diff --git a/infra/main.bicep b/infra/main.bicep index 36625dc2..e884931f 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -447,6 +447,7 @@ module avmKeyVault './modules/key-vault.bicep' = { { principalId: avmManagedIdentity.outputs.principalId roleDefinitionIdOrName: 'Key Vault Administrator' + principalType: 'ServicePrincipal' } ] enablePurgeProtection: false @@ -503,6 +504,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.20.0' = { { principalId: avmManagedIdentity.outputs.principalId roleDefinitionIdOrName: 'Storage Blob Data Contributor' + principalType: 'ServicePrincipal' } { roleDefinitionIdOrName: 'Storage Blob Data Contributor' @@ -598,6 +600,7 @@ module avmAiServices 'modules/account/main.bicep' = { { principalId: avmManagedIdentity.outputs.principalId roleDefinitionIdOrName: '8e3af657-a8ff-443c-a75c-2fe8c4bcb635' // Owner role + principalType: 'ServicePrincipal' } { principalId: avmContainerApp.outputs.systemAssignedMIPrincipalId! @@ -1089,14 +1092,17 @@ module avmAppConfig 'br/public:avm/res/app-configuration/configuration-store:0.6 { principalId: avmContainerApp.outputs.?systemAssignedMIPrincipalId! roleDefinitionIdOrName: 'App Configuration Data Reader' + principalType: 'ServicePrincipal' } { principalId: avmContainerApp_API.outputs.?systemAssignedMIPrincipalId! roleDefinitionIdOrName: 'App Configuration Data Reader' + principalType: 'ServicePrincipal' } { principalId: avmContainerApp_Web.outputs.?systemAssignedMIPrincipalId! roleDefinitionIdOrName: 'App Configuration Data Reader' + principalType: 'ServicePrincipal' } ] keyValues: [ diff --git a/infra/main.json b/infra/main.json index bd2c8a0f..48ed4119 100644 --- a/infra/main.json +++ b/infra/main.json @@ -255,7 +255,7 @@ "diagnosticSettings": { "value": [ { - "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]" + "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]" } ] }, @@ -935,7 +935,7 @@ "diagnosticSettings": { "value": [ { - "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]" + "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]" } ] }, @@ -1680,7 +1680,7 @@ "diagnosticSettings": { "value": [ { - "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]" + "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]" } ] }, @@ -2360,7 +2360,7 @@ "diagnosticSettings": { "value": [ { - "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]" + "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]" } ] }, @@ -3045,7 +3045,7 @@ "diagnosticSettings": { "value": [ { - "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]" + "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]" } ] }, @@ -11024,15 +11024,15 @@ "outputs": { "resourceId": { "type": "string", - "value": "[if(variables('useExistingWorkspace'), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('existingLawSubscription'), variables('existingLawResourceGroup')), 'Microsoft.OperationalInsights/workspaces', variables('existingLawName')), reference('logAnalyticsWorkspace').outputs.resourceId.value)]" + "value": "[if(variables('useExistingWorkspace'), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('existingLawSubscription'), variables('existingLawResourceGroup')), 'Microsoft.OperationalInsights/workspaces', variables('existingLawName')), listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_new_log_analytics_workspace'), '2022-09-01').resourceId)]" }, "logAnalyticsWorkspaceId": { "type": "string", - "value": "[if(variables('useExistingWorkspace'), reference('existingLogAnalyticsWorkspace').customerId, reference('logAnalyticsWorkspace').outputs.logAnalyticsWorkspaceId.value)]" + "value": "[if(variables('useExistingWorkspace'), reference('existingLogAnalyticsWorkspace').customerId, listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_new_log_analytics_workspace'), '2022-09-01').logAnalyticsWorkspaceId)]" }, "primarySharedKey": { "type": "securestring", - "value": "[if(variables('useExistingWorkspace'), if(variables('useExistingWorkspace'), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('existingLawSubscription'), variables('existingLawResourceGroup')), 'Microsoft.OperationalInsights/workspaces', variables('existingLawName')), '2020-08-01'), listOutputsWithSecureValues('logAnalyticsWorkspace', '2022-09-01').primarySharedKey).primarySharedKey, listOutputsWithSecureValues('logAnalyticsWorkspace', '2022-09-01').primarySharedKey)]" + "value": "[if(variables('useExistingWorkspace'), if(variables('useExistingWorkspace'), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', variables('existingLawSubscription'), variables('existingLawResourceGroup')), 'Microsoft.OperationalInsights/workspaces', variables('existingLawName')), '2020-08-01'), listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_new_log_analytics_workspace'), '2022-09-01').primarySharedKey).primarySharedKey, listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_new_log_analytics_workspace'), '2022-09-01').primarySharedKey)]" } } } @@ -11055,12 +11055,12 @@ "value": "[parameters('location')]" }, "workspaceResourceId": { - "value": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]" + "value": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]" }, "diagnosticSettings": { "value": [ { - "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]" + "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]" } ] }, @@ -12335,7 +12335,8 @@ "value": [ { "principalId": "[reference('avmManagedIdentity').outputs.principalId.value]", - "roleDefinitionIdOrName": "Key Vault Administrator" + "roleDefinitionIdOrName": "Key Vault Administrator", + "principalType": "ServicePrincipal" } ] }, @@ -12368,7 +12369,7 @@ }, "publicNetworkAccess": "[if(parameters('enablePrivateNetworking'), createObject('value', 'Disabled'), createObject('value', 'Enabled'))]", "logAnalyticsWorkspaceResourceId": { - "value": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]" + "value": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]" }, "networkAcls": { "value": { @@ -19157,7 +19158,8 @@ "value": [ { "principalId": "[reference('avmManagedIdentity').outputs.principalId.value]", - "roleDefinitionIdOrName": "Storage Blob Data Contributor" + "roleDefinitionIdOrName": "Storage Blob Data Contributor", + "principalType": "ServicePrincipal" }, { "roleDefinitionIdOrName": "Storage Blob Data Contributor", @@ -24952,7 +24954,7 @@ "diagnosticSettings": { "value": [ { - "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]" + "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]" } ] }, @@ -24960,7 +24962,8 @@ "value": [ { "principalId": "[reference('avmManagedIdentity').outputs.principalId.value]", - "roleDefinitionIdOrName": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635" + "roleDefinitionIdOrName": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635", + "principalType": "ServicePrincipal" }, { "principalId": "[reference('avmContainerApp').outputs.systemAssignedMIPrincipalId.value]", @@ -26259,7 +26262,7 @@ "_generator": { "name": "bicep", "version": "0.36.177.2456", - "templateHash": "11270933172961789567" + "templateHash": "4128376395637895528" } }, "definitions": { @@ -28068,7 +28071,7 @@ "_generator": { "name": "bicep", "version": "0.36.177.2456", - "templateHash": "9150529619101779014" + "templateHash": "1200612323329026557" } }, "definitions": { @@ -30643,9 +30646,9 @@ "dependsOn": [ "avmContainerApp", "avmManagedIdentity", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]", "avmVirtualNetwork", "logAnalyticsWorkspace" @@ -33020,8 +33023,8 @@ "value": { "destination": "log-analytics", "logAnalyticsConfiguration": { - "customerId": "[reference('logAnalyticsWorkspace').outputs.logAnalyticsWorkspaceId.value]", - "sharedKey": "[listOutputsWithSecureValues('logAnalyticsWorkspace', '2022-09-01').primarySharedKey]" + "customerId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').logAnalyticsWorkspaceId]", + "sharedKey": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').primarySharedKey]" } } }, @@ -42901,7 +42904,7 @@ "diagnosticSettings": { "value": [ { - "workspaceResourceId": "[reference('logAnalyticsWorkspace').outputs.resourceId.value]", + "workspaceResourceId": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', 'deploy_log_analytics_workspace'), '2022-09-01').resourceId]", "logCategoriesAndGroups": [ { "categoryGroup": "allLogs", @@ -42919,15 +42922,18 @@ "value": [ { "principalId": "[tryGet(tryGet(reference('avmContainerApp').outputs, 'systemAssignedMIPrincipalId'), 'value')]", - "roleDefinitionIdOrName": "App Configuration Data Reader" + "roleDefinitionIdOrName": "App Configuration Data Reader", + "principalType": "ServicePrincipal" }, { "principalId": "[tryGet(tryGet(reference('avmContainerApp_API').outputs, 'systemAssignedMIPrincipalId'), 'value')]", - "roleDefinitionIdOrName": "App Configuration Data Reader" + "roleDefinitionIdOrName": "App Configuration Data Reader", + "principalType": "ServicePrincipal" }, { "principalId": "[tryGet(tryGet(reference('avmContainerApp_Web').outputs, 'systemAssignedMIPrincipalId'), 'value')]", - "roleDefinitionIdOrName": "App Configuration Data Reader" + "roleDefinitionIdOrName": "App Configuration Data Reader", + "principalType": "ServicePrincipal" } ] }, @@ -42999,11 +43005,11 @@ }, { "name": "APP_STORAGE_BLOB_URL", - "value": "[reference('avmStorageAccount').outputs.serviceEndpoints.value.blob]" + "value": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', format(parameters('resourceNameFormatString'), 'st')), '2022-09-01').serviceEndpoints.blob]" }, { "name": "APP_STORAGE_QUEUE_URL", - "value": "[reference('avmStorageAccount').outputs.serviceEndpoints.value.queue]" + "value": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', format(parameters('resourceNameFormatString'), 'st')), '2022-09-01').serviceEndpoints.queue]" }, { "name": "APP_AI_PROJECT_ENDPOINT", @@ -43011,7 +43017,7 @@ }, { "name": "APP_COSMOS_CONNSTR", - "value": "[listOutputsWithSecureValues('avmCosmosDB', '2022-09-01').primaryReadWriteConnectionString]" + "value": "[listOutputsWithSecureValues(resourceId('Microsoft.Resources/deployments', format(parameters('resourceNameFormatString'), 'cosmos-')), '2022-09-01').primaryReadWriteConnectionString]" } ] },