLocation: '' - virtualNetworkName: '' - virtualNetworkPeeringEnabled: true - virtualNetworkResourceGroupLockEnabled: false - virtualNetworkResourceGroupName: '' - } -} -``` - -
    -

    - -

    - -via JSON parameters file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "deploymentScriptLocation": { - "value": "" - }, - "deploymentScriptManagedIdentityName": { - "value": "" - }, - "deploymentScriptName": { - "value": "ds-ssawan" - }, - "deploymentScriptNetworkSecurityGroupName": { - "value": "" - }, - "deploymentScriptResourceGroupName": { - "value": "" - }, - "deploymentScriptStorageAccountName": { - "value": "" - }, - "deploymentScriptVirtualNetworkName": { - "value": "" - }, - "hubNetworkResourceId": { - "value": "" - }, - "resourceProviders": { - "value": {} - }, - "roleAssignmentEnabled": { - "value": true - }, - "roleAssignments": { - "value": [ - { - "definition": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7", - "principalId": "896b1162-be44-4b28-888a-d01acc1b4271", - "relativeScope": "" - } - ] - }, - "subscriptionAliasEnabled": { - "value": true - }, - "subscriptionAliasName": { - "value": "" - }, - "subscriptionBillingScope": { - "value": "" - }, - "subscriptionDisplayName": { - "value": "" - }, - "subscriptionManagementGroupAssociationEnabled": { - "value": true - }, - "subscriptionManagementGroupId": { - "value": "bicep-lz-vending-automation-child" - }, - "subscriptionTags": { - "value": { - "namePrefix": "", - "serviceShort": "" - } - }, - "subscriptionWorkload": { - "value": "Production" - }, - "virtualNetworkAddressSpace": { - "value": [ - "10.210.0.0/16" - ] - }, - "virtualNetworkEnabled": { - "value": true - }, - "virtualNetworkLocation": { - "value": "" - }, - "virtualNetworkName": { - "value": "" - }, - "virtualNetworkPeeringEnabled": { - "value": true - }, - "virtualNetworkResourceGroupLockEnabled": { - "value": false - }, - "virtualNetworkResourceGroupName": { - "value": "" - } - } -} -``` - -
    -

    - -

    - -via Bicep parameters file - -```bicep-params -using 'br/public:avm/ptn/lz/sub-vending:' - -param deploymentScriptLocation = '' -param deploymentScriptManagedIdentityName = '' -param deploymentScriptName = 'ds-ssawan' -param deploymentScriptNetworkSecurityGroupName = '' -param deploymentScriptResourceGroupName = '' -param deploymentScriptStorageAccountName = '' -param deploymentScriptVirtualNetworkName = '' -param hubNetworkResourceId = '' -param resourceProviders = {} -param roleAssignmentEnabled = true -param roleAssignments = [ - { - definition: '/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7' - principalId: '896b1162-be44-4b28-888a-d01acc1b4271' - relativeScope: '' - } -] -param subscriptionAliasEnabled = true -param subscriptionAliasName = '' -param subscriptionBillingScope = '' -param subscriptionDisplayName = '' -param subscriptionManagementGroupAssociationEnabled = true -param subscriptionManagementGroupId = 'bicep-lz-vending-automation-child' -param subscriptionTags = { - namePrefix: '' - serviceShort: '' -} -param subscriptionWorkload = 'Production' -param virtualNetworkAddressSpace = [ - '10.210.0.0/16' -] -param virtualNetworkEnabled = true -param virtualNetworkLocation = '' -param virtualNetworkName = '' -param virtualNetworkPeeringEnabled = true -param virtualNetworkResourceGroupLockEnabled = false -param virtualNetworkResourceGroupName = '' -``` - -
    -

    - ## Parameters -**Optional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`deploymentScriptLocation`](#parameter-deploymentscriptlocation) | string | The location of the deployment script. Use region shortnames e.g. uksouth, eastus, etc. | -| [`deploymentScriptManagedIdentityName`](#parameter-deploymentscriptmanagedidentityname) | string | The name of the user managed identity for the resource providers registration deployment script. | -| [`deploymentScriptName`](#parameter-deploymentscriptname) | string | The name of the deployment script to register resource providers. | -| [`deploymentScriptNetworkSecurityGroupName`](#parameter-deploymentscriptnetworksecuritygroupname) | string | The name of the network security group for the deployment script private subnet. | -| [`deploymentScriptResourceGroupName`](#parameter-deploymentscriptresourcegroupname) | string | The name of the resource group to create the deployment script for resource providers registration. | -| [`deploymentScriptStorageAccountName`](#parameter-deploymentscriptstorageaccountname) | string | The name of the storage account for the deployment script. | -| [`deploymentScriptVirtualNetworkName`](#parameter-deploymentscriptvirtualnetworkname) | string | The name of the private virtual network for the deployment script. The string must consist of a-z, A-Z, 0-9, -, _, and . (period) and be between 2 and 64 characters in length. | -| [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | -| [`existingSubscriptionId`](#parameter-existingsubscriptionid) | string | An existing subscription ID. Use this when you do not want the module to create a new subscription. But do want to manage the management group membership. A subscription ID should be provided in the example format `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`. | -| [`hubNetworkResourceId`](#parameter-hubnetworkresourceid) | string | The resource ID of the Virtual Network or Virtual WAN Hub in the hub to which the created Virtual Network, by this module, will be peered/connected to via Virtual Network Peering or a Virtual WAN Virtual Hub Connection.

    | -| [`managementGroupAssociationDelayCount`](#parameter-managementgroupassociationdelaycount) | int | The number of blank ARM deployments to create sequentially to introduce a delay to the Subscription being moved to the target Management Group being, if set, to allow for background platform RBAC inheritance to occur. | -| [`resourceProviders`](#parameter-resourceproviders) | object | An object of resource providers and resource providers features to register. If left blank/empty, no resource providers will be registered.

    | -| [`roleAssignmentEnabled`](#parameter-roleassignmentenabled) | bool | Whether to create role assignments or not. If true, supply the array of role assignment objects in the parameter called `roleAssignments`.

    | -| [`roleAssignments`](#parameter-roleassignments) | array | Supply an array of objects containing the details of the role assignments to create.

    Each object must contain the following `keys`:

  • `principalId` = The Object ID of the User, Group, SPN, Managed Identity to assign the RBAC role too.
  • `definition` = The Name of one of the pre-defined built-In RBAC Roles or a Resource ID of a Built-in or custom RBAC Role Definition as follows:

    - You can only provide the RBAC role name of the pre-defined roles (Contributor, Owner, Reader, Role Based Access Control Administrator (Preview), and User Access Administrator). We only provide those roles as they are the most common ones to assign to a new subscription, also to reduce the template size and complexity in case we define each and every Built-in RBAC role.

    - You can provide the Resource ID of a Built-in or custom RBAC Role Definition

    - e.g. `/providers/Microsoft.Authorization/roleDefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`

  • `relativeScope` = 2 options can be provided for input value:

    1. `''` *(empty string)* = Make RBAC Role Assignment to Subscription scope

    2. `'/resourceGroups/'` = Make RBAC Role Assignment to specified Resource Group.

    | -| [`subscriptionAliasEnabled`](#parameter-subscriptionaliasenabled) | bool | Whether to create a new Subscription using the Subscription Alias resource. If `false`, supply an existing Subscription''s ID in the parameter named `existingSubscriptionId` instead to deploy resources to an existing Subscription. | -| [`subscriptionAliasName`](#parameter-subscriptionaliasname) | string | The name of the Subscription Alias, that will be created by this module.

    The string must be comprised of `a-z`, `A-Z`, `0-9`, `-`, `_` and ` ` (space). The maximum length is 63 characters.

    > **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.

    | -| [`subscriptionBillingScope`](#parameter-subscriptionbillingscope) | string | The Billing Scope for the new Subscription alias, that will be created by this module.

    A valid Billing Scope looks like `/providers/Microsoft.Billing/billingAccounts/{billingAccountName}/enrollmentAccounts/{enrollmentAccountName}` and is case sensitive.

    > **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.

    | -| [`subscriptionDisplayName`](#parameter-subscriptiondisplayname) | string | The name of the subscription alias. The string must be comprised of a-z, A-Z, 0-9, - and _. The maximum length is 63 characters.

    The string must be comprised of `a-z`, `A-Z`, `0-9`, `-`, `_` and ` ` (space). The maximum length is 63 characters.

    > The value for this parameter and the parameter named `subscriptionAliasName` are usually set to the same value for simplicity. But they can be different if required for a reason.

    > **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.

    | -| [`subscriptionManagementGroupAssociationEnabled`](#parameter-subscriptionmanagementgroupassociationenabled) | bool | Whether to move the Subscription to the specified Management Group supplied in the parameter `subscriptionManagementGroupId`.

    | -| [`subscriptionManagementGroupId`](#parameter-subscriptionmanagementgroupid) | string | The destination Management Group ID for the new Subscription that will be created by this module (or the existing one provided in the parameter `existingSubscriptionId`).

    **IMPORTANT:** Do not supply the display name of the Management Group. The Management Group ID forms part of the Azure Resource ID. e.g., `/providers/Microsoft.Management/managementGroups/{managementGroupId}`.

    | -| [`subscriptionOwnerId`](#parameter-subscriptionownerid) | string | The Azure Active Directory principals object ID (GUID) to whom should be the Subscription Owner.

    > **Leave blank unless following this scenario only [Programmatically create MCA subscriptions across Azure Active Directory tenants](https://learn.microsoft.com/azure/cost-management-billing/manage/programmatically-create-subscription-microsoft-customer-agreement-across-tenants)**. | -| [`subscriptionTags`](#parameter-subscriptiontags) | object | An object of Tag key & value pairs to be appended to a Subscription.

    > **NOTE:** Tags will only be overwritten if existing tag exists with same key as provided in this parameter; values provided here win.

    | -| [`subscriptionTenantId`](#parameter-subscriptiontenantid) | string | The Azure Active Directory Tenant ID (GUID) to which the Subscription should be attached to.

    > **Leave blank unless following this scenario only [Programmatically create MCA subscriptions across Azure Active Directory tenants](https://learn.microsoft.com/azure/cost-management-billing/manage/programmatically-create-subscription-microsoft-customer-agreement-across-tenants)**. | -| [`subscriptionWorkload`](#parameter-subscriptionworkload) | string | The workload type can be either `Production` or `DevTest` and is case sensitive.

    > **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.

    | -| [`vHubRoutingIntentEnabled`](#parameter-vhubroutingintentenabled) | bool | Indicates whether routing intent is enabled on the Virtual Hub within the Virtual WAN.

    | -| [`virtualNetworkAddressSpace`](#parameter-virtualnetworkaddressspace) | array | The address space of the Virtual Network that will be created by this module, supplied as multiple CIDR blocks in an array, e.g. `["10.0.0.0/16","172.16.0.0/12"]`. | -| [`virtualNetworkDdosPlanResourceId`](#parameter-virtualnetworkddosplanresourceid) | string | The resource ID of an existing DDoS Network Protection Plan that you wish to link to this Virtual Network.

    | -| [`virtualNetworkDeploymentScriptAddressPrefix`](#parameter-virtualnetworkdeploymentscriptaddressprefix) | string | The address prefix of the private virtual network for the deployment script. | -| [`virtualNetworkDnsServers`](#parameter-virtualnetworkdnsservers) | array | The custom DNS servers to use on the Virtual Network, e.g. `["10.4.1.4", "10.2.1.5"]`. If left empty (default) then Azure DNS will be used for the Virtual Network.

    | -| [`virtualNetworkEnabled`](#parameter-virtualnetworkenabled) | bool | Whether to create a Virtual Network or not.

    If set to `true` ensure you also provide values for the following parameters at a minimum:

  • `virtualNetworkResourceGroupName`
  • `virtualNetworkResourceGroupLockEnabled`
  • `virtualNetworkLocation`
  • `virtualNetworkName`
  • `virtualNetworkAddressSpace`

    > Other parameters may need to be set based on other parameters that you enable that are listed above. Check each parameters documentation for further information.

    | -| [`virtualNetworkLocation`](#parameter-virtualnetworklocation) | string | The location of the virtual network. Use region shortnames e.g. `uksouth`, `eastus`, etc. Defaults to the region where the ARM/Bicep deployment is targeted to unless overridden.

    | -| [`virtualNetworkName`](#parameter-virtualnetworkname) | string | The name of the virtual network. The string must consist of a-z, A-Z, 0-9, -, _, and . (period) and be between 2 and 64 characters in length.

    | -| [`virtualNetworkPeeringEnabled`](#parameter-virtualnetworkpeeringenabled) | bool | Whether to enable peering/connection with the supplied hub Virtual Network or Virtual WAN Virtual Hub.

    | -| [`virtualNetworkResourceGroupLockEnabled`](#parameter-virtualnetworkresourcegrouplockenabled) | bool | Enables the deployment of a `CanNotDelete` resource locks to the Virtual Networks Resource Group that is created by this module.

    | -| [`virtualNetworkResourceGroupName`](#parameter-virtualnetworkresourcegroupname) | string | The name of the Resource Group to create the Virtual Network in that is created by this module.

    | -| [`virtualNetworkResourceGroupTags`](#parameter-virtualnetworkresourcegrouptags) | object | An object of Tag key & value pairs to be appended to the Resource Group that the Virtual Network is created in.

    > **NOTE:** Tags will only be overwritten if existing tag exists with same key as provided in this parameter; values provided here win.

    | -| [`virtualNetworkTags`](#parameter-virtualnetworktags) | object | An object of tag key/value pairs to be set on the Virtual Network that is created.

    > **NOTE:** Tags will be overwritten on resource if any exist already.

    | -| [`virtualNetworkUseRemoteGateways`](#parameter-virtualnetworkuseremotegateways) | bool | Enables the use of remote gateways in the specified hub virtual network.

    > **IMPORTANT:** If no gateways exist in the hub virtual network, set this to `false`, otherwise peering will fail to create.

    | -| [`virtualNetworkVwanAssociatedRouteTableResourceId`](#parameter-virtualnetworkvwanassociatedroutetableresourceid) | string | The resource ID of the virtual hub route table to associate to the virtual hub connection (this virtual network). If left blank/empty the `defaultRouteTable` will be associated.

    | -| [`virtualNetworkVwanEnableInternetSecurity`](#parameter-virtualnetworkvwanenableinternetsecurity) | bool | Enables the ability for the Virtual WAN Hub Connection to learn the default route 0.0.0.0/0 from the Hub.

    | -| [`virtualNetworkVwanPropagatedLabels`](#parameter-virtualnetworkvwanpropagatedlabels) | array | An array of virtual hub route table labels to propagate routes to. If left blank/empty the default label will be propagated to only.

    | -| [`virtualNetworkVwanPropagatedRouteTablesResourceIds`](#parameter-virtualnetworkvwanpropagatedroutetablesresourceids) | array | An array of of objects of virtual hub route table resource IDs to propagate routes to. If left blank/empty the `defaultRouteTable` will be propagated to only.

    Each object must contain the following `key`:

  • `id` = The Resource ID of the Virtual WAN Virtual Hub Route Table IDs you wish to propagate too

    > **IMPORTANT:** If you provide any Route Tables in this array of objects you must ensure you include also the `defaultRouteTable` Resource ID as an object in the array as it is not added by default when a value is provided for this parameter.

    | - -### Parameter: `deploymentScriptLocation` - -The location of the deployment script. Use region shortnames e.g. uksouth, eastus, etc. - -- Required: No -- Type: string -- Default: `[deployment().location]` - -### Parameter: `deploymentScriptManagedIdentityName` - -The name of the user managed identity for the resource providers registration deployment script. - -- Required: No -- Type: string -- Default: `[format('id-{0}', deployment().location)]` - -### Parameter: `deploymentScriptName` - -The name of the deployment script to register resource providers. - -- Required: No -- Type: string -- Default: `[format('ds-{0}', deployment().location)]` - -### Parameter: `deploymentScriptNetworkSecurityGroupName` - -The name of the network security group for the deployment script private subnet. - -- Required: No -- Type: string -- Default: `[format('nsg-{0}', deployment().location)]` - -### Parameter: `deploymentScriptResourceGroupName` - -The name of the resource group to create the deployment script for resource providers registration. - -- Required: No -- Type: string -- Default: `[format('rsg-{0}-ds', deployment().location)]` - -### Parameter: `deploymentScriptStorageAccountName` - -The name of the storage account for the deployment script. - -- Required: No -- Type: string -- Default: `[format('stgds{0}', substring(uniqueString(deployment().name, parameters('virtualNetworkLocation')), 0, 10))]` - -### Parameter: `deploymentScriptVirtualNetworkName` - -The name of the private virtual network for the deployment script. The string must consist of a-z, A-Z, 0-9, -, _, and . (period) and be between 2 and 64 characters in length. - -- Required: No -- Type: string -- Default: `[format('vnet-{0}', deployment().location)]` - -### Parameter: `enableTelemetry` - -Enable/Disable usage telemetry for module. - -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `existingSubscriptionId` - -An existing subscription ID. Use this when you do not want the module to create a new subscription. But do want to manage the management group membership. A subscription ID should be provided in the example format `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`. - -- Required: No -- Type: string -- Default: `''` - -### Parameter: `hubNetworkResourceId` - -The resource ID of the Virtual Network or Virtual WAN Hub in the hub to which the created Virtual Network, by this module, will be peered/connected to via Virtual Network Peering or a Virtual WAN Virtual Hub Connection.

    - -- Required: No -- Type: string -- Default: `''` - -### Parameter: `managementGroupAssociationDelayCount` - -The number of blank ARM deployments to create sequentially to introduce a delay to the Subscription being moved to the target Management Group being, if set, to allow for background platform RBAC inheritance to occur. - -- Required: No -- Type: int -- Default: `15` - -### Parameter: `resourceProviders` - -An object of resource providers and resource providers features to register. If left blank/empty, no resource providers will be registered.

    - -- Required: No -- Type: object -- Default: - ```Bicep - { - 'Microsoft.ApiManagement': [] - 'Microsoft.AppPlatform': [] - 'Microsoft.Authorization': [] - 'Microsoft.Automation': [] - 'Microsoft.AVS': [] - 'Microsoft.Blueprint': [] - 'Microsoft.BotService': [] - 'Microsoft.Cache': [] - 'Microsoft.Cdn': [] - 'Microsoft.CognitiveServices': [] - 'Microsoft.Compute': [] - 'Microsoft.ContainerInstance': [] - 'Microsoft.ContainerRegistry': [] - 'Microsoft.ContainerService': [] - 'Microsoft.CostManagement': [] - 'Microsoft.CustomProviders': [] - 'Microsoft.Databricks': [] - 'Microsoft.DataLakeAnalytics': [] - 'Microsoft.DataLakeStore': [] - 'Microsoft.DataMigration': [] - 'Microsoft.DataProtection': [] - 'Microsoft.DBforMariaDB': [] - 'Microsoft.DBforMySQL': [] - 'Microsoft.DBforPostgreSQL': [] - 'Microsoft.DesktopVirtualization': [] - 'Microsoft.Devices': [] - 'Microsoft.DevTestLab': [] - 'Microsoft.DocumentDB': [] - 'Microsoft.EventGrid': [] - 'Microsoft.EventHub': [] - 'Microsoft.GuestConfiguration': [] - 'Microsoft.HDInsight': [] - 'Microsoft.HealthcareApis': [] - 'microsoft.insights': [] - 'Microsoft.KeyVault': [] - 'Microsoft.Kusto': [] - 'Microsoft.Logic': [] - 'Microsoft.MachineLearningServices': [] - 'Microsoft.Maintenance': [] - 'Microsoft.ManagedIdentity': [] - 'Microsoft.ManagedServices': [] - 'Microsoft.Management': [] - 'Microsoft.Maps': [] - 'Microsoft.MarketplaceOrdering': [] - 'Microsoft.Media': [] - 'Microsoft.MixedReality': [] - 'Microsoft.Network': [] - 'Microsoft.NotificationHubs': [] - 'Microsoft.OperationalInsights': [] - 'Microsoft.OperationsManagement': [] - 'Microsoft.PolicyInsights': [] - 'Microsoft.PowerBIDedicated': [] - 'Microsoft.RecoveryServices': [] - 'Microsoft.Relay': [] - 'Microsoft.Resources': [] - 'Microsoft.Search': [] - 'Microsoft.Security': [] - 'Microsoft.SecurityInsights': [] - 'Microsoft.ServiceBus': [] - 'Microsoft.ServiceFabric': [] - 'Microsoft.Sql': [] - 'Microsoft.Storage': [] - 'Microsoft.StreamAnalytics': [] - 'Microsoft.Web': [] - } - ``` - -### Parameter: `roleAssignmentEnabled` - -Whether to create role assignments or not. If true, supply the array of role assignment objects in the parameter called `roleAssignments`.

    - -- Required: No -- Type: bool -- Default: `False` - -### Parameter: `roleAssignments` - -Supply an array of objects containing the details of the role assignments to create.

    Each object must contain the following `keys`:

  • `principalId` = The Object ID of the User, Group, SPN, Managed Identity to assign the RBAC role too.
  • `definition` = The Name of one of the pre-defined built-In RBAC Roles or a Resource ID of a Built-in or custom RBAC Role Definition as follows:

    - You can only provide the RBAC role name of the pre-defined roles (Contributor, Owner, Reader, Role Based Access Control Administrator (Preview), and User Access Administrator). We only provide those roles as they are the most common ones to assign to a new subscription, also to reduce the template size and complexity in case we define each and every Built-in RBAC role.

    - You can provide the Resource ID of a Built-in or custom RBAC Role Definition

    - e.g. `/providers/Microsoft.Authorization/roleDefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`

  • `relativeScope` = 2 options can be provided for input value:

    1. `''` *(empty string)* = Make RBAC Role Assignment to Subscription scope

    2. `'/resourceGroups/'` = Make RBAC Role Assignment to specified Resource Group.

    - -- Required: No -- Type: array -- Default: `[]` -- Example: - ```Bicep - [ - { - // Contributor role assignment at subscription scope - principalId: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' - definition: '/Contributor' - relativeScope: '' - } - { - // Owner role assignment at resource group scope - principalId: 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' - definition: '/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635' - relativeScope: '/resourceGroups/{resourceGroupName}' - } - ] - ``` - **Required parameters** | Parameter | Type | Description | | :-- | :-- | :-- | -| [`definition`](#parameter-roleassignmentsdefinition) | string | The role definition ID or name. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the user, group, or service principal. | -| [`relativeScope`](#parameter-roleassignmentsrelativescope) | string | The relative scope of the role assignment. | +| [`managementGroupId`](#parameter-managementGroupId) | string | The ID of management group to be used. | +| [`subscriptionIds`](#parameter-subscriptionIds) | array | An array of subscription IDs to be associated with management group ID. | **Optional parameters** -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`roleAssignmentCondition`](#parameter-roleassignmentsroleassignmentcondition) | object | The condition for the role assignment. | - -### Parameter: `roleAssignments.definition` - -The role definition ID or name. +There are no optional parameters associated with this module. -- Required: Yes -- Type: string - -### Parameter: `roleAssignments.principalId` - -The principal ID of the user, group, or service principal. - -- Required: Yes -- Type: string - -### Parameter: `roleAssignments.relativeScope` +### Parameter: `managementGroupId` -The relative scope of the role assignment. +The ID of Management Group used to be associated with defined subscription IDs -- Required: Yes +- Required: yes - Type: string +- Default: `' ' ` -### Parameter: `roleAssignments.roleAssignmentCondition` - -The condition for the role assignment. - -- Required: No -- Type: object - -**Optional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`conditionVersion`](#parameter-roleassignmentsroleassignmentconditionconditionversion) | string | The version of the condition template. | -| [`delegationCode`](#parameter-roleassignmentsroleassignmentconditiondelegationcode) | string | The code for a custom condition if no template is used. The user should supply their own custom code if the available templates are not matching their requirements. If a value is provided, this will overwrite any added template. All single quotes needs to be skipped using '. | -| [`roleConditionType`](#parameter-roleassignmentsroleassignmentconditionroleconditiontype) | object | The type of template for the role assignment condition. | - -### Parameter: `roleAssignments.roleAssignmentCondition.conditionVersion` - -The version of the condition template. - -- Required: No -- Type: string -- Allowed: - ```Bicep - [ - '2.0' - ] - ``` - -### Parameter: `roleAssignments.roleAssignmentCondition.delegationCode` - -The code for a custom condition if no template is used. The user should supply their own custom code if the available templates are not matching their requirements. If a value is provided, this will overwrite any added template. All single quotes needs to be skipped using '. - -- Required: No -- Type: string - -### Parameter: `roleAssignments.roleAssignmentCondition.roleConditionType` - -The type of template for the role assignment condition. - -- Required: No -- Type: object - -### Parameter: `subscriptionAliasEnabled` - -Whether to create a new Subscription using the Subscription Alias resource. If `false`, supply an existing Subscription''s ID in the parameter named `existingSubscriptionId` instead to deploy resources to an existing Subscription. - -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `subscriptionAliasName` - -The name of the Subscription Alias, that will be created by this module.

    The string must be comprised of `a-z`, `A-Z`, `0-9`, `-`, `_` and ` ` (space). The maximum length is 63 characters.

    > **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.

    - -- Required: No -- Type: string -- Default: `''` - -### Parameter: `subscriptionBillingScope` - -The Billing Scope for the new Subscription alias, that will be created by this module.

    A valid Billing Scope looks like `/providers/Microsoft.Billing/billingAccounts/{billingAccountName}/enrollmentAccounts/{enrollmentAccountName}` and is case sensitive.

    > **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.

    - -- Required: No -- Type: string -- Default: `''` +### Parameter: `subscriptionIds` -### Parameter: `subscriptionDisplayName` +A singular or array of subscription IDs to be associated with a given Management Group ID. -The name of the subscription alias. The string must be comprised of a-z, A-Z, 0-9, - and _. The maximum length is 63 characters.

    The string must be comprised of `a-z`, `A-Z`, `0-9`, `-`, `_` and ` ` (space). The maximum length is 63 characters.

    > The value for this parameter and the parameter named `subscriptionAliasName` are usually set to the same value for simplicity. But they can be different if required for a reason.

    > **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.

    - -- Required: No -- Type: string -- Default: `''` - -### Parameter: `subscriptionManagementGroupAssociationEnabled` - -Whether to move the Subscription to the specified Management Group supplied in the parameter `subscriptionManagementGroupId`.

    - -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `subscriptionManagementGroupId` - -The destination Management Group ID for the new Subscription that will be created by this module (or the existing one provided in the parameter `existingSubscriptionId`).

    **IMPORTANT:** Do not supply the display name of the Management Group. The Management Group ID forms part of the Azure Resource ID. e.g., `/providers/Microsoft.Management/managementGroups/{managementGroupId}`.

    - -- Required: No -- Type: string -- Default: `''` - -### Parameter: `subscriptionOwnerId` - -The Azure Active Directory principals object ID (GUID) to whom should be the Subscription Owner.

    > **Leave blank unless following this scenario only [Programmatically create MCA subscriptions across Azure Active Directory tenants](https://learn.microsoft.com/azure/cost-management-billing/manage/programmatically-create-subscription-microsoft-customer-agreement-across-tenants)**. - -- Required: No -- Type: string -- Default: `''` - -### Parameter: `subscriptionTags` - -An object of Tag key & value pairs to be appended to a Subscription.

    > **NOTE:** Tags will only be overwritten if existing tag exists with same key as provided in this parameter; values provided here win.

    - -- Required: No -- Type: object -- Default: `{}` - -### Parameter: `subscriptionTenantId` - -The Azure Active Directory Tenant ID (GUID) to which the Subscription should be attached to.

    > **Leave blank unless following this scenario only [Programmatically create MCA subscriptions across Azure Active Directory tenants](https://learn.microsoft.com/azure/cost-management-billing/manage/programmatically-create-subscription-microsoft-customer-agreement-across-tenants)**. - -- Required: No -- Type: string -- Default: `''` - -### Parameter: `subscriptionWorkload` - -The workload type can be either `Production` or `DevTest` and is case sensitive.

    > **Not required when providing an existing Subscription ID via the parameter `existingSubscriptionId`**.

    - -- Required: No -- Type: string -- Default: `'Production'` -- Allowed: - ```Bicep - [ - 'DevTest' - 'Production' - ] - ``` - -### Parameter: `vHubRoutingIntentEnabled` - -Indicates whether routing intent is enabled on the Virtual Hub within the Virtual WAN.

    - -- Required: No -- Type: bool -- Default: `False` - -### Parameter: `virtualNetworkAddressSpace` - -The address space of the Virtual Network that will be created by this module, supplied as multiple CIDR blocks in an array, e.g. `["10.0.0.0/16","172.16.0.0/12"]`. - -- Required: No +- Required: yes - Type: array -- Default: `[]` - -### Parameter: `virtualNetworkDdosPlanResourceId` - -The resource ID of an existing DDoS Network Protection Plan that you wish to link to this Virtual Network.

    - -- Required: No -- Type: string -- Default: `''` - -### Parameter: `virtualNetworkDeploymentScriptAddressPrefix` - -The address prefix of the private virtual network for the deployment script. - -- Required: No -- Type: string -- Default: `'192.168.0.0/24'` - -### Parameter: `virtualNetworkDnsServers` - -The custom DNS servers to use on the Virtual Network, e.g. `["10.4.1.4", "10.2.1.5"]`. If left empty (default) then Azure DNS will be used for the Virtual Network.

    - -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `virtualNetworkEnabled` - -Whether to create a Virtual Network or not.

    If set to `true` ensure you also provide values for the following parameters at a minimum:

  • `virtualNetworkResourceGroupName`
  • `virtualNetworkResourceGroupLockEnabled`
  • `virtualNetworkLocation`
  • `virtualNetworkName`
  • `virtualNetworkAddressSpace`

    > Other parameters may need to be set based on other parameters that you enable that are listed above. Check each parameters documentation for further information.

    - -- Required: No -- Type: bool -- Default: `False` - -### Parameter: `virtualNetworkLocation` - -The location of the virtual network. Use region shortnames e.g. `uksouth`, `eastus`, etc. Defaults to the region where the ARM/Bicep deployment is targeted to unless overridden.

    +- Default: `[ ]` -- Required: No -- Type: string -- Default: `[deployment().location]` - -### Parameter: `virtualNetworkName` - -The name of the virtual network. The string must consist of a-z, A-Z, 0-9, -, _, and . (period) and be between 2 and 64 characters in length.

    - -- Required: No -- Type: string - -### Parameter: `virtualNetworkPeeringEnabled` - -Whether to enable peering/connection with the supplied hub Virtual Network or Virtual WAN Virtual Hub.

    - -- Required: No -- Type: bool -- Default: `False` - -### Parameter: `virtualNetworkResourceGroupLockEnabled` - -Enables the deployment of a `CanNotDelete` resource locks to the Virtual Networks Resource Group that is created by this module.

    - -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `virtualNetworkResourceGroupName` - -The name of the Resource Group to create the Virtual Network in that is created by this module.

    - -- Required: No -- Type: string -- Default: `''` - -### Parameter: `virtualNetworkResourceGroupTags` - -An object of Tag key & value pairs to be appended to the Resource Group that the Virtual Network is created in.

    > **NOTE:** Tags will only be overwritten if existing tag exists with same key as provided in this parameter; values provided here win.

    - -- Required: No -- Type: object -- Default: `{}` - -### Parameter: `virtualNetworkTags` - -An object of tag key/value pairs to be set on the Virtual Network that is created.

    > **NOTE:** Tags will be overwritten on resource if any exist already.

    - -- Required: No -- Type: object -- Default: `{}` - -### Parameter: `virtualNetworkUseRemoteGateways` - -Enables the use of remote gateways in the specified hub virtual network.

    > **IMPORTANT:** If no gateways exist in the hub virtual network, set this to `false`, otherwise peering will fail to create.

    - -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `virtualNetworkVwanAssociatedRouteTableResourceId` - -The resource ID of the virtual hub route table to associate to the virtual hub connection (this virtual network). If left blank/empty the `defaultRouteTable` will be associated.

    - -- Required: No -- Type: string -- Default: `''` - -### Parameter: `virtualNetworkVwanEnableInternetSecurity` - -Enables the ability for the Virtual WAN Hub Connection to learn the default route 0.0.0.0/0 from the Hub.

    - -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `virtualNetworkVwanPropagatedLabels` - -An array of virtual hub route table labels to propagate routes to. If left blank/empty the default label will be propagated to only.

    - -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `virtualNetworkVwanPropagatedRouteTablesResourceIds` - -An array of of objects of virtual hub route table resource IDs to propagate routes to. If left blank/empty the `defaultRouteTable` will be propagated to only.

    Each object must contain the following `key`:

  • `id` = The Resource ID of the Virtual WAN Virtual Hub Route Table IDs you wish to propagate too

    > **IMPORTANT:** If you provide any Route Tables in this array of objects you must ensure you include also the `defaultRouteTable` Resource ID as an object in the array as it is not added by default when a value is provided for this parameter.

    - -- Required: No -- Type: array -- Default: `[]` - -## Outputs - -| Output | Type | Description | -| :-- | :-- | :-- | -| `failedResourceProviders` | string | The resource providers that failed to register. | -| `failedResourceProvidersFeatures` | string | The resource providers features that failed to register. | -| `subscriptionAcceptOwnershipState` | string | The Subscription Owner State. Only used when creating MCA Subscriptions across tenants. | -| `subscriptionAcceptOwnershipUrl` | string | The Subscription Ownership URL. Only used when creating MCA Subscriptions across tenants. | -| `subscriptionId` | string | The Subscription ID that has been created or provided. | -| `subscriptionResourceId` | string | The Subscription Resource ID that has been created or provided. | - -## Cross-referenced modules - -This section gives you an overview of all local-referenced module files (i.e., other modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). - -| Reference | Type | -| :-- | :-- | -| `br/public:avm/ptn/authorization/role-assignment:0.1.1` | Remote reference | -| `br/public:avm/res/managed-identity/user-assigned-identity:0.2.2` | Remote reference | -| `br/public:avm/res/network/network-security-group:0.3.0` | Remote reference | -| `br/public:avm/res/network/virtual-network:0.5.0` | Remote reference | -| `br/public:avm/res/resources/deployment-script:0.2.3` | Remote reference | -| `br/public:avm/res/resources/resource-group:0.2.4` | Remote reference | -| `br/public:avm/res/storage/storage-account:0.9.1` | Remote reference | ## Data Collection From 1d408390adeef22fabb732ae08f47dad08d8e646 Mon Sep 17 00:00:00 2001 From: Nicky Griffin Date: Mon, 2 Dec 2024 16:28:21 +0000 Subject: [PATCH 08/64] add further descriptors and outputs --- avm/ptn/lz/sub-placement/main.bicep | 10 +++++++--- avm/ptn/lz/sub-placement/modules/helper.bicep | 15 ++++++++++++--- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/avm/ptn/lz/sub-placement/main.bicep b/avm/ptn/lz/sub-placement/main.bicep index 9581c4ab3f..7f1002b667 100644 --- a/avm/ptn/lz/sub-placement/main.bicep +++ b/avm/ptn/lz/sub-placement/main.bicep @@ -4,14 +4,15 @@ metadata owner = 'Azure/module-maintainers' targetScope = 'tenant' -@description('Type definition for management group child containing management group ID and subscription IDs.') +@description('Required. Type definition for management group child containing management group ID and subscription IDs.') type typMgChild = { - @description('The ID of the management group.') + @description('Required.The ID of the management group.') managementGroupId: string - @description('The list of subscription IDs.') + @description('Required.The list of subscription IDs.') subscriptionIds: string[] }[] +@description('Required. A UDR used to define as many objects as required to configure the appropriate Management Group ID to Subscription ID(s) association.') param parSubscriptionPlacement typMgChild = [ { managementGroupId: 'Group1' @@ -32,3 +33,6 @@ module customsubscriptionPlacement './modules/helper.bicep' = [ } } ] + +@description('Output of number of management groups that have been configured with subscription placements ') +output subscriptionPlacementSummary string = 'Subscription placements have been configured for ${length(parSubscriptionPlacement)} management groups.' diff --git a/avm/ptn/lz/sub-placement/modules/helper.bicep b/avm/ptn/lz/sub-placement/modules/helper.bicep index 7697bae176..0a82fb1f30 100644 --- a/avm/ptn/lz/sub-placement/modules/helper.bicep +++ b/avm/ptn/lz/sub-placement/modules/helper.bicep @@ -5,6 +5,15 @@ param managementGroupId string @description('The list of subscription IDs.') param subscriptionIds array -resource customsubscriptionPlacement 'Microsoft.Management/managementGroups/subscriptions@2023-04-01' = [for (subscription,i) in subscriptionIds: { - name: '${managementGroupId}/${subscription}' -}] +resource customsubscriptionPlacement 'Microsoft.Management/managementGroups/subscriptions@2023-04-01' = [ + for (subscription, i) in subscriptionIds: { + name: '${managementGroupId}/${subscription}' + } +] + +@description('Output of the subscription placements.') +output subscriptionPlacements array = [ + for (subscription, i) in subscriptionIds: { + name: '${managementGroupId}/${subscription}' + } +] From 2f534bd10cc48aa19933e45d087d06e5445066e1 Mon Sep 17 00:00:00 2001 From: Nicky Griffin Date: Mon, 2 Dec 2024 16:40:35 +0000 Subject: [PATCH 09/64] update main.test.bicep with static validation recommendations --- .../tests/e2e/defaults/main.test.bicep | 20 +++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/avm/ptn/lz/sub-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/lz/sub-placement/tests/e2e/defaults/main.test.bicep index 6775805ce1..9159cb9ac5 100644 --- a/avm/ptn/lz/sub-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/lz/sub-placement/tests/e2e/defaults/main.test.bicep @@ -1,17 +1,29 @@ +metadata name = 'Using only defaults.' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '#_namePrefix_#' + +@description('Optional. A short guid for the subscription name.') +param subscriptionGuid string = ' ' + targetScope = 'tenant' // ============== // // Test Execution // // ============== // -module testSubPlacement '../../../main.bicep' = { - name: 'testSubPlacement' +module testDeployment '../../../main.bicep' = { + name: 'ALZ-test-subPlacement' params: { parSubscriptionPlacement: [ { - managementGroupId: '' - subscriptionIds: [] + managementGroupId: namePrefix + subscriptionIds: ['${subscriptionGuid}'] } ] } } + +@description('This output retrieves the subscription placement summary from the test deployment outputs.') +output subscriptionPlacementSummary string = testDeployment.outputs.subscriptionPlacementSummary From a644714f17adeb86ef6f4bba3953de7a748e2748 Mon Sep 17 00:00:00 2001 From: Nicky Griffin Date: Mon, 2 Dec 2024 16:55:39 +0000 Subject: [PATCH 10/64] error resolution from static validation tests --- avm/ptn/lz/sub-placement/main.bicep | 1 - avm/ptn/lz/sub-placement/modules/helper.bicep | 2 +- .../lz/sub-placement/tests/e2e/defaults/main.test.bicep | 7 +++++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/avm/ptn/lz/sub-placement/main.bicep b/avm/ptn/lz/sub-placement/main.bicep index 7f1002b667..40d2f45e9c 100644 --- a/avm/ptn/lz/sub-placement/main.bicep +++ b/avm/ptn/lz/sub-placement/main.bicep @@ -12,7 +12,6 @@ type typMgChild = { subscriptionIds: string[] }[] -@description('Required. A UDR used to define as many objects as required to configure the appropriate Management Group ID to Subscription ID(s) association.') param parSubscriptionPlacement typMgChild = [ { managementGroupId: 'Group1' diff --git a/avm/ptn/lz/sub-placement/modules/helper.bicep b/avm/ptn/lz/sub-placement/modules/helper.bicep index 0a82fb1f30..0a3670d314 100644 --- a/avm/ptn/lz/sub-placement/modules/helper.bicep +++ b/avm/ptn/lz/sub-placement/modules/helper.bicep @@ -11,7 +11,7 @@ resource customsubscriptionPlacement 'Microsoft.Management/managementGroups/subs } ] -@description('Output of the subscription placements.') +@description('Output of the Management Group and Subscription Resource ID placements.') output subscriptionPlacements array = [ for (subscription, i) in subscriptionIds: { name: '${managementGroupId}/${subscription}' diff --git a/avm/ptn/lz/sub-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/lz/sub-placement/tests/e2e/defaults/main.test.bicep index 9159cb9ac5..c042f68922 100644 --- a/avm/ptn/lz/sub-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/lz/sub-placement/tests/e2e/defaults/main.test.bicep @@ -1,20 +1,23 @@ metadata name = 'Using only defaults.' metadata description = 'This instance deploys the module with the minimum set of required parameters.' +targetScope = 'tenant' + @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' @description('Optional. A short guid for the subscription name.') param subscriptionGuid string = ' ' -targetScope = 'tenant' +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'subpl' // ============== // // Test Execution // // ============== // module testDeployment '../../../main.bicep' = { - name: 'ALZ-test-subPlacement' + name: '${namePrefix}-test-${serviceShort}' params: { parSubscriptionPlacement: [ { From 1b4bffc2b543289e1f574b093ca165de9cf00c0e Mon Sep 17 00:00:00 2001 From: Nicky Griffin Date: Mon, 2 Dec 2024 17:20:23 +0000 Subject: [PATCH 11/64] resolve static validation issues --- avm/ptn/lz/sub-placement/main.bicep | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/avm/ptn/lz/sub-placement/main.bicep b/avm/ptn/lz/sub-placement/main.bicep index 40d2f45e9c..92b9988da3 100644 --- a/avm/ptn/lz/sub-placement/main.bicep +++ b/avm/ptn/lz/sub-placement/main.bicep @@ -12,6 +12,7 @@ type typMgChild = { subscriptionIds: string[] }[] +@description('Required. Type definition for management group child containing management group ID and subscription IDs.') param parSubscriptionPlacement typMgChild = [ { managementGroupId: 'Group1' @@ -33,5 +34,5 @@ module customsubscriptionPlacement './modules/helper.bicep' = [ } ] -@description('Output of number of management groups that have been configured with subscription placements ') +@description('Output of number of management groups that have been configured with subscription placements.') output subscriptionPlacementSummary string = 'Subscription placements have been configured for ${length(parSubscriptionPlacement)} management groups.' From 8c8e65971c7457f54824eee1aac863663544c2d3 Mon Sep 17 00:00:00 2001 From: Nicky Griffin Date: Mon, 9 Dec 2024 16:27:47 +0000 Subject: [PATCH 12/64] add telemetry --- avm/ptn/lz/sub-placement/main.bicep | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/avm/ptn/lz/sub-placement/main.bicep b/avm/ptn/lz/sub-placement/main.bicep index 92b9988da3..6ccd8d44b7 100644 --- a/avm/ptn/lz/sub-placement/main.bicep +++ b/avm/ptn/lz/sub-placement/main.bicep @@ -24,6 +24,32 @@ param parSubscriptionPlacement typMgChild = [ } ] +@description('Optional. Location for all resources.') +param location string = deployment().location + +@description('Optional. Enable/Disable usage telemetry for module.') +param enableTelemetry bool = true + +#disable-next-line no-deployments-resources +resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableTelemetry) { + name: '46d3xbcp.ptn.lz-subplacement.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}' + location: location + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + outputs: { + telemetry: { + type: 'String' + value: 'For more information, see https://aka.ms/avm/TelemetryInfo' + } + } + } + } +} + module customsubscriptionPlacement './modules/helper.bicep' = [ for (subscriptionPlacement, index) in parSubscriptionPlacement: { name: 'subPlacement${index}' From ff10561e933781b91a1ddbc077a50ea866eb9ea2 Mon Sep 17 00:00:00 2001 From: Nicky Griffin Date: Mon, 9 Dec 2024 16:47:45 +0000 Subject: [PATCH 13/64] update code owners file --- .github/CODEOWNERS | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 07dc4dad77..217c96e503 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -27,6 +27,7 @@ /avm/ptn/dev-ops/cicd-agents-and-runners/ @Azure/avm-ptn-devops-cicdagentsandrunners-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/finops-toolkit/finops-hub/ @Azure/avm-ptn-finopstoolkit-finopshub-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/lz/sub-vending/ @Azure/avm-ptn-lz-subvending-module-owners-bicep @Azure/avm-module-reviewers-bicep +/avm/ptn/lz/sub-placement/ @Azure/avm-ptn-lz-subplacement-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/network/hub-networking/ @Azure/avm-ptn-network-hubnetworking-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/network/private-link-private-dns-zones/ @Azure/avm-ptn-network-privatelinkprivatednszones-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/policy-insights/remediation/ @Azure/avm-ptn-policyinsights-remediation-module-owners-bicep @Azure/avm-module-reviewers-bicep From 503cd680f43a55823b703c606bb76fc4aed167c7 Mon Sep 17 00:00:00 2001 From: Nicky Griffin Date: Mon, 9 Dec 2024 17:00:10 +0000 Subject: [PATCH 14/64] update serviceshort param --- avm/ptn/lz/sub-placement/tests/e2e/defaults/main.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/avm/ptn/lz/sub-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/lz/sub-placement/tests/e2e/defaults/main.test.bicep index c042f68922..e639e45496 100644 --- a/avm/ptn/lz/sub-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/lz/sub-placement/tests/e2e/defaults/main.test.bicep @@ -10,7 +10,7 @@ param namePrefix string = '#_namePrefix_#' param subscriptionGuid string = ' ' @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') -param serviceShort string = 'subpl' +param serviceShort string = 'subplmin' // ============== // // Test Execution // From bc72d608c78393d5e00e948e1308922a1039827b Mon Sep 17 00:00:00 2001 From: Nicky Griffin Date: Mon, 9 Dec 2024 17:02:19 +0000 Subject: [PATCH 15/64] change UDT Description --- avm/ptn/lz/sub-placement/main.bicep | 1 - 1 file changed, 1 deletion(-) diff --git a/avm/ptn/lz/sub-placement/main.bicep b/avm/ptn/lz/sub-placement/main.bicep index 6ccd8d44b7..98a9e6c9df 100644 --- a/avm/ptn/lz/sub-placement/main.bicep +++ b/avm/ptn/lz/sub-placement/main.bicep @@ -4,7 +4,6 @@ metadata owner = 'Azure/module-maintainers' targetScope = 'tenant' -@description('Required. Type definition for management group child containing management group ID and subscription IDs.') type typMgChild = { @description('Required.The ID of the management group.') managementGroupId: string From 6b0a71088713fc0c30cc028b02473b50ccb0738a Mon Sep 17 00:00:00 2001 From: Nicky Griffin Date: Mon, 9 Dec 2024 17:17:48 +0000 Subject: [PATCH 16/64] update main.json --- avm/ptn/lz/sub-placement/main.json | 179 +++++++++++++++++++++++++---- 1 file changed, 156 insertions(+), 23 deletions(-) diff --git a/avm/ptn/lz/sub-placement/main.json b/avm/ptn/lz/sub-placement/main.json index 75127387a3..c6b0202f45 100644 --- a/avm/ptn/lz/sub-placement/main.json +++ b/avm/ptn/lz/sub-placement/main.json @@ -1,50 +1,183 @@ { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { + "_generator": { + "name": "bicep", + "version": "0.31.92.45157", + "templateHash": "7040892232274995299" + }, "name": "subscription-placement", - "description": "This module allows for placement of subscriptions to management groups", + "description": "This module allows for placement of subscriptions to management groups ", "owner": "Azure/module-maintainers" }, - "targetScope": "tenant", + "definitions": { + "typMgChild": { + "type": "array", + "items": { + "type": "object", + "properties": { + "managementGroupId": { + "type": "string", + "metadata": { + "description": "Required.The ID of the management group." + } + }, + "subscriptionIds": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required.The list of subscription IDs." + } + } + } + } + } + }, "parameters": { "parSubscriptionPlacement": { - "type": "array", - "metadata": { - "description": "Type definition for management group child containing management group ID and subscription IDs." - }, + "$ref": "#/definitions/typMgChild", "defaultValue": [ { "managementGroupId": "Group1", - "subscriptionIds": ["SUBID1", "SUBID2"] + "subscriptionIds": [ + "SUBID1", + "SUBID2" + ] }, { "managementGroupId": "Group2", - "subscriptionIds": ["SUBID3"] + "subscriptionIds": [ + "SUBID3" + ] } - ] + ], + "metadata": { + "description": "Required. Type definition for management group child containing management group ID and subscription IDs." + } + }, + "location": { + "type": "string", + "defaultValue": "[deployment().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } } }, - "resources": [ - { - "name": "[format('subPlacement{0}', copyIndex())]", + "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", + "apiVersion": "2024-03-01", + "name": "[format('46d3xbcp.ptn.lz-subplacement.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "location": "[parameters('location')]", "properties": { "mode": "Incremental", - "templateLink": { - "uri": "./modules/helper.bicep", - "contentVersion": "1.0.0.0" - }, - "parameters": { - "managementGroupId": "[copyIndex().managementGroupId]", - "subscriptionIds": "[copyIndex().subscriptionIds]" + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } } - }, + } + }, + "customsubscriptionPlacement": { "copy": { "name": "customsubscriptionPlacement", "count": "[length(parameters('parSubscriptionPlacement'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('subPlacement{0}', copyIndex())]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "managementGroupId": { + "value": "[parameters('parSubscriptionPlacement')[copyIndex()].managementGroupId]" + }, + "subscriptionIds": { + "value": "[parameters('parSubscriptionPlacement')[copyIndex()].subscriptionIds]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.31.92.45157", + "templateHash": "5373369794784532806" + } + }, + "parameters": { + "managementGroupId": { + "type": "string", + "metadata": { + "description": "The ID of the management group." + } + }, + "subscriptionIds": { + "type": "array", + "metadata": { + "description": "The list of subscription IDs." + } + } + }, + "resources": [ + { + "copy": { + "name": "customsubscriptionPlacement", + "count": "[length(parameters('subscriptionIds'))]" + }, + "type": "Microsoft.Management/managementGroups/subscriptions", + "apiVersion": "2023-04-01", + "name": "[format('{0}/{1}', parameters('managementGroupId'), parameters('subscriptionIds')[copyIndex()])]" + } + ], + "outputs": { + "subscriptionPlacements": { + "type": "array", + "metadata": { + "description": "Output of the Management Group and Subscription Resource ID placements." + }, + "copy": { + "count": "[length(parameters('subscriptionIds'))]", + "input": { + "name": "[format('{0}/{1}', parameters('managementGroupId'), parameters('subscriptionIds')[copyIndex()])]" + } + } + } + } + } } } - ] + }, + "outputs": { + "subscriptionPlacementSummary": { + "type": "string", + "metadata": { + "description": "Output of number of management groups that have been configured with subscription placements." + }, + "value": "[format('Subscription placements have been configured for {0} management groups.', length(parameters('parSubscriptionPlacement')))]" + } + } } From dfd9508a7f6ba3038ea1989c2d8cc7996ad2bfe6 Mon Sep 17 00:00:00 2001 From: Nicky Griffin Date: Mon, 9 Dec 2024 17:33:21 +0000 Subject: [PATCH 17/64] dir restructure --- ...nt.yml => avm.ptn.mgmtgroup-subscriptionplacement.yml} | 8 ++++---- .../subscription-placement}/README.md | 0 .../subscription-placement}/main.bicep | 2 +- .../subscription-placement}/main.json | 0 .../subscription-placement}/modules/helper.bicep | 0 .../tests/e2e/defaults/main.test.bicep | 0 .../subscription-placement}/version.json | 0 7 files changed, 5 insertions(+), 5 deletions(-) rename .github/workflows/{avm.ptn.lz.sub-placement.yml => avm.ptn.mgmtgroup-subscriptionplacement.yml} (90%) rename avm/ptn/{lz/sub-placement => mgmt-groups/subscription-placement}/README.md (100%) rename avm/ptn/{lz/sub-placement => mgmt-groups/subscription-placement}/main.bicep (93%) rename avm/ptn/{lz/sub-placement => mgmt-groups/subscription-placement}/main.json (100%) rename avm/ptn/{lz/sub-placement => mgmt-groups/subscription-placement}/modules/helper.bicep (100%) rename avm/ptn/{lz/sub-placement => mgmt-groups/subscription-placement}/tests/e2e/defaults/main.test.bicep (100%) rename avm/ptn/{lz/sub-placement => mgmt-groups/subscription-placement}/version.json (100%) diff --git a/.github/workflows/avm.ptn.lz.sub-placement.yml b/.github/workflows/avm.ptn.mgmtgroup-subscriptionplacement.yml similarity index 90% rename from .github/workflows/avm.ptn.lz.sub-placement.yml rename to .github/workflows/avm.ptn.mgmtgroup-subscriptionplacement.yml index 0b27dc990e..df51fbb27a 100644 --- a/.github/workflows/avm.ptn.lz.sub-placement.yml +++ b/.github/workflows/avm.ptn.mgmtgroup-subscriptionplacement.yml @@ -1,4 +1,4 @@ -name: "avm.ptn.lz.sub-placement" +name: "avm.ptn.mgmtgroup-subscriptionplacement" on: workflow_dispatch: @@ -24,15 +24,15 @@ on: paths: - ".github/actions/templates/avm-**" - ".github/workflows/avm.template.module.yml" - - ".github/workflows/avm.ptn.lz.sub-placement" + - ".github/workflows/avm.ptn.mgmtgroup-subscriptionplacement.yml" - "avm/ptn/lz/sub-placement/**" - "avm/utilities/pipelines/**" - "!avm/utilities/pipelines/platform/**" - "!*/**/README.md" env: - modulePath: "avm/ptn/lz/sub-placement" - workflowPath: ".github/workflows/avm.ptn.lz.sub-placement.yml" + modulePath: "avm/ptn/mgmt-groups/subscription-placement" + workflowPath: ".github/workflows/avm.ptn.mgmtgroup-subscriptionplacement.yml" concurrency: group: ${{ github.workflow }} diff --git a/avm/ptn/lz/sub-placement/README.md b/avm/ptn/mgmt-groups/subscription-placement/README.md similarity index 100% rename from avm/ptn/lz/sub-placement/README.md rename to avm/ptn/mgmt-groups/subscription-placement/README.md diff --git a/avm/ptn/lz/sub-placement/main.bicep b/avm/ptn/mgmt-groups/subscription-placement/main.bicep similarity index 93% rename from avm/ptn/lz/sub-placement/main.bicep rename to avm/ptn/mgmt-groups/subscription-placement/main.bicep index 98a9e6c9df..aa4aaa2aa0 100644 --- a/avm/ptn/lz/sub-placement/main.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/main.bicep @@ -31,7 +31,7 @@ param enableTelemetry bool = true #disable-next-line no-deployments-resources resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableTelemetry) { - name: '46d3xbcp.ptn.lz-subplacement.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}' + name: '46d3xbcp.ptn.mgmtgroup-subplacement.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}' location: location properties: { mode: 'Incremental' diff --git a/avm/ptn/lz/sub-placement/main.json b/avm/ptn/mgmt-groups/subscription-placement/main.json similarity index 100% rename from avm/ptn/lz/sub-placement/main.json rename to avm/ptn/mgmt-groups/subscription-placement/main.json diff --git a/avm/ptn/lz/sub-placement/modules/helper.bicep b/avm/ptn/mgmt-groups/subscription-placement/modules/helper.bicep similarity index 100% rename from avm/ptn/lz/sub-placement/modules/helper.bicep rename to avm/ptn/mgmt-groups/subscription-placement/modules/helper.bicep diff --git a/avm/ptn/lz/sub-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep similarity index 100% rename from avm/ptn/lz/sub-placement/tests/e2e/defaults/main.test.bicep rename to avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep diff --git a/avm/ptn/lz/sub-placement/version.json b/avm/ptn/mgmt-groups/subscription-placement/version.json similarity index 100% rename from avm/ptn/lz/sub-placement/version.json rename to avm/ptn/mgmt-groups/subscription-placement/version.json From 60e7f91794d9eedf7bfb39a14bfe1e5792bc9e73 Mon Sep 17 00:00:00 2001 From: Nicky Griffin Date: Mon, 9 Dec 2024 18:06:51 +0000 Subject: [PATCH 18/64] update codeowners --- .github/CODEOWNERS | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 217c96e503..07dc4dad77 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -27,7 +27,6 @@ /avm/ptn/dev-ops/cicd-agents-and-runners/ @Azure/avm-ptn-devops-cicdagentsandrunners-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/finops-toolkit/finops-hub/ @Azure/avm-ptn-finopstoolkit-finopshub-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/lz/sub-vending/ @Azure/avm-ptn-lz-subvending-module-owners-bicep @Azure/avm-module-reviewers-bicep -/avm/ptn/lz/sub-placement/ @Azure/avm-ptn-lz-subplacement-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/network/hub-networking/ @Azure/avm-ptn-network-hubnetworking-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/network/private-link-private-dns-zones/ @Azure/avm-ptn-network-privatelinkprivatednszones-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/policy-insights/remediation/ @Azure/avm-ptn-policyinsights-remediation-module-owners-bicep @Azure/avm-module-reviewers-bicep From 3f71f9dc32949defe2302f777b299e06882ac0b7 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 12 Dec 2024 00:39:51 -0600 Subject: [PATCH 19/64] Update file structure --- .../subscription-placement/README.md | 132 +++++++++++------- .../subscription-placement/main.bicep | 30 ++-- .../subscription-placement/main.json | 16 +-- 3 files changed, 111 insertions(+), 67 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/README.md b/avm/ptn/mgmt-groups/subscription-placement/README.md index 0bb2c95d28..7574d417df 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/README.md +++ b/avm/ptn/mgmt-groups/subscription-placement/README.md @@ -1,19 +1,20 @@ -# Sub-Placement `[Lz/SubPlacement]` +# subscription-placement `[MgmtGroups/SubscriptionPlacement]` -This module allows for a hierarchical configuration of subscriptions to management group placement within an Azure tenant. +This module allows for placement of subscriptions to management groups ## Navigation - [Resource Types](#Resource-Types) - [Usage examples](#Usage-examples) - [Parameters](#Parameters) +- [Outputs](#Outputs) - [Data Collection](#Data-Collection) ## Resource Types | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Management/managementGroups/subscriptions` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Management/managementgroups/subscriptions) | +| `Microsoft.Management/managementGroups/subscriptions` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Management/2023-04-01/managementGroups/subscriptions) | ## Usage examples @@ -21,7 +22,7 @@ The following section provides usage examples for the module, which were used to >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. ->**Note**: To reference the module, please use the following syntax `br/public:avm/ptn/lz/sub-placement:`. +>**Note**: To reference the module, please use the following syntax `br/public:avm/ptn/mgmt-groups/subscription-placement:`. - [Using only defaults.](#example-1-using-only-defaults) @@ -29,26 +30,19 @@ The following section provides usage examples for the module, which were used to This instance deploys the module with the minimum set of required parameters. +

    via Bicep module ```bicep -module subPlacement 'br/public:avm/ptn/lz/sub-placement:' = { - name: 'subPlacementDeployment' +module subscriptionPlacement 'br/public:avm/ptn/mgmt-groups/subscription-placement:' = { + name: 'subscriptionPlacementDeployment' params: { parSubscriptionPlacement: [ { - managementGroupId: 'Group1' - subscriptionIds: ['SubID1', 'SubID2'] - } - { - managementGroupId: 'Group2' - subscriptionIds: ['SubID3'] - } - { - managementGroupId: 'Group3' - subscriptionIds: [] + managementGroupId: '' + subscriptionIds: '' } ] } @@ -68,18 +62,10 @@ module subPlacement 'br/public:avm/ptn/lz/sub-placement:' = { "contentVersion": "1.0.0.0", "parameters": { "parSubscriptionPlacement": { - [ + "value": [ { - "managementGroupId": "Group1", - "subscriptionIds": ["SUBID1", "SUBID2"] - }, - { - "managementGroupId": "Group2", - "subscriptionIds": ["SUBID3"] - }, - { - "managementGroupId": "Group3", - "subscriptionIds": [] + "managementGroupId": "", + "subscriptionIds": "" } ] } @@ -87,7 +73,6 @@ module subPlacement 'br/public:avm/ptn/lz/sub-placement:' = { } ``` -

    @@ -96,20 +81,12 @@ module subPlacement 'br/public:avm/ptn/lz/sub-placement:' = {

    via Bicep parameters file ```bicep-params -using 'br/public:avm/ptn/lz/sub-placement:' +using 'br/public:avm/ptn/mgmt-groups/subscription-placement:' -param parSubscriptionPlacement typMgChild = [ - { - managementGroupId: 'Group1' - subscriptionIds: ['SUBID1', 'SUBID2'] - }, +param parSubscriptionPlacement = [ { - managementGroupId: 'Group2' - subscriptionIds: ['SUBID3'] - }, - { - managementGroupId: 'Group3' - subscriptionIds: [] + managementGroupId: '' + subscriptionIds: '' } ] ``` @@ -123,29 +100,82 @@ param parSubscriptionPlacement typMgChild = [ | Parameter | Type | Description | | :-- | :-- | :-- | -| [`managementGroupId`](#parameter-managementGroupId) | string | The ID of management group to be used. | -| [`subscriptionIds`](#parameter-subscriptionIds) | array | An array of subscription IDs to be associated with management group ID. | +| [`parSubscriptionPlacement`](#parameter-parsubscriptionplacement) | array | Type definition for management group child containing management group ID and subscription IDs. | **Optional parameters** -There are no optional parameters associated with this module. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`location`](#parameter-location) | string | Location for all resources. | + +### Parameter: `parSubscriptionPlacement` + +Type definition for management group child containing management group ID and subscription IDs. + +- Required: No +- Type: array +- Default: + ```Bicep + [ + { + managementGroupId: 'Group1' + subscriptionIds: [ + 'SUBID1' + 'SUBID2' + ] + } + { + managementGroupId: 'Group2' + subscriptionIds: [ + 'SUBID3' + ] + } + ] + ``` + +**Required parameters** -### Parameter: `managementGroupId` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`managementGroupId`](#parameter-parsubscriptionplacementmanagementgroupid) | string | The ID of the management group. | +| [`subscriptionIds`](#parameter-parsubscriptionplacementsubscriptionids) | array | The list of subscription IDs. | -The ID of Management Group used to be associated with defined subscription IDs +### Parameter: `parSubscriptionPlacement.managementGroupId` -- Required: yes +The ID of the management group. + +- Required: Yes - Type: string -- Default: `' ' ` -### Parameter: `subscriptionIds` +### Parameter: `parSubscriptionPlacement.subscriptionIds` -A singular or array of subscription IDs to be associated with a given Management Group ID. +The list of subscription IDs. -- Required: yes +- Required: Yes - Type: array -- Default: `[ ]` +### Parameter: `enableTelemetry` + +Enable/Disable usage telemetry for module. + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. + +- Required: No +- Type: string +- Default: `[deployment().location]` + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `subscriptionPlacementSummary` | string | Output of number of management groups that have been configured with subscription placements. | ## Data Collection diff --git a/avm/ptn/mgmt-groups/subscription-placement/main.bicep b/avm/ptn/mgmt-groups/subscription-placement/main.bicep index aa4aaa2aa0..eaaed8fe60 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/main.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/main.bicep @@ -1,15 +1,12 @@ +targetScope = 'tenant' + metadata name = 'subscription-placement' metadata description = 'This module allows for placement of subscriptions to management groups ' metadata owner = 'Azure/module-maintainers' -targetScope = 'tenant' - -type typMgChild = { - @description('Required.The ID of the management group.') - managementGroupId: string - @description('Required.The list of subscription IDs.') - subscriptionIds: string[] -}[] +// ------------------ +// PARAMETERS +// ------------------ @description('Required. Type definition for management group child containing management group ID and subscription IDs.') param parSubscriptionPlacement typMgChild = [ @@ -59,5 +56,22 @@ module customsubscriptionPlacement './modules/helper.bicep' = [ } ] + +// =============== // +// Outputs // +// =============== // + @description('Output of number of management groups that have been configured with subscription placements.') output subscriptionPlacementSummary string = 'Subscription placements have been configured for ${length(parSubscriptionPlacement)} management groups.' + + +// =============== // +// Definitions // +// =============== // + +type typMgChild = { + @description('Required. The ID of the management group.') + managementGroupId: string + @description('Required. The list of subscription IDs.') + subscriptionIds: string[] +}[] diff --git a/avm/ptn/mgmt-groups/subscription-placement/main.json b/avm/ptn/mgmt-groups/subscription-placement/main.json index c6b0202f45..9af4b494bf 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/main.json +++ b/avm/ptn/mgmt-groups/subscription-placement/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "7040892232274995299" + "version": "0.32.4.45862", + "templateHash": "7736352582742344857" }, "name": "subscription-placement", "description": "This module allows for placement of subscriptions to management groups ", @@ -21,7 +21,7 @@ "managementGroupId": { "type": "string", "metadata": { - "description": "Required.The ID of the management group." + "description": "Required. The ID of the management group." } }, "subscriptionIds": { @@ -30,7 +30,7 @@ "type": "string" }, "metadata": { - "description": "Required.The list of subscription IDs." + "description": "Required. The list of subscription IDs." } } } @@ -79,7 +79,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.ptn.lz-subplacement.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.ptn.mgmtgroup-subplacement.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "location": "[parameters('location')]", "properties": { "mode": "Incremental", @@ -124,8 +124,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "5373369794784532806" + "version": "0.32.4.45862", + "templateHash": "16047016274117361351" } }, "parameters": { @@ -180,4 +180,4 @@ "value": "[format('Subscription placements have been configured for {0} management groups.', length(parameters('parSubscriptionPlacement')))]" } } -} +} \ No newline at end of file From 256da578da6caf6957efa6aa6ad94da1970a82d9 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 12 Dec 2024 01:00:51 -0600 Subject: [PATCH 20/64] Updating codeowners and workflow --- .github/CODEOWNERS | 2 ++ ...t.yml => avm.ptn.mgmt-groups-subscription-placement.yml} | 6 +++--- avm/ptn/mgmt-groups/subscription-placement/README.md | 4 ++-- avm/ptn/mgmt-groups/subscription-placement/main.bicep | 3 +-- avm/ptn/mgmt-groups/subscription-placement/main.json | 4 ++-- 5 files changed, 10 insertions(+), 9 deletions(-) rename .github/workflows/{avm.ptn.mgmtgroup-subscriptionplacement.yml => avm.ptn.mgmt-groups-subscription-placement.yml} (92%) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index cc29bb9964..35d1d14211 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -27,6 +27,8 @@ /avm/ptn/dev-ops/cicd-agents-and-runners/ @Azure/avm-ptn-devops-cicdagentsandrunners-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/finops-toolkit/finops-hub/ @Azure/avm-ptn-finopstoolkit-finopshub-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/lz/sub-vending/ @Azure/avm-ptn-lz-subvending-module-owners-bicep @Azure/avm-module-reviewers-bicep +/avm/ptn/mgmt-groups/subscription-placement/ @Azure/avm-ptn-mgmt-groups-subscription-placement-contributors-bicep @Azure/avm-module-reviewers-bicep +/avm/ptn/mgmt-groups/subscription-placement/ @Azure/avm-ptn-mgmt-groups-subscription-placement-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/network/hub-networking/ @Azure/avm-ptn-network-hubnetworking-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/network/private-link-private-dns-zones/ @Azure/avm-ptn-network-privatelinkprivatednszones-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/policy-insights/remediation/ @Azure/avm-ptn-policyinsights-remediation-module-owners-bicep @Azure/avm-module-reviewers-bicep diff --git a/.github/workflows/avm.ptn.mgmtgroup-subscriptionplacement.yml b/.github/workflows/avm.ptn.mgmt-groups-subscription-placement.yml similarity index 92% rename from .github/workflows/avm.ptn.mgmtgroup-subscriptionplacement.yml rename to .github/workflows/avm.ptn.mgmt-groups-subscription-placement.yml index df51fbb27a..d1dd6fa735 100644 --- a/.github/workflows/avm.ptn.mgmtgroup-subscriptionplacement.yml +++ b/.github/workflows/avm.ptn.mgmt-groups-subscription-placement.yml @@ -1,4 +1,4 @@ -name: "avm.ptn.mgmtgroup-subscriptionplacement" +name: "avm.ptn.mgmt-groups-subscription-placement" on: workflow_dispatch: @@ -24,7 +24,7 @@ on: paths: - ".github/actions/templates/avm-**" - ".github/workflows/avm.template.module.yml" - - ".github/workflows/avm.ptn.mgmtgroup-subscriptionplacement.yml" + - ".github/workflows/avm.ptn.mgmt-groups-subscription-placement.yml" - "avm/ptn/lz/sub-placement/**" - "avm/utilities/pipelines/**" - "!avm/utilities/pipelines/platform/**" @@ -32,7 +32,7 @@ on: env: modulePath: "avm/ptn/mgmt-groups/subscription-placement" - workflowPath: ".github/workflows/avm.ptn.mgmtgroup-subscriptionplacement.yml" + workflowPath: ".github/workflows/avm.ptn.mgmt-groups-subscription-placement.yml" concurrency: group: ${{ github.workflow }} diff --git a/avm/ptn/mgmt-groups/subscription-placement/README.md b/avm/ptn/mgmt-groups/subscription-placement/README.md index 7574d417df..017ec69aa5 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/README.md +++ b/avm/ptn/mgmt-groups/subscription-placement/README.md @@ -139,7 +139,7 @@ Type definition for management group child containing management group ID and su | Parameter | Type | Description | | :-- | :-- | :-- | | [`managementGroupId`](#parameter-parsubscriptionplacementmanagementgroupid) | string | The ID of the management group. | -| [`subscriptionIds`](#parameter-parsubscriptionplacementsubscriptionids) | array | The list of subscription IDs. | +| [`subscriptionIds`](#parameter-parsubscriptionplacementsubscriptionids) | array | The list of subscription IDs to be placed underneath the management group. | ### Parameter: `parSubscriptionPlacement.managementGroupId` @@ -150,7 +150,7 @@ The ID of the management group. ### Parameter: `parSubscriptionPlacement.subscriptionIds` -The list of subscription IDs. +The list of subscription IDs to be placed underneath the management group. - Required: Yes - Type: array diff --git a/avm/ptn/mgmt-groups/subscription-placement/main.bicep b/avm/ptn/mgmt-groups/subscription-placement/main.bicep index eaaed8fe60..f29f9f665b 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/main.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/main.bicep @@ -56,7 +56,6 @@ module customsubscriptionPlacement './modules/helper.bicep' = [ } ] - // =============== // // Outputs // // =============== // @@ -72,6 +71,6 @@ output subscriptionPlacementSummary string = 'Subscription placements have been type typMgChild = { @description('Required. The ID of the management group.') managementGroupId: string - @description('Required. The list of subscription IDs.') + @description('Required. The list of subscription IDs to be placed underneath the management group.') subscriptionIds: string[] }[] diff --git a/avm/ptn/mgmt-groups/subscription-placement/main.json b/avm/ptn/mgmt-groups/subscription-placement/main.json index 9af4b494bf..115f223ef7 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/main.json +++ b/avm/ptn/mgmt-groups/subscription-placement/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "7736352582742344857" + "templateHash": "14040651364660354035" }, "name": "subscription-placement", "description": "This module allows for placement of subscriptions to management groups ", @@ -30,7 +30,7 @@ "type": "string" }, "metadata": { - "description": "Required. The list of subscription IDs." + "description": "Required. The list of subscription IDs to be placed underneath the management group." } } } From ee5e80fb46936d95d7699c29fe1b5677d0745eb4 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 12 Dec 2024 01:09:49 -0600 Subject: [PATCH 21/64] Update params --- .../subscription-placement/README.md | 19 +------------------ .../subscription-placement/main.bicep | 11 +---------- .../subscription-placement/main.json | 18 ++---------------- 3 files changed, 4 insertions(+), 44 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/README.md b/avm/ptn/mgmt-groups/subscription-placement/README.md index 017ec69aa5..635169759a 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/README.md +++ b/avm/ptn/mgmt-groups/subscription-placement/README.md @@ -115,24 +115,7 @@ Type definition for management group child containing management group ID and su - Required: No - Type: array -- Default: - ```Bicep - [ - { - managementGroupId: 'Group1' - subscriptionIds: [ - 'SUBID1' - 'SUBID2' - ] - } - { - managementGroupId: 'Group2' - subscriptionIds: [ - 'SUBID3' - ] - } - ] - ``` +- Default: `[]` **Required parameters** diff --git a/avm/ptn/mgmt-groups/subscription-placement/main.bicep b/avm/ptn/mgmt-groups/subscription-placement/main.bicep index f29f9f665b..7b5dfb138d 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/main.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/main.bicep @@ -9,16 +9,7 @@ metadata owner = 'Azure/module-maintainers' // ------------------ @description('Required. Type definition for management group child containing management group ID and subscription IDs.') -param parSubscriptionPlacement typMgChild = [ - { - managementGroupId: 'Group1' - subscriptionIds: ['SUBID1', 'SUBID2'] - } - { - managementGroupId: 'Group2' - subscriptionIds: ['SUBID3'] - } -] +param parSubscriptionPlacement typMgChild = [] @description('Optional. Location for all resources.') param location string = deployment().location diff --git a/avm/ptn/mgmt-groups/subscription-placement/main.json b/avm/ptn/mgmt-groups/subscription-placement/main.json index 115f223ef7..9f56618f13 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/main.json +++ b/avm/ptn/mgmt-groups/subscription-placement/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "14040651364660354035" + "templateHash": "3265681683082198627" }, "name": "subscription-placement", "description": "This module allows for placement of subscriptions to management groups ", @@ -40,21 +40,7 @@ "parameters": { "parSubscriptionPlacement": { "$ref": "#/definitions/typMgChild", - "defaultValue": [ - { - "managementGroupId": "Group1", - "subscriptionIds": [ - "SUBID1", - "SUBID2" - ] - }, - { - "managementGroupId": "Group2", - "subscriptionIds": [ - "SUBID3" - ] - } - ], + "defaultValue": [], "metadata": { "description": "Required. Type definition for management group child containing management group ID and subscription IDs." } From e7d7b510a1f0f73f36b039008c40671f0744ad79 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 12 Dec 2024 01:21:20 -0600 Subject: [PATCH 22/64] Minor param and test updates --- .../subscription-placement/README.md | 25 +++++++++++++------ .../subscription-placement/main.bicep | 6 ++--- .../subscription-placement/main.json | 8 +++--- .../tests/e2e/defaults/main.test.bicep | 11 ++++---- 4 files changed, 29 insertions(+), 21 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/README.md b/avm/ptn/mgmt-groups/subscription-placement/README.md index 635169759a..a583ff3a0d 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/README.md +++ b/avm/ptn/mgmt-groups/subscription-placement/README.md @@ -41,8 +41,11 @@ module subscriptionPlacement 'br/public:avm/ptn/mgmt-groups/subscription-placeme params: { parSubscriptionPlacement: [ { - managementGroupId: '' - subscriptionIds: '' + managementGroupId: 'testmg1' + subscriptionIds: [ + '00000000-0000-0000-0000-000000000001' + '00000000-0000-0000-0000-000000000002' + ] } ] } @@ -64,8 +67,11 @@ module subscriptionPlacement 'br/public:avm/ptn/mgmt-groups/subscription-placeme "parSubscriptionPlacement": { "value": [ { - "managementGroupId": "", - "subscriptionIds": "" + "managementGroupId": "testmg1", + "subscriptionIds": [ + "00000000-0000-0000-0000-000000000001", + "00000000-0000-0000-0000-000000000002" + ] } ] } @@ -85,8 +91,11 @@ using 'br/public:avm/ptn/mgmt-groups/subscription-placement:' param parSubscriptionPlacement = [ { - managementGroupId: '' - subscriptionIds: '' + managementGroupId: 'testmg1' + subscriptionIds: [ + '00000000-0000-0000-0000-000000000001' + '00000000-0000-0000-0000-000000000002' + ] } ] ``` @@ -100,7 +109,7 @@ param parSubscriptionPlacement = [ | Parameter | Type | Description | | :-- | :-- | :-- | -| [`parSubscriptionPlacement`](#parameter-parsubscriptionplacement) | array | Type definition for management group child containing management group ID and subscription IDs. | +| [`parSubscriptionPlacement`](#parameter-parsubscriptionplacement) | array | The management group IDs along with the subscriptions to be placed underneath them. | **Optional parameters** @@ -111,7 +120,7 @@ param parSubscriptionPlacement = [ ### Parameter: `parSubscriptionPlacement` -Type definition for management group child containing management group ID and subscription IDs. +The management group IDs along with the subscriptions to be placed underneath them. - Required: No - Type: array diff --git a/avm/ptn/mgmt-groups/subscription-placement/main.bicep b/avm/ptn/mgmt-groups/subscription-placement/main.bicep index 7b5dfb138d..2552bd269f 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/main.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/main.bicep @@ -8,8 +8,8 @@ metadata owner = 'Azure/module-maintainers' // PARAMETERS // ------------------ -@description('Required. Type definition for management group child containing management group ID and subscription IDs.') -param parSubscriptionPlacement typMgChild = [] +@description('Required. The management group IDs along with the subscriptions to be placed underneath them.') +param parSubscriptionPlacement subscriptionPlacementType = [] @description('Optional. Location for all resources.') param location string = deployment().location @@ -59,7 +59,7 @@ output subscriptionPlacementSummary string = 'Subscription placements have been // Definitions // // =============== // -type typMgChild = { +type subscriptionPlacementType = { @description('Required. The ID of the management group.') managementGroupId: string @description('Required. The list of subscription IDs to be placed underneath the management group.') diff --git a/avm/ptn/mgmt-groups/subscription-placement/main.json b/avm/ptn/mgmt-groups/subscription-placement/main.json index 9f56618f13..9c2a0f9ed1 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/main.json +++ b/avm/ptn/mgmt-groups/subscription-placement/main.json @@ -6,14 +6,14 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "3265681683082198627" + "templateHash": "6920720962396336725" }, "name": "subscription-placement", "description": "This module allows for placement of subscriptions to management groups ", "owner": "Azure/module-maintainers" }, "definitions": { - "typMgChild": { + "subscriptionPlacementType": { "type": "array", "items": { "type": "object", @@ -39,10 +39,10 @@ }, "parameters": { "parSubscriptionPlacement": { - "$ref": "#/definitions/typMgChild", + "$ref": "#/definitions/subscriptionPlacementType", "defaultValue": [], "metadata": { - "description": "Required. Type definition for management group child containing management group ID and subscription IDs." + "description": "Required. The management group IDs along with the subscriptions to be placed underneath them." } }, "location": { diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep index e639e45496..0a36f71a6d 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -6,9 +6,6 @@ targetScope = 'tenant' @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' -@description('Optional. A short guid for the subscription name.') -param subscriptionGuid string = ' ' - @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'subplmin' @@ -21,12 +18,14 @@ module testDeployment '../../../main.bicep' = { params: { parSubscriptionPlacement: [ { - managementGroupId: namePrefix - subscriptionIds: ['${subscriptionGuid}'] + managementGroupId: 'testmg1' + subscriptionIds: [ + '00000000-0000-0000-0000-000000000001' + '00000000-0000-0000-0000-000000000002' + ] } ] } } - @description('This output retrieves the subscription placement summary from the test deployment outputs.') output subscriptionPlacementSummary string = testDeployment.outputs.subscriptionPlacementSummary From 13c449675d7c40774eb364877475b872fe3ff8a8 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Tue, 17 Dec 2024 23:26:20 -0600 Subject: [PATCH 23/64] Fix workflow name --- ...t.yml => avm.ptn.mgmt-groups.subscription-placement.yml} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename .github/workflows/{avm.ptn.mgmt-groups-subscription-placement.yml => avm.ptn.mgmt-groups.subscription-placement.yml} (93%) diff --git a/.github/workflows/avm.ptn.mgmt-groups-subscription-placement.yml b/.github/workflows/avm.ptn.mgmt-groups.subscription-placement.yml similarity index 93% rename from .github/workflows/avm.ptn.mgmt-groups-subscription-placement.yml rename to .github/workflows/avm.ptn.mgmt-groups.subscription-placement.yml index d1dd6fa735..a55eedcb45 100644 --- a/.github/workflows/avm.ptn.mgmt-groups-subscription-placement.yml +++ b/.github/workflows/avm.ptn.mgmt-groups.subscription-placement.yml @@ -1,4 +1,4 @@ -name: "avm.ptn.mgmt-groups-subscription-placement" +name: "avm.ptn.mgmt-groups.subscription-placement" on: workflow_dispatch: @@ -24,7 +24,7 @@ on: paths: - ".github/actions/templates/avm-**" - ".github/workflows/avm.template.module.yml" - - ".github/workflows/avm.ptn.mgmt-groups-subscription-placement.yml" + - ".github/workflows/avm.ptn.mgmt-groups.subscription-placement.yml" - "avm/ptn/lz/sub-placement/**" - "avm/utilities/pipelines/**" - "!avm/utilities/pipelines/platform/**" @@ -32,7 +32,7 @@ on: env: modulePath: "avm/ptn/mgmt-groups/subscription-placement" - workflowPath: ".github/workflows/avm.ptn.mgmt-groups-subscription-placement.yml" + workflowPath: ".github/workflows/avm.ptn.mgmt-groups.subscription-placement.yml" concurrency: group: ${{ github.workflow }} From 91e2c8a2f7177acdb4aed6b8e90f47054fce03e5 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Tue, 17 Dec 2024 23:40:03 -0600 Subject: [PATCH 24/64] Fix static test errors --- .github/CODEOWNERS | 1 - .github/ISSUE_TEMPLATE/avm_module_issue.yml | 1 + avm/ptn/mgmt-groups/subscription-placement/main.bicep | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 35d1d14211..7aea42a323 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -27,7 +27,6 @@ /avm/ptn/dev-ops/cicd-agents-and-runners/ @Azure/avm-ptn-devops-cicdagentsandrunners-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/finops-toolkit/finops-hub/ @Azure/avm-ptn-finopstoolkit-finopshub-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/lz/sub-vending/ @Azure/avm-ptn-lz-subvending-module-owners-bicep @Azure/avm-module-reviewers-bicep -/avm/ptn/mgmt-groups/subscription-placement/ @Azure/avm-ptn-mgmt-groups-subscription-placement-contributors-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/mgmt-groups/subscription-placement/ @Azure/avm-ptn-mgmt-groups-subscription-placement-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/network/hub-networking/ @Azure/avm-ptn-network-hubnetworking-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/network/private-link-private-dns-zones/ @Azure/avm-ptn-network-privatelinkprivatednszones-module-owners-bicep @Azure/avm-module-reviewers-bicep diff --git a/.github/ISSUE_TEMPLATE/avm_module_issue.yml b/.github/ISSUE_TEMPLATE/avm_module_issue.yml index 8ac2ed9e6b..52b20ffa80 100644 --- a/.github/ISSUE_TEMPLATE/avm_module_issue.yml +++ b/.github/ISSUE_TEMPLATE/avm_module_issue.yml @@ -61,6 +61,7 @@ body: - "avm/ptn/deployment-script/import-image-to-acr" - "avm/ptn/dev-ops/cicd-agents-and-runners" - "avm/ptn/finops-toolkit/finops-hub" + - "avm/ptn/mgmt-groups/subscription-placement" - "avm/ptn/lz/sub-vending" - "avm/ptn/network/hub-networking" - "avm/ptn/network/private-link-private-dns-zones" diff --git a/avm/ptn/mgmt-groups/subscription-placement/main.bicep b/avm/ptn/mgmt-groups/subscription-placement/main.bicep index 2552bd269f..669e532ca9 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/main.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/main.bicep @@ -9,7 +9,7 @@ metadata owner = 'Azure/module-maintainers' // ------------------ @description('Required. The management group IDs along with the subscriptions to be placed underneath them.') -param parSubscriptionPlacement subscriptionPlacementType = [] +param parSubscriptionPlacement subscriptionPlacementType @description('Optional. Location for all resources.') param location string = deployment().location From 4f94615deae318202bd18466a130ce0499302493 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Tue, 17 Dec 2024 23:42:22 -0600 Subject: [PATCH 25/64] Update readme --- avm/ptn/mgmt-groups/subscription-placement/README.md | 3 +-- avm/ptn/mgmt-groups/subscription-placement/main.json | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/README.md b/avm/ptn/mgmt-groups/subscription-placement/README.md index a583ff3a0d..0b1fd9cf21 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/README.md +++ b/avm/ptn/mgmt-groups/subscription-placement/README.md @@ -122,9 +122,8 @@ param parSubscriptionPlacement = [ The management group IDs along with the subscriptions to be placed underneath them. -- Required: No +- Required: Yes - Type: array -- Default: `[]` **Required parameters** diff --git a/avm/ptn/mgmt-groups/subscription-placement/main.json b/avm/ptn/mgmt-groups/subscription-placement/main.json index 9c2a0f9ed1..c42f4e0e23 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/main.json +++ b/avm/ptn/mgmt-groups/subscription-placement/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "6920720962396336725" + "templateHash": "7669093066934147602" }, "name": "subscription-placement", "description": "This module allows for placement of subscriptions to management groups ", @@ -40,7 +40,6 @@ "parameters": { "parSubscriptionPlacement": { "$ref": "#/definitions/subscriptionPlacementType", - "defaultValue": [], "metadata": { "description": "Required. The management group IDs along with the subscriptions to be placed underneath them." } From 3bdde891476e3042de12e5ee5b445925b810f97c Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Tue, 17 Dec 2024 23:48:41 -0600 Subject: [PATCH 26/64] Update codeowners file --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 7aea42a323..834d9c9c37 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -27,7 +27,7 @@ /avm/ptn/dev-ops/cicd-agents-and-runners/ @Azure/avm-ptn-devops-cicdagentsandrunners-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/finops-toolkit/finops-hub/ @Azure/avm-ptn-finopstoolkit-finopshub-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/lz/sub-vending/ @Azure/avm-ptn-lz-subvending-module-owners-bicep @Azure/avm-module-reviewers-bicep -/avm/ptn/mgmt-groups/subscription-placement/ @Azure/avm-ptn-mgmt-groups-subscription-placement-owners-bicep @Azure/avm-module-reviewers-bicep +/avm/ptn/mgmt-groups/subscription-placement/ @Azure/avm-ptn-mgmtgroups-subscriptionplacement-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/network/hub-networking/ @Azure/avm-ptn-network-hubnetworking-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/network/private-link-private-dns-zones/ @Azure/avm-ptn-network-privatelinkprivatednszones-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/policy-insights/remediation/ @Azure/avm-ptn-policyinsights-remediation-module-owners-bicep @Azure/avm-module-reviewers-bicep From e96094a51e3d1fec59d7cd06b68eda1802897128 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Tue, 17 Dec 2024 23:57:17 -0600 Subject: [PATCH 27/64] Adjust team names --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 834d9c9c37..3d5da4c67b 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -27,7 +27,7 @@ /avm/ptn/dev-ops/cicd-agents-and-runners/ @Azure/avm-ptn-devops-cicdagentsandrunners-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/finops-toolkit/finops-hub/ @Azure/avm-ptn-finopstoolkit-finopshub-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/lz/sub-vending/ @Azure/avm-ptn-lz-subvending-module-owners-bicep @Azure/avm-module-reviewers-bicep -/avm/ptn/mgmt-groups/subscription-placement/ @Azure/avm-ptn-mgmtgroups-subscriptionplacement-owners-bicep @Azure/avm-module-reviewers-bicep +/avm/ptn/mgmt-groups/subscription-placement/ @Azure/avm-ptn-mgmtgroups-subscriptionplacement-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/network/hub-networking/ @Azure/avm-ptn-network-hubnetworking-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/network/private-link-private-dns-zones/ @Azure/avm-ptn-network-privatelinkprivatednszones-module-owners-bicep @Azure/avm-module-reviewers-bicep /avm/ptn/policy-insights/remediation/ @Azure/avm-ptn-policyinsights-remediation-module-owners-bicep @Azure/avm-module-reviewers-bicep From 7ea092e323557f15e7e8e17df4594f1df09b5895 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Wed, 18 Dec 2024 00:01:18 -0600 Subject: [PATCH 28/64] Update issue template --- .github/ISSUE_TEMPLATE/avm_module_issue.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/avm_module_issue.yml b/.github/ISSUE_TEMPLATE/avm_module_issue.yml index 52b20ffa80..326893e453 100644 --- a/.github/ISSUE_TEMPLATE/avm_module_issue.yml +++ b/.github/ISSUE_TEMPLATE/avm_module_issue.yml @@ -61,8 +61,8 @@ body: - "avm/ptn/deployment-script/import-image-to-acr" - "avm/ptn/dev-ops/cicd-agents-and-runners" - "avm/ptn/finops-toolkit/finops-hub" - - "avm/ptn/mgmt-groups/subscription-placement" - "avm/ptn/lz/sub-vending" + - "avm/ptn/mgmt-groups/subscription-placement" - "avm/ptn/network/hub-networking" - "avm/ptn/network/private-link-private-dns-zones" - "avm/ptn/policy-insights/remediation" From b541f0df22efdf254ff193c8085f05cf01bbcf11 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Wed, 18 Dec 2024 00:17:15 -0600 Subject: [PATCH 29/64] Create secure params for subscription ids --- .../tests/e2e/defaults/main.test.bicep | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep index 0a36f71a6d..3f03ecbabe 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -9,6 +9,19 @@ param namePrefix string = '#_namePrefix_#' @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'subplmin' +@description('Required. The management group ID where the subscriptions will be placed.') +param managementGroupId string = '' + +@description('Required. The first subscription ID to be placed.') +@secure() +param subscriptionId1 string = '' + + +@description('Required. The second subscription ID to be placed.') +@secure() +param subscriptionId2 string = '' + + // ============== // // Test Execution // // ============== // @@ -18,10 +31,10 @@ module testDeployment '../../../main.bicep' = { params: { parSubscriptionPlacement: [ { - managementGroupId: 'testmg1' + managementGroupId: managementGroupId subscriptionIds: [ - '00000000-0000-0000-0000-000000000001' - '00000000-0000-0000-0000-000000000002' + subscriptionId1 + subscriptionId2 ] } ] From a78da2180b567c0cac5c9b73acf0307f8cbcdd07 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Wed, 18 Dec 2024 00:26:19 -0600 Subject: [PATCH 30/64] Add in secure params --- .../subscription-placement/tests/e2e/defaults/main.test.bicep | 1 + 1 file changed, 1 insertion(+) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep index 3f03ecbabe..6150cfbb19 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -10,6 +10,7 @@ param namePrefix string = '#_namePrefix_#' param serviceShort string = 'subplmin' @description('Required. The management group ID where the subscriptions will be placed.') +@secure() param managementGroupId string = '' @description('Required. The first subscription ID to be placed.') From 5326d6f133ea9998d57442ec56eb80c0658c5324 Mon Sep 17 00:00:00 2001 From: Nicky Griffin Date: Wed, 18 Dec 2024 17:02:50 +0000 Subject: [PATCH 31/64] update camel casing on customsubscriptionPlacement --- avm/ptn/mgmt-groups/subscription-placement/main.bicep | 3 +-- avm/ptn/mgmt-groups/subscription-placement/main.json | 6 +++--- .../mgmt-groups/subscription-placement/modules/helper.bicep | 2 +- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/main.bicep b/avm/ptn/mgmt-groups/subscription-placement/main.bicep index 669e532ca9..6db82a6389 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/main.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/main.bicep @@ -37,7 +37,7 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableT } } -module customsubscriptionPlacement './modules/helper.bicep' = [ +module customSubscriptionPlacement './modules/helper.bicep' = [ for (subscriptionPlacement, index) in parSubscriptionPlacement: { name: 'subPlacement${index}' params: { @@ -54,7 +54,6 @@ module customsubscriptionPlacement './modules/helper.bicep' = [ @description('Output of number of management groups that have been configured with subscription placements.') output subscriptionPlacementSummary string = 'Subscription placements have been configured for ${length(parSubscriptionPlacement)} management groups.' - // =============== // // Definitions // // =============== // diff --git a/avm/ptn/mgmt-groups/subscription-placement/main.json b/avm/ptn/mgmt-groups/subscription-placement/main.json index c42f4e0e23..c6ed3ed875 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/main.json +++ b/avm/ptn/mgmt-groups/subscription-placement/main.json @@ -81,9 +81,9 @@ } } }, - "customsubscriptionPlacement": { + "customSubscriptionPlacement": { "copy": { - "name": "customsubscriptionPlacement", + "name": "customSubscriptionPlacement", "count": "[length(parameters('parSubscriptionPlacement'))]" }, "type": "Microsoft.Resources/deployments", @@ -130,7 +130,7 @@ "resources": [ { "copy": { - "name": "customsubscriptionPlacement", + "name": "customSubscriptionPlacement", "count": "[length(parameters('subscriptionIds'))]" }, "type": "Microsoft.Management/managementGroups/subscriptions", diff --git a/avm/ptn/mgmt-groups/subscription-placement/modules/helper.bicep b/avm/ptn/mgmt-groups/subscription-placement/modules/helper.bicep index 0a3670d314..30b16ce700 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/modules/helper.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/modules/helper.bicep @@ -5,7 +5,7 @@ param managementGroupId string @description('The list of subscription IDs.') param subscriptionIds array -resource customsubscriptionPlacement 'Microsoft.Management/managementGroups/subscriptions@2023-04-01' = [ +resource customSubscriptionPlacement 'Microsoft.Management/managementGroups/subscriptions@2023-04-01' = [ for (subscription, i) in subscriptionIds: { name: '${managementGroupId}/${subscription}' } From eca607183bc794b1c6c57b53afbdc4aa9197d159 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Wed, 18 Dec 2024 17:17:32 -0600 Subject: [PATCH 32/64] Update test --- .../subscription-placement/README.md | 18 +++++++++--------- .../tests/e2e/defaults/main.test.bicep | 19 +++++++++++++------ 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/README.md b/avm/ptn/mgmt-groups/subscription-placement/README.md index 0b1fd9cf21..95ec8d597a 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/README.md +++ b/avm/ptn/mgmt-groups/subscription-placement/README.md @@ -41,10 +41,10 @@ module subscriptionPlacement 'br/public:avm/ptn/mgmt-groups/subscription-placeme params: { parSubscriptionPlacement: [ { - managementGroupId: 'testmg1' + managementGroupId: '' subscriptionIds: [ - '00000000-0000-0000-0000-000000000001' - '00000000-0000-0000-0000-000000000002' + '' + '' ] } ] @@ -67,10 +67,10 @@ module subscriptionPlacement 'br/public:avm/ptn/mgmt-groups/subscription-placeme "parSubscriptionPlacement": { "value": [ { - "managementGroupId": "testmg1", + "managementGroupId": "", "subscriptionIds": [ - "00000000-0000-0000-0000-000000000001", - "00000000-0000-0000-0000-000000000002" + "", + "" ] } ] @@ -91,10 +91,10 @@ using 'br/public:avm/ptn/mgmt-groups/subscription-placement:' param parSubscriptionPlacement = [ { - managementGroupId: 'testmg1' + managementGroupId: '' subscriptionIds: [ - '00000000-0000-0000-0000-000000000001' - '00000000-0000-0000-0000-000000000002' + '' + '' ] } ] diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep index 6150cfbb19..d459f30c9a 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -14,19 +14,25 @@ param serviceShort string = 'subplmin' param managementGroupId string = '' @description('Required. The first subscription ID to be placed.') -@secure() param subscriptionId1 string = '' - @description('Required. The second subscription ID to be placed.') -@secure() param subscriptionId2 string = '' - // ============== // // Test Execution // // ============== // +resource subscription1 'Microsoft.Subscription/aliases@2024-08-01-preview' existing = { + name: subscriptionId1 + scope: tenant() +} + +resource subscription2 'Microsoft.Subscription/aliases@2024-08-01-preview' existing = { + name: subscriptionId2 + scope: tenant() +} + module testDeployment '../../../main.bicep' = { name: '${namePrefix}-test-${serviceShort}' params: { @@ -34,12 +40,13 @@ module testDeployment '../../../main.bicep' = { { managementGroupId: managementGroupId subscriptionIds: [ - subscriptionId1 - subscriptionId2 + subscription1.id + subscription2.id ] } ] } } + @description('This output retrieves the subscription placement summary from the test deployment outputs.') output subscriptionPlacementSummary string = testDeployment.outputs.subscriptionPlacementSummary From 84cf5eba6b07b2a708e5d5f443e08bc5b9b610bf Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Wed, 18 Dec 2024 17:44:19 -0600 Subject: [PATCH 33/64] Testing using variable --- .../subscription-placement/README.md | 15 +++---------- .../tests/e2e/defaults/main.test.bicep | 22 +++++++------------ 2 files changed, 11 insertions(+), 26 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/README.md b/avm/ptn/mgmt-groups/subscription-placement/README.md index 95ec8d597a..75dd846680 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/README.md +++ b/avm/ptn/mgmt-groups/subscription-placement/README.md @@ -42,10 +42,7 @@ module subscriptionPlacement 'br/public:avm/ptn/mgmt-groups/subscription-placeme parSubscriptionPlacement: [ { managementGroupId: '' - subscriptionIds: [ - '' - '' - ] + subscriptionIds: '' } ] } @@ -68,10 +65,7 @@ module subscriptionPlacement 'br/public:avm/ptn/mgmt-groups/subscription-placeme "value": [ { "managementGroupId": "", - "subscriptionIds": [ - "", - "" - ] + "subscriptionIds": "" } ] } @@ -92,10 +86,7 @@ using 'br/public:avm/ptn/mgmt-groups/subscription-placement:' param parSubscriptionPlacement = [ { managementGroupId: '' - subscriptionIds: [ - '' - '' - ] + subscriptionIds: '' } ] ``` diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep index d459f30c9a..45d87cf8ea 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -14,35 +14,29 @@ param serviceShort string = 'subplmin' param managementGroupId string = '' @description('Required. The first subscription ID to be placed.') +@secure() param subscriptionId1 string = '' @description('Required. The second subscription ID to be placed.') +@secure() param subscriptionId2 string = '' +var subscriptionIds = [ + subscriptionId1 + subscriptionId2 +] + // ============== // // Test Execution // // ============== // -resource subscription1 'Microsoft.Subscription/aliases@2024-08-01-preview' existing = { - name: subscriptionId1 - scope: tenant() -} - -resource subscription2 'Microsoft.Subscription/aliases@2024-08-01-preview' existing = { - name: subscriptionId2 - scope: tenant() -} - module testDeployment '../../../main.bicep' = { name: '${namePrefix}-test-${serviceShort}' params: { parSubscriptionPlacement: [ { managementGroupId: managementGroupId - subscriptionIds: [ - subscription1.id - subscription2.id - ] + subscriptionIds: subscriptionIds } ] } From 25d5ab886312b43d70cd1d570d1606cb65c17847 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Sun, 12 Jan 2025 21:00:09 -0600 Subject: [PATCH 34/64] Update parameter names --- .../tests/e2e/defaults/main.test.bicep | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep index 45d87cf8ea..5af0ace665 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -9,15 +9,15 @@ param namePrefix string = '#_namePrefix_#' @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'subplmin' -@description('Required. The management group ID where the subscriptions will be placed.') +@description('Required. The management group ID where the subscriptions will be placed. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-ManagementGroupId\'.') @secure() param managementGroupId string = '' -@description('Required. The first subscription ID to be placed.') +@description('Required. The first subscription ID to be placed. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-SubscriptionId1\'.') @secure() param subscriptionId1 string = '' -@description('Required. The second subscription ID to be placed.') +@description('Required. The second subscription ID to be placed. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-SubscriptionId2\'.') @secure() param subscriptionId2 string = '' From 19b3c5d8dc732a1e741a6ba90ff37bf70b769657 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 16 Jan 2025 22:24:27 -0600 Subject: [PATCH 35/64] Update readme --- .../subscription-placement/tests/e2e/defaults/main.test.bicep | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep index 5af0ace665..8bfc3f954c 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -31,7 +31,7 @@ var subscriptionIds = [ // ============== // module testDeployment '../../../main.bicep' = { - name: '${namePrefix}-test-${serviceShort}' + name: '${uniqueString(deployment().name, namePrefix)}-test-${serviceShort}' params: { parSubscriptionPlacement: [ { @@ -42,5 +42,6 @@ module testDeployment '../../../main.bicep' = { } } + @description('This output retrieves the subscription placement summary from the test deployment outputs.') output subscriptionPlacementSummary string = testDeployment.outputs.subscriptionPlacementSummary From 0021464595a57eef996750dca2ade8f5bdc570c7 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 16 Jan 2025 22:37:55 -0600 Subject: [PATCH 36/64] Update deployment name --- avm/ptn/mgmt-groups/subscription-placement/main.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/main.bicep b/avm/ptn/mgmt-groups/subscription-placement/main.bicep index 6db82a6389..0518da24e5 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/main.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/main.bicep @@ -39,7 +39,7 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableT module customSubscriptionPlacement './modules/helper.bicep' = [ for (subscriptionPlacement, index) in parSubscriptionPlacement: { - name: 'subPlacement${index}' + name: 'subPlacment-${uniqueString(subscriptionPlacement.managementGroupId)}${index}' params: { managementGroupId: subscriptionPlacement.managementGroupId subscriptionIds: subscriptionPlacement.subscriptionIds From dcf2b13080c01198e07e5e3ef15b1323f3aac9af Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 16 Jan 2025 22:38:25 -0600 Subject: [PATCH 37/64] Fix json file --- avm/ptn/mgmt-groups/subscription-placement/main.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/main.json b/avm/ptn/mgmt-groups/subscription-placement/main.json index c6ed3ed875..e1ee7a57bf 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/main.json +++ b/avm/ptn/mgmt-groups/subscription-placement/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "7669093066934147602" + "templateHash": "5376630188051666429" }, "name": "subscription-placement", "description": "This module allows for placement of subscriptions to management groups ", @@ -88,7 +88,7 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('subPlacement{0}', copyIndex())]", + "name": "[format('subPlacment-{0}{1}', uniqueString(parameters('parSubscriptionPlacement')[copyIndex()].managementGroupId), copyIndex())]", "location": "[deployment().location]", "properties": { "expressionEvaluationOptions": { From 11c881876e969c81a112ac6444734331a1b5b331 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Sun, 26 Jan 2025 23:22:41 -0600 Subject: [PATCH 38/64] Include logic to create mgmt group and subscription --- .../subscription-placement/README.md | 12 ++++-- .../subscription-placement/main.json | 8 ++-- .../tests/e2e/defaults/dependencies.bicep | 42 +++++++++++++++++++ .../tests/e2e/defaults/main.test.bicep | 33 ++++++++------- 4 files changed, 74 insertions(+), 21 deletions(-) create mode 100644 avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep diff --git a/avm/ptn/mgmt-groups/subscription-placement/README.md b/avm/ptn/mgmt-groups/subscription-placement/README.md index 75dd846680..8f1c07509a 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/README.md +++ b/avm/ptn/mgmt-groups/subscription-placement/README.md @@ -42,7 +42,9 @@ module subscriptionPlacement 'br/public:avm/ptn/mgmt-groups/subscription-placeme parSubscriptionPlacement: [ { managementGroupId: '' - subscriptionIds: '' + subscriptionIds: [ + '' + ] } ] } @@ -65,7 +67,9 @@ module subscriptionPlacement 'br/public:avm/ptn/mgmt-groups/subscription-placeme "value": [ { "managementGroupId": "", - "subscriptionIds": "" + "subscriptionIds": [ + "" + ] } ] } @@ -86,7 +90,9 @@ using 'br/public:avm/ptn/mgmt-groups/subscription-placement:' param parSubscriptionPlacement = [ { managementGroupId: '' - subscriptionIds: '' + subscriptionIds: [ + '' + ] } ] ``` diff --git a/avm/ptn/mgmt-groups/subscription-placement/main.json b/avm/ptn/mgmt-groups/subscription-placement/main.json index e1ee7a57bf..f53111cc4e 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/main.json +++ b/avm/ptn/mgmt-groups/subscription-placement/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "5376630188051666429" + "version": "0.33.13.18514", + "templateHash": "13288442843261887605" }, "name": "subscription-placement", "description": "This module allows for placement of subscriptions to management groups ", @@ -109,8 +109,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "16047016274117361351" + "version": "0.33.13.18514", + "templateHash": "10679020409212079790" } }, "parameters": { diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep new file mode 100644 index 0000000000..3593c36997 --- /dev/null +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep @@ -0,0 +1,42 @@ +targetScope = 'tenant' + +@description('Required. The root management group ID where the child management group will be placed.') +@secure() +param rootManagementGroupId string = '' + + +@description('Required. The scope of the subscription billing.') +@secure() +param subscriptionBillingScope string = '' + +resource managementGroup 'Microsoft.Management/managementGroups@2023-04-01' = { + name: 'test-mgmt-group' + properties: { + displayName: 'Test Management Group' + details:{ + parent:{ + id: rootManagementGroupId + } + } + } +} + +module subVending 'br/public:avm/ptn/lz/sub-vending:0.2.4' = { + name: 'subVendingDeployment' + scope: managementGroup + params: { + subscriptionBillingScope: subscriptionBillingScope + subscriptionDisplayName: 'Test Subscription' + subscriptionWorkload: 'DevTest' + } +} + +@description('Output of the Management Group Resource ID.') +output managementGroupResourceId string = managementGroup.id + +@description('Output of the Subscription Vending Resource ID.') +output subVendingResourceId string = subVending.outputs.subscriptionId + +@description('Output of the Subscription Vending Subscription ID.') +output subVendingSubscriptionId string = subVending.outputs.subscriptionId + diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep index 8bfc3f954c..6c054ebdeb 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -9,22 +9,26 @@ param namePrefix string = '#_namePrefix_#' @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'subplmin' -@description('Required. The management group ID where the subscriptions will be placed. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-ManagementGroupId\'.') +@description('Required. The management group ID where the subscriptions will be placed. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-RootManagementGroupId\'.') @secure() -param managementGroupId string = '' +param rootManagementGroupId string = '' -@description('Required. The first subscription ID to be placed. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-SubscriptionId1\'.') +@description('Required. The scope of the subscription billing. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-SubscriptionBillingScope\'.') @secure() -param subscriptionId1 string = '' +param subscriptionBillingScope string = '' -@description('Required. The second subscription ID to be placed. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-SubscriptionId2\'.') -@secure() -param subscriptionId2 string = '' +// =============== // +// Dependencies // +// =============== // -var subscriptionIds = [ - subscriptionId1 - subscriptionId2 -] +module dependencies './dependencies.bicep' = { + name: '${uniqueString(deployment().name, namePrefix)}-test-dependencies' + scope: tenant() + params: { + subscriptionBillingScope: subscriptionBillingScope + rootManagementGroupId: rootManagementGroupId + } +} // ============== // // Test Execution // @@ -35,13 +39,14 @@ module testDeployment '../../../main.bicep' = { params: { parSubscriptionPlacement: [ { - managementGroupId: managementGroupId - subscriptionIds: subscriptionIds + managementGroupId: dependencies.outputs.managementGroupResourceId + subscriptionIds: [ + dependencies.outputs.subVendingSubscriptionId + ] } ] } } - @description('This output retrieves the subscription placement summary from the test deployment outputs.') output subscriptionPlacementSummary string = testDeployment.outputs.subscriptionPlacementSummary From 7b4c58de52fec5d5abfd28ed44a88338c6b244f6 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Sun, 26 Jan 2025 23:26:55 -0600 Subject: [PATCH 39/64] Update deployment name --- .../subscription-placement/tests/e2e/defaults/main.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep index 6c054ebdeb..70ae73673d 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -22,7 +22,7 @@ param subscriptionBillingScope string = '' // =============== // module dependencies './dependencies.bicep' = { - name: '${uniqueString(deployment().name, namePrefix)}-test-dependencies' + name: '${uniqueString(deployment().name, namePrefix)}-dependencies-${serviceShort}' scope: tenant() params: { subscriptionBillingScope: subscriptionBillingScope From cf1e36f7300e06a84bd3561758b617f3053eb8e0 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Sun, 26 Jan 2025 23:32:35 -0600 Subject: [PATCH 40/64] FIx deployment --- .../tests/e2e/defaults/dependencies.bicep | 3 +++ .../subscription-placement/tests/e2e/defaults/main.test.bicep | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep index 3593c36997..bbdebd06f3 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep @@ -31,6 +31,9 @@ module subVending 'br/public:avm/ptn/lz/sub-vending:0.2.4' = { } } +@description('Output of the Management Group ID.') +output managementGroupId string = managementGroup.id + @description('Output of the Management Group Resource ID.') output managementGroupResourceId string = managementGroup.id diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep index 70ae73673d..fe0e4a430f 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -39,7 +39,7 @@ module testDeployment '../../../main.bicep' = { params: { parSubscriptionPlacement: [ { - managementGroupId: dependencies.outputs.managementGroupResourceId + managementGroupId: dependencies.outputs.managementGroupId subscriptionIds: [ dependencies.outputs.subVendingSubscriptionId ] From 1e8aebf4b45ea607bb8fa27acf677037807c20bf Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Sun, 26 Jan 2025 23:48:15 -0600 Subject: [PATCH 41/64] Fix duplicate output --- .../tests/e2e/defaults/dependencies.bicep | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep index bbdebd06f3..e53eff999d 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep @@ -31,11 +31,8 @@ module subVending 'br/public:avm/ptn/lz/sub-vending:0.2.4' = { } } -@description('Output of the Management Group ID.') -output managementGroupId string = managementGroup.id - @description('Output of the Management Group Resource ID.') -output managementGroupResourceId string = managementGroup.id +output managementGroupId string = managementGroup.id @description('Output of the Subscription Vending Resource ID.') output subVendingResourceId string = subVending.outputs.subscriptionId From 00fc74428a6419e04ea83728c0284f65a803fce6 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Mon, 27 Jan 2025 00:06:00 -0600 Subject: [PATCH 42/64] Update test --- .../tests/e2e/defaults/dependencies.bicep | 3 +++ 1 file changed, 3 insertions(+) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep index e53eff999d..13864162fb 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep @@ -25,12 +25,15 @@ module subVending 'br/public:avm/ptn/lz/sub-vending:0.2.4' = { name: 'subVendingDeployment' scope: managementGroup params: { + subscriptionAliasEnabled: true + subscriptionAliasName: 'Test Subscription' subscriptionBillingScope: subscriptionBillingScope subscriptionDisplayName: 'Test Subscription' subscriptionWorkload: 'DevTest' } } + @description('Output of the Management Group Resource ID.') output managementGroupId string = managementGroup.id From 45e43a3c99f5c08a23a6da373468a2d98ef5d68b Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Mon, 27 Jan 2025 00:31:19 -0600 Subject: [PATCH 43/64] Update tests --- avm/ptn/mgmt-groups/subscription-placement/README.md | 12 +++--------- .../tests/e2e/defaults/dependencies.bicep | 4 ++-- .../tests/e2e/defaults/main.test.bicep | 6 +++--- 3 files changed, 8 insertions(+), 14 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/README.md b/avm/ptn/mgmt-groups/subscription-placement/README.md index 8f1c07509a..75dd846680 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/README.md +++ b/avm/ptn/mgmt-groups/subscription-placement/README.md @@ -42,9 +42,7 @@ module subscriptionPlacement 'br/public:avm/ptn/mgmt-groups/subscription-placeme parSubscriptionPlacement: [ { managementGroupId: '' - subscriptionIds: [ - '' - ] + subscriptionIds: '' } ] } @@ -67,9 +65,7 @@ module subscriptionPlacement 'br/public:avm/ptn/mgmt-groups/subscription-placeme "value": [ { "managementGroupId": "", - "subscriptionIds": [ - "" - ] + "subscriptionIds": "" } ] } @@ -90,9 +86,7 @@ using 'br/public:avm/ptn/mgmt-groups/subscription-placement:' param parSubscriptionPlacement = [ { managementGroupId: '' - subscriptionIds: [ - '' - ] + subscriptionIds: '' } ] ``` diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep index 13864162fb..5a16bfc084 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep @@ -2,7 +2,7 @@ targetScope = 'tenant' @description('Required. The root management group ID where the child management group will be placed.') @secure() -param rootManagementGroupId string = '' +param rootManagementGroupResourceId string = '' @description('Required. The scope of the subscription billing.') @@ -15,7 +15,7 @@ resource managementGroup 'Microsoft.Management/managementGroups@2023-04-01' = { displayName: 'Test Management Group' details:{ parent:{ - id: rootManagementGroupId + id: rootManagementGroupResourceId } } } diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep index fe0e4a430f..acd0b9126b 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -9,9 +9,9 @@ param namePrefix string = '#_namePrefix_#' @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'subplmin' -@description('Required. The management group ID where the subscriptions will be placed. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-RootManagementGroupId\'.') +@description('Required. The management group ID where the subscriptions will be placed. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-RootManagementGroupResourceId\'.') @secure() -param rootManagementGroupId string = '' +param rootManagementGroupResourceId string = '' @description('Required. The scope of the subscription billing. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-SubscriptionBillingScope\'.') @secure() @@ -26,7 +26,7 @@ module dependencies './dependencies.bicep' = { scope: tenant() params: { subscriptionBillingScope: subscriptionBillingScope - rootManagementGroupId: rootManagementGroupId + rootManagementGroupResourceId: rootManagementGroupResourceId } } From e5554d30706821409ac10ec6494fd8cbb3dae679 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Mon, 27 Jan 2025 00:37:32 -0600 Subject: [PATCH 44/64] Update readme --- avm/ptn/mgmt-groups/subscription-placement/README.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/README.md b/avm/ptn/mgmt-groups/subscription-placement/README.md index 75dd846680..8f1c07509a 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/README.md +++ b/avm/ptn/mgmt-groups/subscription-placement/README.md @@ -42,7 +42,9 @@ module subscriptionPlacement 'br/public:avm/ptn/mgmt-groups/subscription-placeme parSubscriptionPlacement: [ { managementGroupId: '' - subscriptionIds: '' + subscriptionIds: [ + '' + ] } ] } @@ -65,7 +67,9 @@ module subscriptionPlacement 'br/public:avm/ptn/mgmt-groups/subscription-placeme "value": [ { "managementGroupId": "", - "subscriptionIds": "" + "subscriptionIds": [ + "" + ] } ] } @@ -86,7 +90,9 @@ using 'br/public:avm/ptn/mgmt-groups/subscription-placement:' param parSubscriptionPlacement = [ { managementGroupId: '' - subscriptionIds: '' + subscriptionIds: [ + '' + ] } ] ``` From 827cc02f84d6e738eda601988b009b304d8d3dbe Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Mon, 27 Jan 2025 01:12:17 -0600 Subject: [PATCH 45/64] Remove spacing in display name --- .../tests/e2e/defaults/dependencies.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep index 5a16bfc084..3ffb40f76d 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep @@ -26,9 +26,9 @@ module subVending 'br/public:avm/ptn/lz/sub-vending:0.2.4' = { scope: managementGroup params: { subscriptionAliasEnabled: true - subscriptionAliasName: 'Test Subscription' + subscriptionAliasName: 'TestSubscription' subscriptionBillingScope: subscriptionBillingScope - subscriptionDisplayName: 'Test Subscription' + subscriptionDisplayName: 'TestSubscription' subscriptionWorkload: 'DevTest' } } From 2a68eb20a0a6ec3c85e538483230cddc08d4471b Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Mon, 3 Feb 2025 16:18:55 -0600 Subject: [PATCH 46/64] Fix description --- .../tests/e2e/defaults/dependencies.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep index 3ffb40f76d..cc3484d2f3 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep @@ -1,6 +1,6 @@ targetScope = 'tenant' -@description('Required. The root management group ID where the child management group will be placed.') +@description('Required. The root management group resource ID where the child management group will be placed.') @secure() param rootManagementGroupResourceId string = '' From 1a4b063e673e16c0909893040746156f31e085ce Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Mon, 3 Feb 2025 16:41:55 -0600 Subject: [PATCH 47/64] Fix test --- .../tests/e2e/defaults/dependencies.bicep | 13 +++++++------ .../tests/e2e/defaults/main.test.bicep | 2 ++ avm/res/app/container-app/main.bicep | 3 ++- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep index cc3484d2f3..dd50acc962 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep @@ -33,13 +33,14 @@ module subVending 'br/public:avm/ptn/lz/sub-vending:0.2.4' = { } } - -@description('Output of the Management Group Resource ID.') +@description('Output of the management group resource ID.') output managementGroupId string = managementGroup.id -@description('Output of the Subscription Vending Resource ID.') -output subVendingResourceId string = subVending.outputs.subscriptionId +@description('Output of the management group name.') +output managementGroupDisplayName string = managementGroup.name -@description('Output of the Subscription Vending Subscription ID.') -output subVendingSubscriptionId string = subVending.outputs.subscriptionId +@description('Output of the subscription vending resource ID.') +output subVendingResourceId string = subVending.outputs.subscriptionResourceId +@description('Output of the subscription vending subscription ID.') +output subVendingSubscriptionId string = subVending.outputs.subscriptionId diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep index acd0b9126b..c32188c015 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -17,6 +17,8 @@ param rootManagementGroupResourceId string = '' @secure() param subscriptionBillingScope string = '' +var managementGroupId = dependencies.outputs.managementGroupId + // =============== // // Dependencies // // =============== // diff --git a/avm/res/app/container-app/main.bicep b/avm/res/app/container-app/main.bicep index 201ba8da5b..da9beae640 100644 --- a/avm/res/app/container-app/main.bicep +++ b/avm/res/app/container-app/main.bicep @@ -1,5 +1,6 @@ metadata name = 'Container Apps' metadata description = 'This module deploys a Container App.' +metadata owner = 'Azure/module-maintainers' @description('Required. Name of the Container App.') param name string @@ -333,7 +334,7 @@ output resourceGroupName string = resourceGroup().name output name string = containerApp.name @description('The principal ID of the system assigned identity.') -output systemAssignedMIPrincipalId string? = containerApp.?identity.?principalId +output systemAssignedMIPrincipalId string = containerApp.?identity.?principalId ?? '' @description('The location the resource was deployed into.') output location string = containerApp.location From cbb0bb74a65fb54136d78daabfc39cf31b45ea1b Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Mon, 3 Feb 2025 16:47:19 -0600 Subject: [PATCH 48/64] Fix output --- .../subscription-placement/tests/e2e/defaults/main.test.bicep | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep index c32188c015..3ba39aeda8 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -17,8 +17,6 @@ param rootManagementGroupResourceId string = '' @secure() param subscriptionBillingScope string = '' -var managementGroupId = dependencies.outputs.managementGroupId - // =============== // // Dependencies // // =============== // @@ -41,7 +39,7 @@ module testDeployment '../../../main.bicep' = { params: { parSubscriptionPlacement: [ { - managementGroupId: dependencies.outputs.managementGroupId + managementGroupId: dependencies.outputs.managementGroupDisplayName subscriptionIds: [ dependencies.outputs.subVendingSubscriptionId ] From 5ce5c6430731637537dedd0f8382ead9f18298f9 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Mon, 3 Feb 2025 17:16:44 -0600 Subject: [PATCH 49/64] Fix name --- .../tests/e2e/defaults/dependencies.bicep | 2 +- .../subscription-placement/tests/e2e/defaults/main.test.bicep | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep index dd50acc962..f51486506f 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep @@ -37,7 +37,7 @@ module subVending 'br/public:avm/ptn/lz/sub-vending:0.2.4' = { output managementGroupId string = managementGroup.id @description('Output of the management group name.') -output managementGroupDisplayName string = managementGroup.name +output managementGroupName string = managementGroup.name @description('Output of the subscription vending resource ID.') output subVendingResourceId string = subVending.outputs.subscriptionResourceId diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep index 3ba39aeda8..ae760a532b 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -39,7 +39,7 @@ module testDeployment '../../../main.bicep' = { params: { parSubscriptionPlacement: [ { - managementGroupId: dependencies.outputs.managementGroupDisplayName + managementGroupId: dependencies.outputs.managementGroupName subscriptionIds: [ dependencies.outputs.subVendingSubscriptionId ] From f8a514d8507e7c63385088d02c876d219ebb26f3 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Mon, 3 Feb 2025 17:30:16 -0600 Subject: [PATCH 50/64] Reset change --- avm/res/app/container-app/main.bicep | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/avm/res/app/container-app/main.bicep b/avm/res/app/container-app/main.bicep index da9beae640..201ba8da5b 100644 --- a/avm/res/app/container-app/main.bicep +++ b/avm/res/app/container-app/main.bicep @@ -1,6 +1,5 @@ metadata name = 'Container Apps' metadata description = 'This module deploys a Container App.' -metadata owner = 'Azure/module-maintainers' @description('Required. Name of the Container App.') param name string @@ -334,7 +333,7 @@ output resourceGroupName string = resourceGroup().name output name string = containerApp.name @description('The principal ID of the system assigned identity.') -output systemAssignedMIPrincipalId string = containerApp.?identity.?principalId ?? '' +output systemAssignedMIPrincipalId string? = containerApp.?identity.?principalId @description('The location the resource was deployed into.') output location string = containerApp.location From dda4fb4162041bdeb9e27ca222157a71e392ac9d Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Tue, 11 Feb 2025 23:39:54 -0600 Subject: [PATCH 51/64] Updating tests --- .../tests/e2e/defaults/dependencies.bicep | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep index f51486506f..d1f9dbd5c9 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep @@ -26,10 +26,14 @@ module subVending 'br/public:avm/ptn/lz/sub-vending:0.2.4' = { scope: managementGroup params: { subscriptionAliasEnabled: true - subscriptionAliasName: 'TestSubscription' + subscriptionAliasName: 'NewSubscription' subscriptionBillingScope: subscriptionBillingScope - subscriptionDisplayName: 'TestSubscription' - subscriptionWorkload: 'DevTest' + subscriptionDisplayName: 'NewSubscription' + subscriptionTags: { + avmTest: 'true' + } + subscriptionWorkload: 'Production' + resourceProviders: {} } } From b24047f4f1cc8c2d6fd7f73ae4f192b9a05c634f Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Wed, 12 Feb 2025 00:43:54 -0600 Subject: [PATCH 52/64] Adding cleanup to test --- .../tests/e2e/defaults/dependencies.bicep | 2 +- .../tests/e2e/defaults/main.test.bicep | 25 ++++++++++++++++++- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep index d1f9dbd5c9..819feedfad 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep @@ -1,6 +1,6 @@ targetScope = 'tenant' -@description('Required. The root management group resource ID where the child management group will be placed.') +@description('Required. The root management group resource ID where the subscriptions will be placed.') @secure() param rootManagementGroupResourceId string = '' diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep index ae760a532b..b400cb4145 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -9,7 +9,7 @@ param namePrefix string = '#_namePrefix_#' @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'subplmin' -@description('Required. The management group ID where the subscriptions will be placed. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-RootManagementGroupResourceId\'.') +@description('Required. The root management group resource ID where the subscriptions will be placed. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-RootManagementGroupResourceId\'.') @secure() param rootManagementGroupResourceId string = '' @@ -17,6 +17,8 @@ param rootManagementGroupResourceId string = '' @secure() param subscriptionBillingScope string = '' +var rootManagementGroupId = split('/', rootManagementGroupResourceId)[4] + // =============== // // Dependencies // // =============== // @@ -48,5 +50,26 @@ module testDeployment '../../../main.bicep' = { } } +// =============== // +// Clean Up // +// =============== // + +module cleanup '../../../main.bicep' = { + name: '${uniqueString(deployment().name, namePrefix)}-test-${serviceShort}' + dependsOn: [ + testDeployment + ] + params: { + parSubscriptionPlacement: [ + { + managementGroupId: rootManagementGroupId + subscriptionIds: [ + dependencies.outputs.subVendingSubscriptionId + ] + } + ] + } +} + @description('This output retrieves the subscription placement summary from the test deployment outputs.') output subscriptionPlacementSummary string = testDeployment.outputs.subscriptionPlacementSummary From e69df5f299348a62d191c87d5f24d1ea9756cbcc Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Wed, 12 Feb 2025 00:48:51 -0600 Subject: [PATCH 53/64] Update variable --- .../subscription-placement/tests/e2e/defaults/main.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep index b400cb4145..e3eef36951 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -17,7 +17,7 @@ param rootManagementGroupResourceId string = '' @secure() param subscriptionBillingScope string = '' -var rootManagementGroupId = split('/', rootManagementGroupResourceId)[4] +var rootManagementGroupId = last(split('/', rootManagementGroupResourceId)) // =============== // // Dependencies // From 1e31ce24507010c6307c6b8a1853d3f4e5ad3bc8 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Wed, 12 Feb 2025 00:55:02 -0600 Subject: [PATCH 54/64] Adding check --- .../subscription-placement/tests/e2e/defaults/main.test.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep index e3eef36951..4e3913046f 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -17,7 +17,7 @@ param rootManagementGroupResourceId string = '' @secure() param subscriptionBillingScope string = '' -var rootManagementGroupId = last(split('/', rootManagementGroupResourceId)) +var rootManagementGroupId = empty(rootManagementGroupResourceId) ? '' : last(split('/', rootManagementGroupResourceId)) // =============== // // Dependencies // @@ -55,7 +55,7 @@ module testDeployment '../../../main.bicep' = { // =============== // module cleanup '../../../main.bicep' = { - name: '${uniqueString(deployment().name, namePrefix)}-test-${serviceShort}' + name: '${uniqueString(deployment().name, namePrefix)}-cleanup-${serviceShort}' dependsOn: [ testDeployment ] From ddcf9a17f58e3e3249ecf726cbdfe8e7d9e014eb Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Wed, 12 Feb 2025 01:02:29 -0600 Subject: [PATCH 55/64] Testing another cleanup approach --- .../tests/e2e/defaults/main.test.bicep | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep index 4e3913046f..57a020d9da 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -13,12 +13,14 @@ param serviceShort string = 'subplmin' @secure() param rootManagementGroupResourceId string = '' +@description('Required. The root management group ID where the subscriptions will be placed. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-RootManagementGroupId\'.') +@secure() +param rootManagementGroupId string = '' + @description('Required. The scope of the subscription billing. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-SubscriptionBillingScope\'.') @secure() param subscriptionBillingScope string = '' -var rootManagementGroupId = empty(rootManagementGroupResourceId) ? '' : last(split('/', rootManagementGroupResourceId)) - // =============== // // Dependencies // // =============== // From 3afdaf6ac452385e86ebb89ecb1987d08856bc8e Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Wed, 12 Feb 2025 13:04:30 -0600 Subject: [PATCH 56/64] Use lz-vending mgmt for cleanup --- .../tests/e2e/defaults/main.test.bicep | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep index 57a020d9da..e30cbdd956 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -13,10 +13,6 @@ param serviceShort string = 'subplmin' @secure() param rootManagementGroupResourceId string = '' -@description('Required. The root management group ID where the subscriptions will be placed. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-RootManagementGroupId\'.') -@secure() -param rootManagementGroupId string = '' - @description('Required. The scope of the subscription billing. This value is tenant-specific and must be stored in the CI Key Vault in a secret named \'CI-SubscriptionBillingScope\'.') @secure() param subscriptionBillingScope string = '' @@ -64,7 +60,7 @@ module cleanup '../../../main.bicep' = { params: { parSubscriptionPlacement: [ { - managementGroupId: rootManagementGroupId + managementGroupId: 'bicep-lz-vending-automation-child' subscriptionIds: [ dependencies.outputs.subVendingSubscriptionId ] From 5823705d36eede24cd72cf3bd2bf67a1e569d584 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Wed, 12 Feb 2025 13:10:12 -0600 Subject: [PATCH 57/64] Get rid of warning --- avm/ptn/mgmt-groups/subscription-placement/main.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/main.bicep b/avm/ptn/mgmt-groups/subscription-placement/main.bicep index 0518da24e5..643f0597bd 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/main.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/main.bicep @@ -9,7 +9,7 @@ metadata owner = 'Azure/module-maintainers' // ------------------ @description('Required. The management group IDs along with the subscriptions to be placed underneath them.') -param parSubscriptionPlacement subscriptionPlacementType +param parSubscriptionPlacement subscriptionPlacementType[] @description('Optional. Location for all resources.') param location string = deployment().location @@ -63,4 +63,4 @@ type subscriptionPlacementType = { managementGroupId: string @description('Required. The list of subscription IDs to be placed underneath the management group.') subscriptionIds: string[] -}[] +} From 38ae8889fbde2c1a8b4bb30b4af5ebc6877c488f Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Wed, 12 Feb 2025 13:17:32 -0600 Subject: [PATCH 58/64] Update json --- .../subscription-placement/main.json | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/main.json b/avm/ptn/mgmt-groups/subscription-placement/main.json index f53111cc4e..bdd798c56b 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/main.json +++ b/avm/ptn/mgmt-groups/subscription-placement/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.33.13.18514", - "templateHash": "13288442843261887605" + "templateHash": "2325138724313533895" }, "name": "subscription-placement", "description": "This module allows for placement of subscriptions to management groups ", @@ -14,24 +14,21 @@ }, "definitions": { "subscriptionPlacementType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "managementGroupId": { - "type": "string", - "metadata": { - "description": "Required. The ID of the management group." - } + "type": "object", + "properties": { + "managementGroupId": { + "type": "string", + "metadata": { + "description": "Required. The ID of the management group." + } + }, + "subscriptionIds": { + "type": "array", + "items": { + "type": "string" }, - "subscriptionIds": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. The list of subscription IDs to be placed underneath the management group." - } + "metadata": { + "description": "Required. The list of subscription IDs to be placed underneath the management group." } } } @@ -39,7 +36,10 @@ }, "parameters": { "parSubscriptionPlacement": { - "$ref": "#/definitions/subscriptionPlacementType", + "type": "array", + "items": { + "$ref": "#/definitions/subscriptionPlacementType" + }, "metadata": { "description": "Required. The management group IDs along with the subscriptions to be placed underneath them." } From 83f06b00cd793020f6a7ebc45ff5083bf6dfd480 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Wed, 12 Feb 2025 13:36:59 -0600 Subject: [PATCH 59/64] Test change --- .../tests/e2e/defaults/main.test.bicep | 21 ------------------- 1 file changed, 21 deletions(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep index e30cbdd956..c62243ed5d 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/main.test.bicep @@ -48,26 +48,5 @@ module testDeployment '../../../main.bicep' = { } } -// =============== // -// Clean Up // -// =============== // - -module cleanup '../../../main.bicep' = { - name: '${uniqueString(deployment().name, namePrefix)}-cleanup-${serviceShort}' - dependsOn: [ - testDeployment - ] - params: { - parSubscriptionPlacement: [ - { - managementGroupId: 'bicep-lz-vending-automation-child' - subscriptionIds: [ - dependencies.outputs.subVendingSubscriptionId - ] - } - ] - } -} - @description('This output retrieves the subscription placement summary from the test deployment outputs.') output subscriptionPlacementSummary string = testDeployment.outputs.subscriptionPlacementSummary From 45b46c40ec682f6ba1bc8c0257588490d05bcb6f Mon Sep 17 00:00:00 2001 From: Zach Trocinski <30884663+oZakari@users.noreply.github.com> Date: Thu, 13 Feb 2025 12:24:08 -0600 Subject: [PATCH 60/64] Update avm/ptn/mgmt-groups/subscription-placement/main.bicep Co-authored-by: Alexander Sehr --- avm/ptn/mgmt-groups/subscription-placement/main.bicep | 1 - 1 file changed, 1 deletion(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/main.bicep b/avm/ptn/mgmt-groups/subscription-placement/main.bicep index 643f0597bd..12f1e23f5c 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/main.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/main.bicep @@ -2,7 +2,6 @@ targetScope = 'tenant' metadata name = 'subscription-placement' metadata description = 'This module allows for placement of subscriptions to management groups ' -metadata owner = 'Azure/module-maintainers' // ------------------ // PARAMETERS From f758b5572207ba178466aa944f18bc340a04a04a Mon Sep 17 00:00:00 2001 From: Zach Trocinski <30884663+oZakari@users.noreply.github.com> Date: Thu, 13 Feb 2025 12:24:21 -0600 Subject: [PATCH 61/64] Update avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep Co-authored-by: Alexander Sehr --- .../tests/e2e/defaults/dependencies.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep index 819feedfad..2ba4e6bac8 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep @@ -7,7 +7,7 @@ param rootManagementGroupResourceId string = '' @description('Required. The scope of the subscription billing.') @secure() -param subscriptionBillingScope string = '' +param subscriptionBillingScope string resource managementGroup 'Microsoft.Management/managementGroups@2023-04-01' = { name: 'test-mgmt-group' From 418b7142cb0f12e0dff7b57b11511ad9a4af1598 Mon Sep 17 00:00:00 2001 From: Zach Trocinski <30884663+oZakari@users.noreply.github.com> Date: Thu, 13 Feb 2025 12:24:30 -0600 Subject: [PATCH 62/64] Update avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep Co-authored-by: Alexander Sehr --- .../tests/e2e/defaults/dependencies.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep index 2ba4e6bac8..c737a20c3f 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/tests/e2e/defaults/dependencies.bicep @@ -2,7 +2,7 @@ targetScope = 'tenant' @description('Required. The root management group resource ID where the subscriptions will be placed.') @secure() -param rootManagementGroupResourceId string = '' +param rootManagementGroupResourceId string @description('Required. The scope of the subscription billing.') From d5dce0bcaac354377ea6931913750de4aa8a934f Mon Sep 17 00:00:00 2001 From: Zach Trocinski <30884663+oZakari@users.noreply.github.com> Date: Thu, 13 Feb 2025 12:24:40 -0600 Subject: [PATCH 63/64] Update avm/ptn/mgmt-groups/subscription-placement/modules/helper.bicep Co-authored-by: Alexander Sehr --- avm/ptn/mgmt-groups/subscription-placement/modules/helper.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/avm/ptn/mgmt-groups/subscription-placement/modules/helper.bicep b/avm/ptn/mgmt-groups/subscription-placement/modules/helper.bicep index 30b16ce700..32476329c5 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/modules/helper.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/modules/helper.bicep @@ -3,7 +3,7 @@ targetScope = 'tenant' @description('The ID of the management group.') param managementGroupId string @description('The list of subscription IDs.') -param subscriptionIds array +param subscriptionIds string[] resource customSubscriptionPlacement 'Microsoft.Management/managementGroups/subscriptions@2023-04-01' = [ for (subscription, i) in subscriptionIds: { From e67776de54b177957a125406843865b4abb9d00f Mon Sep 17 00:00:00 2001 From: Zach Trocinski <30884663+oZakari@users.noreply.github.com> Date: Thu, 13 Feb 2025 12:24:53 -0600 Subject: [PATCH 64/64] Update avm/ptn/mgmt-groups/subscription-placement/main.bicep Co-authored-by: Alexander Sehr --- avm/ptn/mgmt-groups/subscription-placement/main.bicep | 2 ++ 1 file changed, 2 insertions(+) diff --git a/avm/ptn/mgmt-groups/subscription-placement/main.bicep b/avm/ptn/mgmt-groups/subscription-placement/main.bicep index 12f1e23f5c..d80dd04d8f 100644 --- a/avm/ptn/mgmt-groups/subscription-placement/main.bicep +++ b/avm/ptn/mgmt-groups/subscription-placement/main.bicep @@ -57,6 +57,8 @@ output subscriptionPlacementSummary string = 'Subscription placements have been // Definitions // // =============== // +@export() +@description('The type for a subscription placement.') type subscriptionPlacementType = { @description('Required. The ID of the management group.') managementGroupId: string