diff --git a/infra/main.bicep b/infra/main.bicep index 0a51a646..1c815935 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -145,7 +145,7 @@ var existingProjectResourceId = trim(existingFoundryProjectResourceId) // ========== AVM Telemetry ========== // #disable-next-line no-deployments-resources -resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableTelemetry) { +resource avmTelemetry 'Microsoft.Resources/deployments@2025-04-01' = if (enableTelemetry) { name: take( '46d3xbcp.ptn.sa-contentprocessing.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}', 64 @@ -197,7 +197,7 @@ module virtualNetwork './modules/virtualNetwork.bicep' = if (enablePrivateNetwor // Azure Bastion Host var bastionHostName = 'bas-${solutionSuffix}' -module bastionHost 'br/public:avm/res/network/bastion-host:0.8.0' = if (enablePrivateNetworking) { +module bastionHost 'br/public:avm/res/network/bastion-host:0.8.2' = if (enablePrivateNetworking) { name: take('avm.res.network.bastion-host.${bastionHostName}', 64) params: { name: bastionHostName @@ -230,7 +230,7 @@ module bastionHost 'br/public:avm/res/network/bastion-host:0.8.0' = if (enablePr // Jumpbox Virtual Machine var jumpboxVmName = take('vm-${solutionSuffix}', 15) -module jumpboxVM 'br/public:avm/res/compute/virtual-machine:0.20.0' = if (enablePrivateNetworking) { +module jumpboxVM 'br/public:avm/res/compute/virtual-machine:0.22.0' = if (enablePrivateNetworking) { name: take('avm.res.compute.virtual-machine.${jumpboxVmName}', 64) params: { name: jumpboxVmName @@ -331,7 +331,7 @@ module jumpboxVM 'br/public:avm/res/compute/virtual-machine:0.20.0' = if (enable } } -module maintenanceConfiguration 'br/public:avm/res/maintenance/maintenance-configuration:0.3.2' = if (enablePrivateNetworking) { +module maintenanceConfiguration 'br/public:avm/res/maintenance/maintenance-configuration:0.4.0' = if (enablePrivateNetworking) { name: take('avm.res.maintenance-configuration.${jumpboxVmName}', 64) params: { name: 'mc-${jumpboxVmName}' @@ -369,7 +369,7 @@ module maintenanceConfiguration 'br/public:avm/res/maintenance/maintenance-confi var dataCollectionRulesResourceName = 'dcr-${solutionSuffix}' var dataCollectionRulesLocation = logAnalyticsWorkspace!.outputs.location -module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-rule:0.8.0' = if (enablePrivateNetworking && enableMonitoring) { +module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-rule:0.11.0' = if (enablePrivateNetworking && enableMonitoring) { name: take('avm.res.insights.data-collection-rule.${dataCollectionRulesResourceName}', 64) params: { name: dataCollectionRulesResourceName @@ -520,7 +520,7 @@ var dnsZoneIndex = { } @batchSize(5) -module avmPrivateDnsZones 'br/public:avm/res/network/private-dns-zone:0.8.0' = [ +module avmPrivateDnsZones 'br/public:avm/res/network/private-dns-zone:0.8.1' = [ for (zone, i) in privateDnsZones: if (enablePrivateNetworking) { name: take('avm.res.network.private-dns-zone.${split(zone, '.')[1]}', 64) params: { @@ -547,7 +547,7 @@ module logAnalyticsWorkspace 'modules/log-analytics-workspace.bicep' = if (enabl } } -module applicationInsights 'br/public:avm/res/insights/component:0.7.0' = if (enableMonitoring) { +module applicationInsights 'br/public:avm/res/insights/component:0.7.1' = if (enableMonitoring) { name: take('avm.res.insights.component.${solutionSuffix}', 64) params: { name: 'appi-${solutionSuffix}' @@ -623,7 +623,7 @@ module avmContainerRegistry 'modules/container-registry.bicep' = { } // // ========== Storage Account ========== // -module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.28.0' = { +module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.32.0' = { name: take('module.storage-account.${solutionSuffix}', 64) params: { name: 'st${replace(solutionSuffix, '-', '')}' @@ -789,7 +789,7 @@ module avmAiServices 'modules/account/aifoundry.bicep' = { } } -module cognitiveServicePrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.8.1' = if (enablePrivateNetworking && empty(existingProjectResourceId)) { +module cognitiveServicePrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.12.0' = if (enablePrivateNetworking && empty(existingProjectResourceId)) { name: take('avm.res.network.private-endpoint.${solutionSuffix}', 64) params: { name: 'pep-aiservices-${solutionSuffix}' @@ -829,7 +829,7 @@ module cognitiveServicePrivateEndpoint 'br/public:avm/res/network/private-endpoi } } -module avmAiServices_cu 'br/public:avm/res/cognitive-services/account:0.14.1' = { +module avmAiServices_cu 'br/public:avm/res/cognitive-services/account:0.14.2' = { name: take('avm.res.cognitive-services.account.content-understanding.${solutionSuffix}', 64) params: { @@ -871,7 +871,7 @@ module avmAiServices_cu 'br/public:avm/res/cognitive-services/account:0.14.1' = } } -module contentUnderstandingPrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.8.1' = if (enablePrivateNetworking) { +module contentUnderstandingPrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.12.0' = if (enablePrivateNetworking) { name: take('avm.res.network.private-endpoint.aicu-${solutionSuffix}', 64) params: { name: 'pep-aicu-${solutionSuffix}' @@ -908,7 +908,7 @@ module contentUnderstandingPrivateEndpoint 'br/public:avm/res/network/private-en } // ========== Container App Environment ========== // -module avmContainerAppEnv 'br/public:avm/res/app/managed-environment:0.11.3' = { +module avmContainerAppEnv 'br/public:avm/res/app/managed-environment:0.13.2' = { name: take('avm.res.app.managed-environment.${solutionSuffix}', 64) params: { name: 'cae-${solutionSuffix}' @@ -921,10 +921,7 @@ module avmContainerAppEnv 'br/public:avm/res/app/managed-environment:0.11.3' = { appLogsConfiguration: enableMonitoring ? { destination: 'log-analytics' - logAnalyticsConfiguration: { - customerId: logAnalyticsWorkspace!.outputs.logAnalyticsWorkspaceId - sharedKey: logAnalyticsWorkspace.outputs.primarySharedKey - } + logAnalyticsWorkspaceResourceId: logAnalyticsWorkspace!.outputs.resourceId } : null workloadProfiles: [ @@ -948,7 +945,7 @@ module avmContainerAppEnv 'br/public:avm/res/app/managed-environment:0.11.3' = { } // //=========== Managed Identity for Container Registry ========== // -module avmContainerRegistryReader 'br/public:avm/res/managed-identity/user-assigned-identity:0.4.2' = { +module avmContainerRegistryReader 'br/public:avm/res/managed-identity/user-assigned-identity:0.5.0' = { name: take('avm.res.managed-identity.user-assigned-identity.${solutionSuffix}', 64) params: { name: 'id-acr-${solutionSuffix}' @@ -959,7 +956,7 @@ module avmContainerRegistryReader 'br/public:avm/res/managed-identity/user-assig } // ========== Container App ========== // -module avmContainerApp 'br/public:avm/res/app/container-app:0.19.0' = { +module avmContainerApp 'br/public:avm/res/app/container-app:0.22.1' = { name: take('avm.res.app.container-app.${solutionSuffix}', 64) params: { name: 'ca-${solutionSuffix}-app' @@ -1028,7 +1025,7 @@ module avmContainerApp 'br/public:avm/res/app/container-app:0.19.0' = { } // ========== Container App API ========== // -module avmContainerApp_API 'br/public:avm/res/app/container-app:0.19.0' = { +module avmContainerApp_API 'br/public:avm/res/app/container-app:0.22.1' = { name: take('avm.res.app.container-app-api.${solutionSuffix}', 64) params: { name: 'ca-${solutionSuffix}-api' @@ -1159,7 +1156,7 @@ module avmContainerApp_API 'br/public:avm/res/app/container-app:0.19.0' = { } //========== Container App Web ========== // -module avmContainerApp_Web 'br/public:avm/res/app/container-app:0.19.0' = { +module avmContainerApp_Web 'br/public:avm/res/app/container-app:0.22.1' = { name: take('avm.res.app.container-app-web.${solutionSuffix}', 64) params: { name: 'ca-${solutionSuffix}-web' @@ -1241,7 +1238,7 @@ module avmContainerApp_Web 'br/public:avm/res/app/container-app:0.19.0' = { } // ========== Container App Workflow ========== // -module avmContainerApp_Workflow 'br/public:avm/res/app/container-app:0.19.0' = { +module avmContainerApp_Workflow 'br/public:avm/res/app/container-app:0.22.1' = { name: take('avm.res.app.container-app-wkfl.${solutionSuffix}', 64) params: { name: 'ca-${solutionSuffix}-wkfl' @@ -1308,7 +1305,7 @@ module avmContainerApp_Workflow 'br/public:avm/res/app/container-app:0.19.0' = { } // ========== Cosmos Database for Mongo DB ========== // -module avmCosmosDB 'br/public:avm/res/document-db/database-account:0.18.0' = { +module avmCosmosDB 'br/public:avm/res/document-db/database-account:0.19.0' = { name: take('avm.res.document-db.database-account.${solutionSuffix}', 64) params: { name: 'cosmos-${solutionSuffix}' @@ -1620,7 +1617,7 @@ module avmAppConfig_update 'br/public:avm/res/app-configuration/configuration-st } // ========== Container App Update Modules ========== // -module avmContainerApp_update 'br/public:avm/res/app/container-app:0.19.0' = { +module avmContainerApp_update 'br/public:avm/res/app/container-app:0.22.1' = { name: take('avm.res.app.container-app-update.${solutionSuffix}', 64) params: { name: 'ca-${solutionSuffix}-app' @@ -1703,7 +1700,7 @@ module avmContainerApp_update 'br/public:avm/res/app/container-app:0.19.0' = { ] } -module avmContainerApp_API_update 'br/public:avm/res/app/container-app:0.19.0' = { +module avmContainerApp_API_update 'br/public:avm/res/app/container-app:0.22.1' = { name: take('avm.res.app.container-app-api.update.${solutionSuffix}', 64) params: { name: 'ca-${solutionSuffix}-api' @@ -1838,7 +1835,7 @@ module avmContainerApp_API_update 'br/public:avm/res/app/container-app:0.19.0' = } // ========== Container App Workflow Update ========== // -module avmContainerApp_Workflow_update 'br/public:avm/res/app/container-app:0.19.0' = { +module avmContainerApp_Workflow_update 'br/public:avm/res/app/container-app:0.22.1' = { name: take('avm.res.app.container-app-wkfl.update.${solutionSuffix}', 64) params: { name: 'ca-${solutionSuffix}-wkfl' diff --git a/infra/main.json b/infra/main.json index 32967e4c..b03ea447 100644 --- a/infra/main.json +++ b/infra/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "5718783598601616074" + "version": "0.42.1.51946", + "templateHash": "14609948803601664660" }, "name": "Content Processing Solution Accelerator", "description": "Bicep template to deploy the Content Processing Solution Accelerator with AVM compliance." @@ -283,7 +283,7 @@ "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", + "apiVersion": "2025-04-01", "name": "[take(format('46d3xbcp.ptn.sa-contentprocessing.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4)), 64)]", "properties": { "mode": "Incremental", @@ -348,8 +348,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "4055670269816744382" + "version": "0.42.1.51946", + "templateHash": "10219602196309243204" } }, "definitions": { @@ -823,8 +823,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.5.1644", - "templateHash": "11959948740766233645" + "version": "0.41.2.15936", + "templateHash": "7311263652424030280" }, "name": "Network Security Groups", "description": "This module deploys a Network security Group (NSG)." @@ -1083,7 +1083,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if only logs are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -1120,7 +1120,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -1195,7 +1195,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -1262,7 +1262,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Network/networkSecurityGroups@2024-07-01#properties/tags" + "source": "Microsoft.Network/networkSecurityGroups@2025-05-01#properties/tags" }, "description": "Optional. Tags of the NSG resource." }, @@ -1298,7 +1298,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-networksecuritygroup.{0}.{1}', replace('0.5.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-networksecuritygroup.{0}.{1}', replace('0.5.3', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1316,7 +1316,7 @@ }, "networkSecurityGroup": { "type": "Microsoft.Network/networkSecurityGroups", - "apiVersion": "2023-11-01", + "apiVersion": "2025-05-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -1354,7 +1354,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -1371,7 +1371,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -1403,7 +1403,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/networkSecurityGroups/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/networkSecurityGroups', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -1446,7 +1446,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('networkSecurityGroup', '2023-11-01', 'full').location]" + "value": "[reference('networkSecurityGroup', '2025-05-01', 'full').location]" } } } @@ -1514,8 +1514,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "2664911502866882749" + "version": "0.42.1.51946", + "templateHash": "14370126050175308430" }, "name": "Virtual Networks", "description": "This module deploys a Virtual Network (vNet)." @@ -2181,6 +2181,17 @@ "metadata": { "description": "Optional. Indicates if VM protection is enabled for all the subnets in the virtual network." } + }, + "enablePrivateEndpointVNetPolicies": { + "type": "string", + "defaultValue": "Disabled", + "allowedValues": [ + "Basic", + "Disabled" + ], + "metadata": { + "description": "Optional. Enables high scale private endpoints for the virtual network. This is necessary if the virtual network requires more than 1000 private endpoints or is peered to virtual networks with a total of more than 4000 private endpoints." + } } }, "variables": { @@ -2206,7 +2217,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-virtualnetwork.{0}.{1}', replace('0.7.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-virtualnetwork.{0}.{1}', replace('0.8.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -2236,14 +2247,15 @@ "enableDdosProtection": "[not(empty(parameters('ddosProtectionPlanResourceId')))]", "encryption": "[if(equals(parameters('vnetEncryption'), true()), createObject('enabled', parameters('vnetEncryption'), 'enforcement', parameters('vnetEncryptionEnforcement')), null())]", "flowTimeoutInMinutes": "[if(not(equals(parameters('flowTimeoutInMinutes'), 0)), parameters('flowTimeoutInMinutes'), null())]", - "enableVmProtection": "[parameters('enableVmProtection')]" + "enableVmProtection": "[parameters('enableVmProtection')]", + "privateEndpointVNetPolicies": "[parameters('enablePrivateEndpointVNetPolicies')]" } }, "virtualNetwork_lock": { "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -2260,7 +2272,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -2301,7 +2313,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/virtualNetworks/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/virtualNetworks', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/virtualNetworks', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -2324,8 +2336,8 @@ "batchSize": 1 }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-subnet-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-subnet-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2394,8 +2406,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "4996741504223307485" + "version": "0.42.1.51946", + "templateHash": "17113728662177315319" }, "name": "Virtual Network Subnets", "description": "This module deploys a Virtual Network Subnet." @@ -2651,7 +2663,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-virtualnetworksubnet.{0}.{1}', replace('0.1.3', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.network-virtualnetworksubnet.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -2709,7 +2721,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/virtualNetworks/{0}/subnets/{1}', parameters('virtualNetworkName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -2781,8 +2793,8 @@ "count": "[length(coalesce(parameters('peerings'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-virtualNetworkPeering-local-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-virtualNetworkPeering-local-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -2812,6 +2824,9 @@ }, "useRemoteGateways": { "value": "[tryGet(coalesce(parameters('peerings'), createArray())[copyIndex()], 'useRemoteGateways')]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" } }, "template": { @@ -2820,8 +2835,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13145570087766698031" + "version": "0.42.1.51946", + "templateHash": "17951311301958631828" }, "name": "Virtual Network Peerings", "description": "This module deploys a Virtual Network Peering." @@ -2840,6 +2855,13 @@ "description": "Conditional. The name of the parent Virtual Network to add the peering to. Required if the template is used in a standalone deployment." } }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + }, "remoteVirtualNetworkResourceId": { "type": "string", "metadata": { @@ -2883,6 +2905,26 @@ } }, "resources": [ + { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2024-03-01", + "name": "[format('46d3xbcp.res.network-virtualnetwork-peering.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, { "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", "apiVersion": "2024-01-01", @@ -2936,8 +2978,8 @@ }, "condition": "[coalesce(tryGet(coalesce(parameters('peerings'), createArray())[copyIndex()], 'remotePeeringEnabled'), false())]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-virtualNetworkPeering-remote-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-virtualNetworkPeering-remote-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "subscriptionId": "[split(coalesce(parameters('peerings'), createArray())[copyIndex()].remoteVirtualNetworkResourceId, '/')[2]]", "resourceGroup": "[split(coalesce(parameters('peerings'), createArray())[copyIndex()].remoteVirtualNetworkResourceId, '/')[4]]", "properties": { @@ -2969,6 +3011,9 @@ }, "useRemoteGateways": { "value": "[tryGet(coalesce(parameters('peerings'), createArray())[copyIndex()], 'remotePeeringUseRemoteGateways')]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" } }, "template": { @@ -2977,8 +3022,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13145570087766698031" + "version": "0.42.1.51946", + "templateHash": "17951311301958631828" }, "name": "Virtual Network Peerings", "description": "This module deploys a Virtual Network Peering." @@ -2997,6 +3042,13 @@ "description": "Conditional. The name of the parent Virtual Network to add the peering to. Required if the template is used in a standalone deployment." } }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + }, "remoteVirtualNetworkResourceId": { "type": "string", "metadata": { @@ -3040,6 +3092,26 @@ } }, "resources": [ + { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2024-03-01", + "name": "[format('46d3xbcp.res.network-virtualnetwork-peering.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, { "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings", "apiVersion": "2024-01-01", @@ -3234,8 +3306,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "8154163068428418954" + "version": "0.39.26.7824", + "templateHash": "7741601918225805390" }, "name": "Bastion Hosts", "description": "This module deploys a Bastion Host." @@ -3429,7 +3501,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/public-ip-address:0.9.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/public-ip-address:0.10.0" } } }, @@ -3691,7 +3763,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/public-ip-address:0.9.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/public-ip-address:0.10.0" } } }, @@ -3713,7 +3785,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/public-ip-address:0.9.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/public-ip-address:0.10.0" } } }, @@ -4017,7 +4089,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-bastionhost.{0}.{1}', replace('0.8.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-bastionhost.{0}.{1}', replace('0.8.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -4035,7 +4107,7 @@ }, "azureBastion": { "type": "Microsoft.Network/bastionHosts", - "apiVersion": "2024-07-01", + "apiVersion": "2025-01-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[coalesce(parameters('tags'), createObject())]", @@ -4119,8 +4191,8 @@ "publicIPAddress": { "condition": "[and(and(empty(parameters('bastionSubnetPublicIpResourceId')), not(equals(parameters('skuName'), 'Developer'))), not(parameters('enablePrivateOnlyBastion')))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-Bastion-PIP', uniqueString(deployment().name, parameters('location')))]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-Bastion-PIP', uniqueString(subscription().id, resourceGroup().id, parameters('location')))]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -4186,8 +4258,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.36.177.2456", - "templateHash": "14921988046704902194" + "version": "0.39.26.7824", + "templateHash": "16564959277054027786" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address." @@ -4404,7 +4476,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if both logs & metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.2.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -4429,12 +4501,19 @@ "metadata": { "description": "Optional. Specify the type of lock." } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } } }, "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.2.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -4509,7 +4588,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.2.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } } @@ -4622,6 +4701,17 @@ "description": "Optional. The DDoS protection plan configuration associated with the public IP address." } }, + "deleteOption": { + "type": "string", + "nullable": true, + "allowedValues": [ + "Delete", + "Detach" + ], + "metadata": { + "description": "Optional. The delete option for the public IP address." + } + }, "location": { "type": "string", "defaultValue": "[resourceGroup().location]", @@ -4655,10 +4745,13 @@ }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2025-01-01#properties/tags" + }, "description": "Optional. Tags of the resource." - } + }, + "nullable": true }, "diagnosticSettings": { "type": "array", @@ -4697,7 +4790,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-publicipaddress.{0}.{1}', replace('0.9.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-publicipaddress.{0}.{1}', replace('0.10.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -4715,7 +4808,7 @@ }, "publicIpAddress": { "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2024-05-01", + "apiVersion": "2025-01-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -4731,7 +4824,8 @@ "publicIPAllocationMethod": "[parameters('publicIPAllocationMethod')]", "publicIPPrefix": "[if(not(empty(parameters('publicIpPrefixResourceId'))), createObject('id', parameters('publicIpPrefixResourceId')), null())]", "idleTimeoutInMinutes": "[parameters('idleTimeoutInMinutes')]", - "ipTags": "[parameters('ipTags')]" + "ipTags": "[parameters('ipTags')]", + "deleteOption": "[parameters('deleteOption')]" } }, "publicIpAddress_lock": { @@ -4742,7 +4836,7 @@ "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + "notes": "[coalesce(tryGet(parameters('lock'), 'notes'), if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.'))]" }, "dependsOn": [ "publicIpAddress" @@ -4846,7 +4940,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('publicIpAddress', '2024-05-01', 'full').location]" + "value": "[reference('publicIpAddress', '2025-01-01', 'full').location]" } } } @@ -4880,7 +4974,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('azureBastion', '2024-07-01', 'full').location]" + "value": "[reference('azureBastion', '2025-01-01', 'full').location]" }, "ipConfAzureBastionSubnet": { "type": "object", @@ -5032,8 +5126,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "10754907249846822047" + "version": "0.41.2.15936", + "templateHash": "17174537341033050778" }, "name": "Virtual Machines", "description": "This module deploys a Virtual Machine with one or multiple NICs and optionally one or multiple public IPs." @@ -5136,6 +5230,13 @@ "metadata": { "description": "Optional. Specifies the customer managed disk encryption set resource id for the managed disk." } + }, + "resourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specifies the resource id of a pre-existing managed disk. If the disk should be created, this property should be empty." + } } }, "metadata": { @@ -5247,7 +5348,7 @@ "description": "Optional. Specifies the customer managed disk encryption set resource id for the managed disk." } }, - "id": { + "resourceId": { "type": "string", "nullable": true, "metadata": { @@ -5261,10 +5362,13 @@ }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Compute/disks@2025-01-02#properties/tags" + }, "description": "Optional. The tags of the public IP address. Valid only when creating a new managed disk." - } + }, + "nullable": true } }, "metadata": { @@ -6057,7 +6161,7 @@ "type": "object", "properties": { "backendAddressPool": { - "$ref": "#/definitions/subResourceType", + "$ref": "#/definitions/_1.subResourceType", "nullable": true, "metadata": { "description": "Optional. A reference to backendAddressPool resource." @@ -6085,7 +6189,7 @@ } }, "frontendIPConfiguration": { - "$ref": "#/definitions/subResourceType", + "$ref": "#/definitions/_1.subResourceType", "nullable": true, "metadata": { "description": "Optional. A reference to frontend IP addresses." @@ -6138,6 +6242,24 @@ } } }, + "_1.subResourceType": { + "type": "object", + "properties": { + "id": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the sub resource." + } + } + }, + "metadata": { + "description": "The type for the sub resource.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/network-interface:0.5.1" + } + } + }, "_1.virtualNetworkTapType": { "type": "object", "properties": { @@ -6276,184 +6398,7 @@ } } }, - "_3.publicIPConfigurationType": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name of the Public IP Address." - } - }, - "publicIPAddressResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The resource ID of the public IP address." - } - }, - "diagnosticSettings": { - "type": "array", - "items": { - "$ref": "#/definitions/diagnosticSettingFullType" - }, - "nullable": true, - "metadata": { - "description": "Optional. Diagnostic settings for the public IP address." - } - }, - "location": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The idle timeout in minutes." - } - }, - "lock": { - "$ref": "#/definitions/lockType", - "nullable": true, - "metadata": { - "description": "Optional. The lock settings of the public IP address." - } - }, - "idleTimeoutInMinutes": { - "type": "int", - "nullable": true, - "metadata": { - "description": "Optional. The idle timeout of the public IP address." - } - }, - "ddosSettings": { - "$ref": "#/definitions/_2.ddosSettingsType", - "nullable": true, - "metadata": { - "description": "Optional. The DDoS protection plan configuration associated with the public IP address." - } - }, - "dnsSettings": { - "$ref": "#/definitions/_2.dnsSettingsType", - "nullable": true, - "metadata": { - "description": "Optional. The DNS settings of the public IP address." - } - }, - "publicIPAddressVersion": { - "type": "string", - "allowedValues": [ - "IPv4", - "IPv6" - ], - "nullable": true, - "metadata": { - "description": "Optional. The public IP address version." - } - }, - "publicIPAllocationMethod": { - "type": "string", - "allowedValues": [ - "Dynamic", - "Static" - ], - "nullable": true, - "metadata": { - "description": "Optional. The public IP address allocation method." - } - }, - "publicIpPrefixResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix." - } - }, - "publicIpNameSuffix": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name suffix of the public IP address resource." - } - }, - "roleAssignments": { - "type": "array", - "items": { - "$ref": "#/definitions/roleAssignmentType" - }, - "nullable": true, - "metadata": { - "description": "Optional. Array of role assignments to create." - } - }, - "skuName": { - "type": "string", - "allowedValues": [ - "Basic", - "Standard" - ], - "nullable": true, - "metadata": { - "description": "Optional. The SKU name of the public IP address." - } - }, - "skuTier": { - "type": "string", - "allowedValues": [ - "Global", - "Regional" - ], - "nullable": true, - "metadata": { - "description": "Optional. The SKU tier of the public IP address." - } - }, - "tags": { - "type": "object", - "metadata": { - "__bicep_resource_derived_type!": { - "source": "Microsoft.Network/publicIPAddresses@2024-07-01#properties/tags" - }, - "description": "Optional. The tags of the public IP address." - }, - "nullable": true - }, - "availabilityZones": { - "type": "array", - "allowedValues": [ - 1, - 2, - 3 - ], - "nullable": true, - "metadata": { - "description": "Optional. The zones of the public IP address." - } - }, - "ipTags": { - "type": "array", - "items": { - "$ref": "#/definitions/_2.ipTagType" - }, - "nullable": true, - "metadata": { - "description": "Optional. The list of tags associated with the public IP address." - } - }, - "enableTelemetry": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Enable/Disable usage telemetry for the module." - } - } - }, - "metadata": { - "description": "The type for the public IP address configuration.", - "__bicep_imported_from!": { - "sourceTemplate": "modules/nic-configuration.bicep" - } - } - }, - "diagnosticSettingFullType": { + "_3.diagnosticSettingFullType": { "type": "object", "properties": { "name": { @@ -6571,7 +6516,418 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if both logs & metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + } + } + }, + "_3.lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } + } + }, + "metadata": { + "description": "An AVM-aligned type for a lock.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + } + } + }, + "_3.roleAssignmentType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." + } + } + }, + "metadata": { + "description": "An AVM-aligned type for a role assignment.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + } + } + }, + "_4.publicIPConfigurationType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the Public IP Address." + } + }, + "publicIPAddressResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The resource ID of the public IP address." + } + }, + "diagnosticSettings": { + "type": "array", + "items": { + "$ref": "#/definitions/_3.diagnosticSettingFullType" + }, + "nullable": true, + "metadata": { + "description": "Optional. Diagnostic settings for the public IP address." + } + }, + "location": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The idle timeout in minutes." + } + }, + "lock": { + "$ref": "#/definitions/_3.lockType", + "nullable": true, + "metadata": { + "description": "Optional. The lock settings of the public IP address." + } + }, + "idleTimeoutInMinutes": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The idle timeout of the public IP address." + } + }, + "ddosSettings": { + "$ref": "#/definitions/_2.ddosSettingsType", + "nullable": true, + "metadata": { + "description": "Optional. The DDoS protection plan configuration associated with the public IP address." + } + }, + "dnsSettings": { + "$ref": "#/definitions/_2.dnsSettingsType", + "nullable": true, + "metadata": { + "description": "Optional. The DNS settings of the public IP address." + } + }, + "publicIPAddressVersion": { + "type": "string", + "allowedValues": [ + "IPv4", + "IPv6" + ], + "nullable": true, + "metadata": { + "description": "Optional. The public IP address version." + } + }, + "publicIPAllocationMethod": { + "type": "string", + "allowedValues": [ + "Dynamic", + "Static" + ], + "nullable": true, + "metadata": { + "description": "Optional. The public IP address allocation method." + } + }, + "publicIpPrefixResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix." + } + }, + "publicIpNameSuffix": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name suffix of the public IP address resource." + } + }, + "roleAssignments": { + "type": "array", + "items": { + "$ref": "#/definitions/_3.roleAssignmentType" + }, + "nullable": true, + "metadata": { + "description": "Optional. Array of role assignments to create." + } + }, + "skuName": { + "type": "string", + "allowedValues": [ + "Basic", + "Standard" + ], + "nullable": true, + "metadata": { + "description": "Optional. The SKU name of the public IP address." + } + }, + "skuTier": { + "type": "string", + "allowedValues": [ + "Global", + "Regional" + ], + "nullable": true, + "metadata": { + "description": "Optional. The SKU tier of the public IP address." + } + }, + "tags": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2024-07-01#properties/tags" + }, + "description": "Optional. The tags of the public IP address." + }, + "nullable": true + }, + "availabilityZones": { + "type": "array", + "allowedValues": [ + 1, + 2, + 3 + ], + "nullable": true, + "metadata": { + "description": "Optional. The zones of the public IP address." + } + }, + "ipTags": { + "type": "array", + "items": { + "$ref": "#/definitions/_2.ipTagType" + }, + "nullable": true, + "metadata": { + "description": "Optional. The list of tags associated with the public IP address." + } + }, + "enableTelemetry": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for the module." + } + } + }, + "metadata": { + "description": "The type for the public IP address configuration.", + "__bicep_imported_from!": { + "sourceTemplate": "modules/nic-configuration.bicep" + } + } + }, + "diagnosticSettingFullType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the diagnostic setting." + } + }, + "logCategoriesAndGroups": { + "type": "array", + "items": { + "type": "object", + "properties": { + "category": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here." + } + }, + "categoryGroup": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to `allLogs` to collect all logs." + } + }, + "enabled": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enable or disable the category explicitly. Default is `true`." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to `[]` to disable log collection." + } + }, + "metricCategories": { + "type": "array", + "items": { + "type": "object", + "properties": { + "category": { + "type": "string", + "metadata": { + "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to `AllMetrics` to collect all metrics." + } + }, + "enabled": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enable or disable the category explicitly. Default is `true`." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. The name of metrics that will be streamed. \"allMetrics\" includes all possible metrics for the resource. Set to `[]` to disable metric collection." + } + }, + "logAnalyticsDestinationType": { + "type": "string", + "allowedValues": [ + "AzureDiagnostics", + "Dedicated" + ], + "nullable": true, + "metadata": { + "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type." + } + }, + "workspaceResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "storageAccountResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "eventHubAuthorizationRuleResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." + } + }, + "eventHubName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "marketplacePartnerResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs." + } + } + }, + "metadata": { + "description": "An AVM-aligned type for a diagnostic setting. To be used if both logs & metrics are supported by the resource provider.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -6640,7 +6996,7 @@ } }, "gatewayLoadBalancer": { - "$ref": "#/definitions/subResourceType", + "$ref": "#/definitions/_1.subResourceType", "nullable": true, "metadata": { "description": "Optional. The gateway load balancer settings." @@ -6678,7 +7034,7 @@ } }, "pipConfiguration": { - "$ref": "#/definitions/_3.publicIPConfigurationType", + "$ref": "#/definitions/_4.publicIPConfigurationType", "nullable": true, "metadata": { "description": "Optional. The public IP address configuration." @@ -6687,7 +7043,7 @@ "diagnosticSettings": { "type": "array", "items": { - "$ref": "#/definitions/diagnosticSettingFullType" + "$ref": "#/definitions/_3.diagnosticSettingFullType" }, "nullable": true, "metadata": { @@ -6752,7 +7108,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -6780,7 +7136,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -6809,8 +7165,9 @@ } }, "metadata": { + "description": "The type for the network interface IP configuration output.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/network-interface:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/network-interface:0.5.3" } } }, @@ -6885,7 +7242,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -6903,7 +7260,7 @@ "metadata": { "description": "The type for the sub resource.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/network-interface:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/res/network/network-interface:0.5.3" } } } @@ -6937,15 +7294,13 @@ }, "securityType": { "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "ConfidentialVM", - "TrustedLaunch" - ], "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Compute/virtualMachines@2025-04-01#properties/properties/properties/securityProfile/properties/securityType" + }, "description": "Optional. Specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UefiSettings. The default behavior is: UefiSettings will not be enabled unless this property is set." - } + }, + "nullable": true }, "secureBootEnabled": { "type": "bool", @@ -6962,10 +7317,14 @@ } }, "imageReference": { - "$ref": "#/definitions/imageReferenceType", + "type": "object", "metadata": { - "description": "Required. OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image." - } + "__bicep_resource_derived_type!": { + "source": "Microsoft.Compute/virtualMachines@2025-04-01#properties/properties/properties/storageProfile/properties/imageReference" + }, + "description": "Conditional. OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. Required if not creating the VM from an existing os-disk via the `osDisk.managedDisk.resourceId` parameter." + }, + "nullable": true }, "plan": { "$ref": "#/definitions/planType", @@ -7006,15 +7365,16 @@ }, "adminUsername": { "type": "securestring", + "nullable": true, "metadata": { - "description": "Required. Administrator username." + "description": "Conditional. Administrator username. Required if no pre-existing OS-Disk is provided (osDisk.managedDisk.resourceId is not empty)." } }, "adminPassword": { "type": "securestring", "defaultValue": "", "metadata": { - "description": "Optional. When specifying a Windows Virtual Machine, this value should be passed." + "description": "Optional. When specifying a Windows Virtual Machine, and no pre-existing OS-Disk is provided (osDisk.managedDisk.resourceId is not empty), this value should be passed." } }, "userData": { @@ -7600,14 +7960,16 @@ "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", "VM Scanner Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd24ecba3-c1f4-40fa-a7bb-4588a071e8fd')]" - } + }, + "aadJoinSettings": "[coalesce(tryGet(parameters('extensionAadJoinConfig'), 'settings'), createObject())]", + "filteredAadJoinSettings": "[if(and(contains(variables('aadJoinSettings'), 'mdmId'), empty(variables('aadJoinSettings').mdmId)), reduce(items(variables('aadJoinSettings')), createObject(), lambda('cur', 'item', if(equals(lambdaVariables('item').key, 'mdmId'), lambdaVariables('cur'), union(lambdaVariables('cur'), createObject(format('{0}', lambdaVariables('item').key), lambdaVariables('item').value))))), variables('aadJoinSettings'))]" }, "resources": { "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.compute-virtualmachine.{0}.{1}', replace('0.20.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2024-07-01", + "name": "[format('46d3xbcp.res.compute-virtualmachine.{0}.{1}', replace('0.22.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -7628,25 +7990,25 @@ "name": "managedDataDisks", "count": "[length(coalesce(parameters('dataDisks'), createArray()))]" }, - "condition": "[empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()].managedDisk, 'id'))]", + "condition": "[and(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()].managedDisk, 'resourceId')), not(equals(coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()], 'createOption'), 'Empty'), 'FromImage')))]", "type": "Microsoft.Compute/disks", - "apiVersion": "2024-03-02", + "apiVersion": "2025-01-02", "name": "[coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()], 'name'), format('{0}-disk-data-{1}', parameters('name'), padLeft(add(copyIndex(), 1), 2, '0')))]", "location": "[parameters('location')]", "sku": { "name": "[tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()].managedDisk, 'storageAccountType')]" }, "properties": { - "diskSizeGB": "[coalesce(parameters('dataDisks'), createArray())[copyIndex()].diskSizeGB]", + "diskSizeGB": "[tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()], 'diskSizeGB')]", "creationData": { - "createOption": "[coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()], 'createoption'), 'Empty')]" + "createOption": "[coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()], 'createOption'), 'Empty')]" }, "diskIOPSReadWrite": "[tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()], 'diskIOPSReadWrite')]", "diskMBpsReadWrite": "[tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()], 'diskMBpsReadWrite')]", "publicNetworkAccess": "[parameters('publicNetworkAccess')]", "networkAccessPolicy": "[parameters('networkAccessPolicy')]" }, - "zones": "[if(and(not(equals(parameters('availabilityZone'), -1)), not(contains(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()].managedDisk, 'storageAccountType'), 'ZRS'))), array(string(parameters('availabilityZone'))), null())]", + "zones": "[if(and(not(equals(parameters('availabilityZone'), -1)), not(contains(coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()].managedDisk, 'storageAccountType'), ''), 'ZRS'))), array(string(parameters('availabilityZone'))), null())]", "tags": "[coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" }, "vm": { @@ -7670,30 +8032,28 @@ "count": "[length(coalesce(parameters('dataDisks'), createArray()))]", "input": { "lun": "[coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'lun'), copyIndex('dataDisks'))]", - "name": "[if(not(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'id'))), last(split(coalesce(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk.id, ''), '/')), coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'name'), format('{0}-disk-data-{1}', parameters('name'), padLeft(add(copyIndex('dataDisks'), 1), 2, '0'))))]", - "createOption": "[if(or(not(equals(if(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'id')), resourceId('Microsoft.Compute/disks', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'name'), format('{0}-disk-data-{1}', parameters('name'), padLeft(add(copyIndex('dataDisks'), 1), 2, '0')))), null()), null())), not(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'id')))), 'Attach', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'createoption'), 'Empty'))]", - "deleteOption": "[if(not(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'id'))), 'Detach', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'deleteOption'), 'Delete'))]", - "caching": "[if(not(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'id'))), 'None', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'caching'), 'ReadOnly'))]", - "managedDisk": { - "id": "[coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'id'), if(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'id')), resourceId('Microsoft.Compute/disks', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'name'), format('{0}-disk-data-{1}', parameters('name'), padLeft(add(copyIndex('dataDisks'), 1), 2, '0')))), null()))]", - "diskEncryptionSet": "[if(contains(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'diskEncryptionSet'), createObject('id', coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk.diskEncryptionSet.id), null())]" - } + "name": "[if(not(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'resourceId'))), last(split(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk.resourceId, '/')), coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'name'), format('{0}-disk-data-{1}', parameters('name'), padLeft(add(copyIndex('dataDisks'), 1), 2, '0'))))]", + "createOption": "[if(equals(coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'createOption'), 'Empty'), 'FromImage'), 'FromImage', if(or(not(equals(if(and(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'resourceId')), not(equals(coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'createOption'), 'Empty'), 'FromImage'))), resourceId('Microsoft.Compute/disks', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'name'), format('{0}-disk-data-{1}', parameters('name'), padLeft(add(copyIndex('dataDisks'), 1), 2, '0')))), null()), null())), not(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'resourceId')))), 'Attach', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'createOption'), 'Empty')))]", + "deleteOption": "[if(not(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'resourceId'))), 'Detach', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'deleteOption'), 'Delete'))]", + "caching": "[if(not(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'resourceId'))), 'None', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'caching'), 'ReadOnly'))]", + "diskSizeGB": "[if(equals(coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'createOption'), 'Empty'), 'FromImage'), null(), tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'diskSizeGB'))]", + "managedDisk": "[if(equals(coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'createOption'), 'Empty'), 'FromImage'), createObject('storageAccountType', tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'storageAccountType'), 'diskEncryptionSet', if(not(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'diskEncryptionSetResourceId'))), createObject('id', coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk.diskEncryptionSetResourceId), null())), createObject('id', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'resourceId'), if(and(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'resourceId')), not(equals(coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'createOption'), 'Empty'), 'FromImage'))), resourceId('Microsoft.Compute/disks', coalesce(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')], 'name'), format('{0}-disk-data-{1}', parameters('name'), padLeft(add(copyIndex('dataDisks'), 1), 2, '0')))), null())), 'diskEncryptionSet', if(not(empty(tryGet(coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk, 'diskEncryptionSetResourceId'))), createObject('id', coalesce(parameters('dataDisks'), createArray())[copyIndex('dataDisks')].managedDisk.diskEncryptionSetResourceId), null())))]" } } ], "imageReference": "[parameters('imageReference')]", "osDisk": { - "name": "[coalesce(tryGet(parameters('osDisk'), 'name'), format('{0}-disk-os-01', parameters('name')))]", - "createOption": "[coalesce(tryGet(parameters('osDisk'), 'createOption'), 'FromImage')]", - "deleteOption": "[coalesce(tryGet(parameters('osDisk'), 'deleteOption'), 'Delete')]", + "name": "[if(not(empty(tryGet(parameters('osDisk').managedDisk, 'resourceId'))), last(split(parameters('osDisk').managedDisk.resourceId, '/')), coalesce(tryGet(parameters('osDisk'), 'name'), format('{0}-disk-os-01', parameters('name'))))]", + "createOption": "[if(not(empty(tryGet(parameters('osDisk').managedDisk, 'resourceId'))), 'Attach', coalesce(tryGet(parameters('osDisk'), 'createOption'), 'FromImage'))]", + "osType": "[parameters('osType')]", + "deleteOption": "[if(not(empty(tryGet(parameters('osDisk').managedDisk, 'resourceId'))), 'Detach', coalesce(tryGet(parameters('osDisk'), 'deleteOption'), 'Delete'))]", "diffDiskSettings": "[if(empty(coalesce(tryGet(parameters('osDisk'), 'diffDiskSettings'), createObject())), null(), createObject('option', 'Local', 'placement', parameters('osDisk').diffDiskSettings.placement))]", "diskSizeGB": "[tryGet(parameters('osDisk'), 'diskSizeGB')]", - "caching": "[coalesce(tryGet(parameters('osDisk'), 'caching'), 'ReadOnly')]", + "caching": "[if(not(empty(tryGet(parameters('osDisk').managedDisk, 'resourceId'))), 'None', coalesce(tryGet(parameters('osDisk'), 'caching'), 'ReadOnly'))]", "managedDisk": { "storageAccountType": "[tryGet(parameters('osDisk').managedDisk, 'storageAccountType')]", - "diskEncryptionSet": { - "id": "[tryGet(parameters('osDisk').managedDisk, 'diskEncryptionSetResourceId')]" - } + "diskEncryptionSet": "[if(not(empty(tryGet(parameters('osDisk').managedDisk, 'diskEncryptionSetResourceId'))), createObject('id', tryGet(parameters('osDisk').managedDisk, 'diskEncryptionSetResourceId')), null())]", + "id": "[tryGet(parameters('osDisk').managedDisk, 'resourceId')]" } } }, @@ -7701,16 +8061,7 @@ "ultraSSDEnabled": "[parameters('ultraSSDEnabled')]", "hibernationEnabled": "[parameters('hibernationEnabled')]" }, - "osProfile": { - "computerName": "[parameters('computerName')]", - "adminUsername": "[parameters('adminUsername')]", - "adminPassword": "[parameters('adminPassword')]", - "customData": "[if(not(empty(parameters('customData'))), base64(parameters('customData')), null())]", - "windowsConfiguration": "[if(equals(parameters('osType'), 'Windows'), variables('windowsConfiguration'), null())]", - "linuxConfiguration": "[if(equals(parameters('osType'), 'Linux'), variables('linuxConfiguration'), null())]", - "secrets": "[parameters('certificatesToBeInstalled')]", - "allowExtensionOperations": "[parameters('allowExtensionOperations')]" - }, + "osProfile": "[if(empty(tryGet(parameters('osDisk').managedDisk, 'resourceId')), createObject('computerName', parameters('computerName'), 'adminUsername', parameters('adminUsername'), 'adminPassword', parameters('adminPassword'), 'customData', if(not(empty(parameters('customData'))), base64(parameters('customData')), null()), 'windowsConfiguration', if(equals(parameters('osType'), 'Windows'), variables('windowsConfiguration'), null()), 'linuxConfiguration', if(equals(parameters('osType'), 'Linux'), variables('linuxConfiguration'), null()), 'secrets', parameters('certificatesToBeInstalled'), 'allowExtensionOperations', parameters('allowExtensionOperations')), null())]", "networkProfile": { "copy": [ { @@ -7753,7 +8104,7 @@ "condition": "[not(empty(parameters('maintenanceConfigurationResourceId')))]", "type": "Microsoft.Maintenance/configurationAssignments", "apiVersion": "2023-04-01", - "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", "name": "[format('{0}assignment', parameters('name'))]", "location": "[parameters('location')]", "properties": { @@ -7768,7 +8119,7 @@ "condition": "[not(empty(parameters('configurationProfile')))]", "type": "Microsoft.Automanage/configurationProfileAssignments", "apiVersion": "2022-05-04", - "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", "name": "default", "properties": { "configurationProfile": "[parameters('configurationProfile')]" @@ -7783,6 +8134,7 @@ "apiVersion": "2018-09-15", "name": "[format('shutdown-computevm-{0}', parameters('name'))]", "location": "[parameters('location')]", + "tags": "[coalesce(tryGet(parameters('autoShutdownConfig'), 'tags'), parameters('tags'))]", "properties": { "status": "[coalesce(tryGet(parameters('autoShutdownConfig'), 'status'), 'Disabled')]", "targetResourceId": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", @@ -7804,8 +8156,8 @@ }, "condition": "[parameters('extensionMonitoringAgentConfig').enabled]", "type": "Microsoft.Insights/dataCollectionRuleAssociations", - "apiVersion": "2023-03-11", - "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]", + "apiVersion": "2024-03-11", + "scope": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", "name": "[parameters('extensionMonitoringAgentConfig').dataCollectionRuleAssociations[copyIndex()].name]", "properties": { "dataCollectionRuleId": "[parameters('extensionMonitoringAgentConfig').dataCollectionRuleAssociations[copyIndex()].dataCollectionRuleResourceId]" @@ -7828,7 +8180,7 @@ "condition": "[not(empty(parameters('guestConfiguration')))]", "type": "Microsoft.GuestConfiguration/guestConfigurationAssignments", "apiVersion": "2024-04-05", - "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", "name": "[coalesce(tryGet(parameters('guestConfiguration'), 'name'), 'AzureWindowsBaseline')]", "location": "[parameters('location')]", "properties": { @@ -7843,7 +8195,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -7860,7 +8212,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Compute/virtualMachines', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -7881,7 +8233,7 @@ "count": "[length(parameters('nicConfigurations'))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-Nic-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -7934,8 +8286,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "774019590280042559" + "version": "0.41.2.15936", + "templateHash": "5982155361487304817" } }, "definitions": { @@ -8539,7 +8891,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if both logs & metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -8743,7 +9095,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -8848,7 +9200,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -9000,7 +9352,7 @@ }, "condition": "[and(not(empty(tryGet(parameters('ipConfigurations')[copyIndex()], 'pipConfiguration'))), empty(tryGet(tryGet(parameters('ipConfigurations')[copyIndex()], 'pipConfiguration'), 'publicIPAddressResourceId')))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-publicIP-{1}', deployment().name, copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -9067,106 +9419,13 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.36.177.2456", - "templateHash": "14921988046704902194" + "version": "0.39.26.7824", + "templateHash": "5349747633189946992" }, "name": "Public IP Addresses", "description": "This module deploys a Public IP Address." }, "definitions": { - "dnsSettingsType": { - "type": "object", - "properties": { - "domainNameLabel": { - "type": "string", - "metadata": { - "description": "Required. The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system." - } - }, - "domainNameLabelScope": { - "type": "string", - "allowedValues": [ - "NoReuse", - "ResourceGroupReuse", - "SubscriptionReuse", - "TenantReuse" - ], - "nullable": true, - "metadata": { - "description": "Optional. The domain name label scope. If a domain name label and a domain name label scope are specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system with a hashed value includes in FQDN." - } - }, - "fqdn": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone." - } - }, - "reverseFqdn": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN." - } - } - }, - "metadata": { - "__bicep_export!": true - } - }, - "ddosSettingsType": { - "type": "object", - "properties": { - "ddosProtectionPlan": { - "type": "object", - "properties": { - "id": { - "type": "string", - "metadata": { - "description": "Required. The resource ID of the DDOS protection plan associated with the public IP address." - } - } - }, - "nullable": true, - "metadata": { - "description": "Optional. The DDoS protection plan associated with the public IP address." - } - }, - "protectionMode": { - "type": "string", - "allowedValues": [ - "Enabled" - ], - "metadata": { - "description": "Required. The DDoS protection policy customizations." - } - } - }, - "metadata": { - "__bicep_export!": true - } - }, - "ipTagType": { - "type": "object", - "properties": { - "ipTagType": { - "type": "string", - "metadata": { - "description": "Required. The IP tag type." - } - }, - "tag": { - "type": "string", - "metadata": { - "description": "Required. The IP tag." - } - } - }, - "metadata": { - "__bicep_export!": true - } - }, "diagnosticSettingFullType": { "type": "object", "properties": { @@ -9285,7 +9544,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if both logs & metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.2.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -9310,12 +9569,19 @@ "metadata": { "description": "Optional. Specify the type of lock." } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } } }, "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.2.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -9390,7 +9656,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.2.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } } @@ -9411,14 +9677,13 @@ }, "publicIPAllocationMethod": { "type": "string", - "defaultValue": "Static", - "allowedValues": [ - "Dynamic", - "Static" - ], "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2025-01-01#properties/properties/properties/publicIPAllocationMethod" + }, "description": "Optional. The public IP address allocation method." - } + }, + "defaultValue": "Static" }, "availabilityZones": { "type": "array", @@ -9441,31 +9706,33 @@ }, "publicIPAddressVersion": { "type": "string", - "defaultValue": "IPv4", - "allowedValues": [ - "IPv4", - "IPv6" - ], "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2025-01-01#properties/properties/properties/publicIPAddressVersion" + }, "description": "Optional. IP address version." - } + }, + "defaultValue": "IPv4" }, "dnsSettings": { - "$ref": "#/definitions/dnsSettingsType", - "nullable": true, + "type": "object", "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2025-01-01#properties/properties/properties/dnsSettings" + }, "description": "Optional. The DNS settings of the public IP address." - } + }, + "nullable": true }, "ipTags": { "type": "array", - "items": { - "$ref": "#/definitions/ipTagType" - }, - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2025-01-01#properties/properties/properties/ipTags" + }, "description": "Optional. The list of tags associated with the public IP address." - } + }, + "nullable": true }, "lock": { "$ref": "#/definitions/lockType", @@ -9476,32 +9743,43 @@ }, "skuName": { "type": "string", - "defaultValue": "Standard", - "allowedValues": [ - "Basic", - "Standard" - ], "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2025-01-01#properties/sku/properties/name" + }, "description": "Optional. Name of a public IP address SKU." - } + }, + "defaultValue": "Standard" }, "skuTier": { "type": "string", - "defaultValue": "Regional", - "allowedValues": [ - "Global", - "Regional" - ], "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2025-01-01#properties/sku/properties/tier" + }, "description": "Optional. Tier of a public IP address SKU." - } + }, + "defaultValue": "Regional" }, "ddosSettings": { - "$ref": "#/definitions/ddosSettingsType", - "nullable": true, + "type": "object", "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2025-01-01#properties/properties/properties/ddosSettings" + }, "description": "Optional. The DDoS protection plan configuration associated with the public IP address." - } + }, + "nullable": true + }, + "deleteOption": { + "type": "string", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2025-01-01#properties/properties/properties/deleteOption" + }, + "description": "Optional. The delete option for the public IP address." + }, + "nullable": true }, "location": { "type": "string", @@ -9536,10 +9814,13 @@ }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/publicIPAddresses@2025-01-01#properties/tags" + }, "description": "Optional. Tags of the resource." - } + }, + "nullable": true }, "diagnosticSettings": { "type": "array", @@ -9578,7 +9859,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-publicipaddress.{0}.{1}', replace('0.9.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-publicipaddress.{0}.{1}', replace('0.12.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -9596,7 +9877,7 @@ }, "publicIpAddress": { "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2024-05-01", + "apiVersion": "2025-01-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -9612,7 +9893,8 @@ "publicIPAllocationMethod": "[parameters('publicIPAllocationMethod')]", "publicIPPrefix": "[if(not(empty(parameters('publicIpPrefixResourceId'))), createObject('id', parameters('publicIpPrefixResourceId')), null())]", "idleTimeoutInMinutes": "[parameters('idleTimeoutInMinutes')]", - "ipTags": "[parameters('ipTags')]" + "ipTags": "[parameters('ipTags')]", + "deleteOption": "[parameters('deleteOption')]" } }, "publicIpAddress_lock": { @@ -9623,7 +9905,7 @@ "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + "notes": "[coalesce(tryGet(parameters('lock'), 'notes'), if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.'))]" }, "dependsOn": [ "publicIpAddress" @@ -9727,7 +10009,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('publicIpAddress', '2024-05-01', 'full').location]" + "value": "[reference('publicIpAddress', '2025-01-01', 'full').location]" } } } @@ -9735,7 +10017,7 @@ }, "networkInterface": { "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-NetworkInterface', deployment().name)]", "properties": { "expressionEvaluationOptions": { @@ -9791,8 +10073,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.34.44.8038", - "templateHash": "10218370167882238860" + "version": "0.38.5.1644", + "templateHash": "272838238520810437" }, "name": "Network Interface", "description": "This module deploys a Network Interface." @@ -10363,12 +10645,19 @@ "metadata": { "description": "Optional. Specify the type of lock." } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } } }, "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" } } }, @@ -10464,10 +10753,13 @@ }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/networkInterfaces@2024-07-01#properties/tags" + }, "description": "Optional. Resource tags." - } + }, + "nullable": true }, "enableTelemetry": { "type": "bool", @@ -10613,7 +10905,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-networkinterface.{0}.{1}', replace('0.5.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-networkinterface.{0}.{1}', replace('0.5.3', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -10678,7 +10970,7 @@ "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + "notes": "[coalesce(tryGet(parameters('lock'), 'notes'), if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.'))]" }, "dependsOn": [ "networkInterface" @@ -10818,7 +11110,7 @@ "vm_domainJoinExtension": { "condition": "[and(contains(parameters('extensionDomainJoinConfig'), 'enabled'), parameters('extensionDomainJoinConfig').enabled)]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-DomainJoin', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -10851,7 +11143,7 @@ "value": "[coalesce(tryGet(parameters('extensionDomainJoinConfig'), 'enableAutomaticUpgrade'), false())]" }, "settings": { - "value": "[parameters('extensionDomainJoinConfig').settings]" + "value": "[coalesce(tryGet(parameters('extensionDomainJoinConfig'), 'settings'), createObject('Name', tryGet(parameters('extensionDomainJoinConfig'), 'domainName'), 'OUPath', tryGet(parameters('extensionDomainJoinConfig'), 'ouPath'), 'User', tryGet(parameters('extensionDomainJoinConfig'), 'user'), 'Restart', tryGet(parameters('extensionDomainJoinConfig'), 'restart'), 'Options', tryGet(parameters('extensionDomainJoinConfig'), 'options')))]" }, "supressFailures": { "value": "[coalesce(tryGet(parameters('extensionDomainJoinConfig'), 'supressFailures'), false())]" @@ -10872,8 +11164,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -11054,7 +11346,7 @@ "vm_aadJoinExtension": { "condition": "[parameters('extensionAadJoinConfig').enabled]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-AADLogin', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -11084,9 +11376,7 @@ "enableAutomaticUpgrade": { "value": "[coalesce(tryGet(parameters('extensionAadJoinConfig'), 'enableAutomaticUpgrade'), false())]" }, - "settings": { - "value": "[coalesce(tryGet(parameters('extensionAadJoinConfig'), 'settings'), createObject())]" - }, + "settings": "[if(not(empty(variables('filteredAadJoinSettings'))), createObject('value', variables('filteredAadJoinSettings')), createObject('value', null()))]", "supressFailures": { "value": "[coalesce(tryGet(parameters('extensionAadJoinConfig'), 'supressFailures'), false())]" }, @@ -11101,8 +11391,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -11284,7 +11574,7 @@ "vm_microsoftAntiMalwareExtension": { "condition": "[parameters('extensionAntiMalwareConfig').enabled]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-MicrosoftAntiMalware', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -11333,8 +11623,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -11516,7 +11806,7 @@ "vm_azureMonitorAgentExtension": { "condition": "[parameters('extensionMonitoringAgentConfig').enabled]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-AzureMonitorAgent', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -11546,6 +11836,9 @@ "enableAutomaticUpgrade": { "value": "[coalesce(tryGet(parameters('extensionMonitoringAgentConfig'), 'enableAutomaticUpgrade'), false())]" }, + "settings": { + "value": "[coalesce(tryGet(parameters('extensionMonitoringAgentConfig'), 'settings'), createObject())]" + }, "supressFailures": { "value": "[coalesce(tryGet(parameters('extensionMonitoringAgentConfig'), 'supressFailures'), false())]" }, @@ -11560,8 +11853,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -11743,7 +12036,7 @@ "vm_dependencyAgentExtension": { "condition": "[parameters('extensionDependencyAgentConfig').enabled]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-DependencyAgent', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -11792,8 +12085,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -11975,7 +12268,7 @@ "vm_networkWatcherAgentExtension": { "condition": "[parameters('extensionNetworkWatcherAgentConfig').enabled]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-NetworkWatcherAgent', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -12019,8 +12312,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -12202,7 +12495,7 @@ "vm_desiredStateConfigurationExtension": { "condition": "[parameters('extensionDSCConfig').enabled]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-DesiredStateConfiguration', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -12254,8 +12547,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -12437,7 +12730,7 @@ "vm_customScriptExtension": { "condition": "[not(empty(parameters('extensionCustomScriptConfig')))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-CustomScriptExtension', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -12494,8 +12787,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -12671,14 +12964,13 @@ }, "dependsOn": [ "cseIdentity", - "vm", - "vm_desiredStateConfigurationExtension" + "vm" ] }, "vm_azureDiskEncryptionExtension": { "condition": "[parameters('extensionAzureDiskEncryptionConfig').enabled]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-AzureDiskEncryption', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -12728,8 +13020,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -12911,7 +13203,7 @@ "vm_nvidiaGpuDriverWindowsExtension": { "condition": "[parameters('extensionNvidiaGpuDriverWindows').enabled]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-NvidiaGpuDriverWindows', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -12957,8 +13249,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -13140,7 +13432,7 @@ "vm_hostPoolRegistrationExtension": { "condition": "[parameters('extensionHostPoolRegistration').enabled]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-HostPoolRegistration', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -13178,12 +13470,20 @@ "configurationFunction": "[parameters('extensionHostPoolRegistration').configurationFunction]", "properties": { "hostPoolName": "[parameters('extensionHostPoolRegistration').hostPoolName]", - "registrationInfoToken": "[parameters('extensionHostPoolRegistration').registrationInfoToken]", "aadJoin": true - }, - "supressFailures": "[coalesce(tryGet(parameters('extensionHostPoolRegistration'), 'supressFailures'), false())]" + } } }, + "protectedSettings": { + "value": { + "properties": { + "registrationInfoToken": "[parameters('extensionHostPoolRegistration').registrationInfoToken]" + } + } + }, + "supressFailures": { + "value": "[coalesce(tryGet(parameters('extensionHostPoolRegistration'), 'supressFailures'), false())]" + }, "tags": { "value": "[coalesce(tryGet(parameters('extensionHostPoolRegistration'), 'tags'), parameters('tags'))]" } @@ -13195,8 +13495,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -13378,7 +13678,7 @@ "vm_azureGuestConfigurationExtension": { "condition": "[parameters('extensionGuestConfigurationExtension').enabled]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-GuestConfiguration', uniqueString(deployment().name, parameters('location')))]", "properties": { "expressionEvaluationOptions": { @@ -13429,8 +13729,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13125609748815648088" + "version": "0.41.2.15936", + "templateHash": "3581830278162851734" }, "name": "Virtual Machine Extensions", "description": "This module deploys a Virtual Machine Extension." @@ -13612,7 +13912,7 @@ "vm_backup": { "condition": "[not(empty(parameters('backupVaultName')))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-VM-Backup', uniqueString(deployment().name, parameters('location')))]", "resourceGroup": "[parameters('backupVaultResourceGroup')]", "properties": { @@ -13649,8 +13949,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13700395772485726477" + "version": "0.41.2.15936", + "templateHash": "17448691641471706096" }, "name": "Recovery Service Vaults Protection Container Protected Item", "description": "This module deploys a Recovery Services Vault Protection Container Protected Item." @@ -13887,8 +14187,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "9651684292850651586" + "version": "0.41.2.15936", + "templateHash": "14895287194406877557" }, "name": "Maintenance Configurations", "description": "This module deploys a Maintenance Configuration." @@ -13927,7 +14227,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -14002,7 +14302,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -14047,18 +14347,13 @@ }, "maintenanceScope": { "type": "string", - "defaultValue": "Host", - "allowedValues": [ - "Host", - "OSImage", - "Extension", - "InGuestPatch", - "SQLDB", - "SQLManagedInstance" - ], "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Maintenance/maintenanceConfigurations@2023-04-01#properties/properties/properties/maintenanceScope" + }, "description": "Optional. Gets or sets maintenanceScope of the configuration." - } + }, + "defaultValue": "Host" }, "maintenanceWindow": { "type": "object", @@ -14099,15 +14394,13 @@ }, "visibility": { "type": "string", - "defaultValue": "", - "allowedValues": [ - "", - "Custom", - "Public" - ], "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Maintenance/maintenanceConfigurations@2023-04-01#properties/properties/properties/visibility" + }, "description": "Optional. Gets or sets the visibility of the configuration. The default value is 'Custom'." - } + }, + "nullable": true }, "installPatches": { "type": "object", @@ -14141,8 +14434,8 @@ "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.maintenance-maintenanceconfiguration.{0}.{1}', replace('0.3.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.maintenance-maintenanceconfiguration.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -14177,7 +14470,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Maintenance/maintenanceConfigurations/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Maintenance/maintenanceConfigurations', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -14194,7 +14487,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Maintenance/maintenanceConfigurations/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Maintenance/maintenanceConfigurations', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Maintenance/maintenanceConfigurations', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -14378,8 +14671,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "8113567080988541838" + "version": "0.41.2.15936", + "templateHash": "2441324888126124697" }, "name": "Data Collection Rules", "description": "This module deploys a Data Collection Rule." @@ -14404,12 +14697,18 @@ }, "Direct": { "$ref": "#/definitions/directDcrPropertiesType" + }, + "WorkspaceTransforms": { + "$ref": "#/definitions/workspaceTransformsDcrPropertiesType" + }, + "PlatformTelemetry": { + "$ref": "#/definitions/platformTelemetryDcrPropertiesType" } } }, "metadata": { "__bicep_export!": true, - "description": "The type for data collection rule properties. Depending on the kind, the properties will be different." + "description": "Required. The type for data collection rule properties. Depending on the kind, the properties will be different." } }, "linuxDcrPropertiesType": { @@ -14421,14 +14720,14 @@ "Linux" ], "metadata": { - "description": "Required. The platform type specifies the type of resources this rule can apply to." + "description": "Required. The kind of the resource." } }, "dataSources": { "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/dataSources" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/dataSources" }, "description": "Required. Specification of data sources that will be collected." } @@ -14437,7 +14736,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/dataFlows" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/dataFlows" }, "description": "Required. The specification of data flows." } @@ -14446,7 +14745,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/destinations" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/destinations" }, "description": "Required. Specification of destinations that can be used in data flows." } @@ -14462,7 +14761,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/streamDeclarations" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/streamDeclarations" }, "description": "Optional. Declaration of custom streams used in this rule." }, @@ -14489,14 +14788,14 @@ "Windows" ], "metadata": { - "description": "Required. The platform type specifies the type of resources this rule can apply to." + "description": "Required. The kind of the resource." } }, "dataSources": { "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/dataSources" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/dataSources" }, "description": "Required. Specification of data sources that will be collected." } @@ -14505,7 +14804,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/dataFlows" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/dataFlows" }, "description": "Required. The specification of data flows." } @@ -14514,7 +14813,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/destinations" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/destinations" }, "description": "Required. Specification of destinations that can be used in data flows." } @@ -14530,7 +14829,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/streamDeclarations" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/streamDeclarations" }, "description": "Optional. Declaration of custom streams used in this rule." }, @@ -14557,14 +14856,14 @@ "All" ], "metadata": { - "description": "Required. The platform type specifies the type of resources this rule can apply to." + "description": "Required. The kind of the resource." } }, "dataSources": { "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/dataSources" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/dataSources" }, "description": "Required. Specification of data sources that will be collected." } @@ -14573,7 +14872,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/dataFlows" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/dataFlows" }, "description": "Required. The specification of data flows." } @@ -14582,7 +14881,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/destinations" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/destinations" }, "description": "Required. Specification of destinations that can be used in data flows." } @@ -14598,7 +14897,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/streamDeclarations" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/streamDeclarations" }, "description": "Optional. Declaration of custom streams used in this rule." }, @@ -14625,7 +14924,7 @@ "AgentSettings" ], "metadata": { - "description": "Required. The platform type specifies the type of resources this rule can apply to." + "description": "Required. The kind of the resource." } }, "description": { @@ -14696,14 +14995,14 @@ "Direct" ], "metadata": { - "description": "Required. The platform type specifies the type of resources this rule can apply to." + "description": "Required. The kind of the resource." } }, "dataFlows": { "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/dataFlows" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/dataFlows" }, "description": "Required. The specification of data flows." } @@ -14712,7 +15011,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/destinations" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/destinations" }, "description": "Required. Specification of destinations that can be used in data flows." } @@ -14728,7 +15027,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/streamDeclarations" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/streamDeclarations" }, "description": "Required. Declaration of custom streams used in this rule." } @@ -14745,6 +15044,136 @@ "description": "The type for the properties of the 'Direct' data collection rule." } }, + "workspaceTransformsDcrPropertiesType": { + "type": "object", + "properties": { + "kind": { + "type": "string", + "allowedValues": [ + "WorkspaceTransforms" + ], + "metadata": { + "description": "Required. The kind of the resource." + } + }, + "dataFlows": { + "type": "array", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/dataFlows" + }, + "description": "Required. The specification of data flows. Should include a separate dataflow for each table that will have a transformation. Use a where clause in the query if only certain records should be transformed." + } + }, + "destinations": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/destinations" + }, + "description": "Required. Specification of destinations that can be used in data flows. For WorkspaceTransforms, only one Log Analytics workspace destination is supported." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Description of the data collection rule." + } + } + }, + "metadata": { + "description": "The type for the properties of the 'WorkspaceTransforms' data collection rule." + } + }, + "platformTelemetryDcrPropertiesType": { + "type": "object", + "properties": { + "kind": { + "type": "string", + "allowedValues": [ + "PlatformTelemetry" + ], + "metadata": { + "description": "Required. The kind of the resource." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Description of the data collection rule." + } + }, + "dataSources": { + "type": "object", + "properties": { + "platformTelemetry": { + "type": "array", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/dataSources/properties/platformTelemetry" + }, + "description": "Required. The list of platform telemetry configurations." + } + } + }, + "metadata": { + "description": "Required. Specification of data sources that will be collected." + } + }, + "destinations": { + "type": "object", + "properties": { + "logAnalytics": { + "type": "array", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/destinations/properties/logAnalytics" + }, + "description": "Optional. The list of Log Analytics destinations." + }, + "nullable": true + }, + "storageAccounts": { + "type": "array", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/destinations/properties/storageAccounts" + }, + "description": "Optional. The list of Storage Account destinations." + }, + "nullable": true + }, + "eventHubs": { + "type": "array", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/destinations/properties/eventHubs" + }, + "description": "Optional. The list of Event Hub destinations." + }, + "nullable": true + } + }, + "metadata": { + "description": "Required. Specification of destinations. Choose a single destination type of either logAnalytics, storageAccounts, or eventHubs." + } + }, + "dataFlows": { + "type": "array", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/dataFlows" + }, + "description": "Required. The specification of data flows." + } + } + }, + "metadata": { + "description": "The type for the properties of the 'PlatformTelemetry' data collection rule." + } + }, "lockType": { "type": "object", "properties": { @@ -14778,7 +15207,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -14806,7 +15235,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -14881,7 +15310,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -14941,7 +15370,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/tags" + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/tags" }, "description": "Optional. Resource tags." }, @@ -14965,15 +15394,15 @@ "Role Based Access Control Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" }, - "dataCollectionRulePropertiesUnion": "[union(createObject('description', tryGet(parameters('dataCollectionRuleProperties'), 'description')), if(or(or(equals(parameters('dataCollectionRuleProperties').kind, 'Linux'), equals(parameters('dataCollectionRuleProperties').kind, 'Windows')), equals(parameters('dataCollectionRuleProperties').kind, 'All')), createObject('dataSources', parameters('dataCollectionRuleProperties').dataSources), createObject()), if(or(or(or(equals(parameters('dataCollectionRuleProperties').kind, 'Linux'), equals(parameters('dataCollectionRuleProperties').kind, 'Windows')), equals(parameters('dataCollectionRuleProperties').kind, 'All')), equals(parameters('dataCollectionRuleProperties').kind, 'Direct')), createObject('dataFlows', parameters('dataCollectionRuleProperties').dataFlows, 'destinations', parameters('dataCollectionRuleProperties').destinations, 'dataCollectionEndpointId', tryGet(parameters('dataCollectionRuleProperties'), 'dataCollectionEndpointResourceId'), 'streamDeclarations', tryGet(parameters('dataCollectionRuleProperties'), 'streamDeclarations')), createObject()), if(equals(parameters('dataCollectionRuleProperties').kind, 'AgentSettings'), createObject('agentSettings', parameters('dataCollectionRuleProperties').agentSettings), createObject()))]", + "dataCollectionRulePropertiesUnion": "[union(createObject('description', tryGet(parameters('dataCollectionRuleProperties'), 'description')), if(contains(createArray('Linux', 'Windows', 'All', 'PlatformTelemetry'), parameters('dataCollectionRuleProperties').kind), createObject('dataSources', parameters('dataCollectionRuleProperties').dataSources), createObject()), if(contains(createArray('Linux', 'Windows', 'All', 'Direct', 'WorkspaceTransforms', 'PlatformTelemetry'), parameters('dataCollectionRuleProperties').kind), createObject('dataFlows', parameters('dataCollectionRuleProperties').dataFlows, 'destinations', parameters('dataCollectionRuleProperties').destinations), createObject()), if(contains(createArray('Linux', 'Windows', 'All', 'Direct', 'WorkspaceTransforms'), parameters('dataCollectionRuleProperties').kind), createObject('dataCollectionEndpointId', tryGet(parameters('dataCollectionRuleProperties'), 'dataCollectionEndpointResourceId'), 'streamDeclarations', tryGet(parameters('dataCollectionRuleProperties'), 'streamDeclarations')), createObject()), if(equals(parameters('dataCollectionRuleProperties').kind, 'AgentSettings'), createObject('agentSettings', parameters('dataCollectionRuleProperties').agentSettings), createObject()))]", "enableReferencedModulesTelemetry": false }, "resources": { "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.insights-datacollectionrule.{0}.{1}', replace('0.8.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.insights-datacollectionrule.{0}.{1}', replace('0.11.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -14992,7 +15421,7 @@ "dataCollectionRule": { "condition": "[not(equals(parameters('dataCollectionRuleProperties').kind, 'All'))]", "type": "Microsoft.Insights/dataCollectionRules", - "apiVersion": "2023-03-11", + "apiVersion": "2024-03-11", "name": "[parameters('name')]", "kind": "[parameters('dataCollectionRuleProperties').kind]", "location": "[parameters('location')]", @@ -15003,7 +15432,7 @@ "dataCollectionRuleAll": { "condition": "[equals(parameters('dataCollectionRuleProperties').kind, 'All')]", "type": "Microsoft.Insights/dataCollectionRules", - "apiVersion": "2023-03-11", + "apiVersion": "2024-03-11", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -15033,8 +15462,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "11414235132312545759" + "version": "0.41.2.15936", + "templateHash": "2876136109547890997" } }, "definitions": { @@ -15095,14 +15524,14 @@ "dataCollectionRule": { "existing": true, "type": "Microsoft.Insights/dataCollectionRules", - "apiVersion": "2023-03-11", + "apiVersion": "2024-03-11", "name": "[parameters('dataCollectionRuleName')]" }, "dataCollectionRule_lock": { "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Insights/dataCollectionRules/{0}', parameters('dataCollectionRuleName'))]", + "scope": "[resourceId('Microsoft.Insights/dataCollectionRules', parameters('dataCollectionRuleName'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('dataCollectionRuleName')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -15403,7 +15832,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[if(equals(parameters('dataCollectionRuleProperties').kind, 'All'), reference('dataCollectionRuleAll', '2023-03-11', 'full').location, reference('dataCollectionRule', '2023-03-11', 'full').location)]" + "value": "[if(equals(parameters('dataCollectionRuleProperties').kind, 'All'), reference('dataCollectionRuleAll', '2024-03-11', 'full').location, reference('dataCollectionRule', '2024-03-11', 'full').location)]" }, "systemAssignedMIPrincipalId": { "type": "string", @@ -15411,13 +15840,13 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(equals(parameters('dataCollectionRuleProperties').kind, 'All'), tryGet(tryGet(if(equals(parameters('dataCollectionRuleProperties').kind, 'All'), reference('dataCollectionRuleAll', '2023-03-11', 'full'), null()), 'identity'), 'principalId'), tryGet(tryGet(if(not(equals(parameters('dataCollectionRuleProperties').kind, 'All')), reference('dataCollectionRule', '2023-03-11', 'full'), null()), 'identity'), 'principalId'))]" + "value": "[if(equals(parameters('dataCollectionRuleProperties').kind, 'All'), tryGet(tryGet(if(equals(parameters('dataCollectionRuleProperties').kind, 'All'), reference('dataCollectionRuleAll', '2024-03-11', 'full'), null()), 'identity'), 'principalId'), tryGet(tryGet(if(not(equals(parameters('dataCollectionRuleProperties').kind, 'All')), reference('dataCollectionRule', '2024-03-11', 'full'), null()), 'identity'), 'principalId'))]" }, "endpoints": { "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/dataCollectionRules@2023-03-11#properties/properties/properties/endpoints", + "source": "Microsoft.Insights/dataCollectionRules@2024-03-11#properties/properties/properties/endpoints", "output": true }, "description": "The endpoints of the dataCollectionRule, if created." @@ -15845,8 +16274,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "17921343070314002065" + "version": "0.41.2.15936", + "templateHash": "18337341331267624582" }, "name": "Private DNS Zones", "description": "This module deploys a Private DNS zone." @@ -16599,7 +17028,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-privatednszone.{0}.{1}', replace('0.8.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privatednszone.{0}.{1}', replace('0.8.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -16626,7 +17055,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/privateDnsZones/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateDnsZones', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -16643,7 +17072,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateDnsZones/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateDnsZones', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateDnsZones', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -16664,7 +17093,7 @@ "count": "[length(coalesce(parameters('a'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateDnsZone-ARecord-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -16701,8 +17130,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "12608084563401365743" + "version": "0.41.2.15936", + "templateHash": "7372385900111002873" }, "name": "Private DNS Zone A record", "description": "This module deploys a Private DNS Zone A record." @@ -16865,7 +17294,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.nw-privdnszonea.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.nw-privdnszonea.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -16904,7 +17333,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateDnsZones/{0}/A/{1}', parameters('privateDnsZoneName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateDnsZones/A', parameters('privateDnsZoneName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateDnsZones/A', parameters('privateDnsZoneName'), parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -16955,7 +17384,7 @@ "count": "[length(coalesce(parameters('aaaa'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateDnsZone-AAAARecord-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -16992,8 +17421,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "4881696097088567452" + "version": "0.41.2.15936", + "templateHash": "14405855828972373002" }, "name": "Private DNS Zone AAAA record", "description": "This module deploys a Private DNS Zone AAAA record." @@ -17156,7 +17585,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.nw-privdnszoneaaaa.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.nw-privdnszoneaaaa.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -17195,7 +17624,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateDnsZones/{0}/AAAA/{1}', parameters('privateDnsZoneName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateDnsZones/AAAA', parameters('privateDnsZoneName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateDnsZones/AAAA', parameters('privateDnsZoneName'), parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -17246,7 +17675,7 @@ "count": "[length(coalesce(parameters('cname'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateDnsZone-CNAMERecord-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -17283,8 +17712,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13307906270868460967" + "version": "0.41.2.15936", + "templateHash": "13818627461335065928" }, "name": "Private DNS Zone CNAME record", "description": "This module deploys a Private DNS Zone CNAME record." @@ -17447,7 +17876,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.nw-privdnszonecname.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.nw-privdnszonecname.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -17486,7 +17915,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateDnsZones/{0}/CNAME/{1}', parameters('privateDnsZoneName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateDnsZones/CNAME', parameters('privateDnsZoneName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateDnsZones/CNAME', parameters('privateDnsZoneName'), parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -17537,7 +17966,7 @@ "count": "[length(coalesce(parameters('mx'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateDnsZone-MXRecord-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -17574,8 +18003,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "7946896598573056688" + "version": "0.41.2.15936", + "templateHash": "2977624679479439942" }, "name": "Private DNS Zone MX record", "description": "This module deploys a Private DNS Zone MX record." @@ -17738,7 +18167,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.nw-privdnszonemx.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.nw-privdnszonemx.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -17777,7 +18206,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateDnsZones/{0}/MX/{1}', parameters('privateDnsZoneName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateDnsZones/MX', parameters('privateDnsZoneName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateDnsZones/MX', parameters('privateDnsZoneName'), parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -17828,7 +18257,7 @@ "count": "[length(coalesce(parameters('ptr'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateDnsZone-PTRRecord-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -17865,8 +18294,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "7627375510490151870" + "version": "0.41.2.15936", + "templateHash": "15286275176817336979" }, "name": "Private DNS Zone PTR record", "description": "This module deploys a Private DNS Zone PTR record." @@ -18029,7 +18458,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.nw-privdnszoneptr.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.nw-privdnszoneptr.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -18068,7 +18497,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateDnsZones/{0}/PTR/{1}', parameters('privateDnsZoneName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateDnsZones/PTR', parameters('privateDnsZoneName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateDnsZones/PTR', parameters('privateDnsZoneName'), parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -18119,7 +18548,7 @@ "count": "[length(coalesce(parameters('soa'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateDnsZone-SOARecord-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -18156,8 +18585,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "16709883266329935583" + "version": "0.41.2.15936", + "templateHash": "4837447718856535826" }, "name": "Private DNS Zone SOA record", "description": "This module deploys a Private DNS Zone SOA record." @@ -18320,7 +18749,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.nw-privdnszonesoa.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.nw-privdnszonesoa.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -18359,7 +18788,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateDnsZones/{0}/SOA/{1}', parameters('privateDnsZoneName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateDnsZones/SOA', parameters('privateDnsZoneName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateDnsZones/SOA', parameters('privateDnsZoneName'), parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -18410,7 +18839,7 @@ "count": "[length(coalesce(parameters('srv'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateDnsZone-SRVRecord-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -18447,8 +18876,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "8123422724272920495" + "version": "0.41.2.15936", + "templateHash": "15028912535488490265" }, "name": "Private DNS Zone SRV record", "description": "This module deploys a Private DNS Zone SRV record." @@ -18611,7 +19040,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.nw-privdnszonesrv.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.nw-privdnszonesrv.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -18650,7 +19079,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateDnsZones/{0}/SRV/{1}', parameters('privateDnsZoneName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateDnsZones/SRV', parameters('privateDnsZoneName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateDnsZones/SRV', parameters('privateDnsZoneName'), parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -18701,7 +19130,7 @@ "count": "[length(coalesce(parameters('txt'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateDnsZone-TXTRecord-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -18738,8 +19167,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "17170531000135004092" + "version": "0.41.2.15936", + "templateHash": "7641583415110009849" }, "name": "Private DNS Zone TXT record", "description": "This module deploys a Private DNS Zone TXT record." @@ -18902,7 +19331,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.nw-privdnszonetxt.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.nw-privdnszonetxt.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -18941,7 +19370,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateDnsZones/{0}/TXT/{1}', parameters('privateDnsZoneName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateDnsZones/TXT', parameters('privateDnsZoneName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateDnsZones/TXT', parameters('privateDnsZoneName'), parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -18992,7 +19421,7 @@ "count": "[length(coalesce(parameters('virtualNetworkLinks'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateDnsZone-VNetLink-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -19020,6 +19449,9 @@ }, "resolutionPolicy": { "value": "[tryGet(coalesce(parameters('virtualNetworkLinks'), createArray())[copyIndex()], 'resolutionPolicy')]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" } }, "template": { @@ -19029,13 +19461,20 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "517173107480898390" + "version": "0.41.2.15936", + "templateHash": "7392770862892927923" }, "name": "Private DNS Zone Virtual Network Link", "description": "This module deploys a Private DNS Zone Virtual Network Link." }, "parameters": { + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + }, "privateDnsZoneName": { "type": "string", "metadata": { @@ -19088,6 +19527,26 @@ } }, "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2024-03-01", + "name": "[format('46d3xbcp.res.nw-privdnszonevnetlink.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, "privateDnsZone": { "existing": true, "type": "Microsoft.Network/privateDnsZones", @@ -19225,8 +19684,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "6350282028214740152" + "version": "0.42.1.51946", + "templateHash": "15098611015028470375" } }, "parameters": { @@ -19303,7 +19762,7 @@ "condition": "[variables('useExistingWorkspace')]", "existing": true, "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2023-09-01", + "apiVersion": "2025-07-01", "subscriptionId": "[variables('existingLawSubscription')]", "resourceGroup": "[variables('existingLawResourceGroup')]", "name": "[variables('existingLawName')]" @@ -19349,7 +19808,7 @@ } ] }, - "dailyQuotaGb": "[if(parameters('enableRedundancy'), createObject('value', 150), createObject('value', null()))]", + "dailyQuotaGb": "[if(parameters('enableRedundancy'), createObject('value', '150'), createObject('value', null()))]", "replication": "[if(parameters('enableRedundancy'), createObject('value', createObject('enabled', true(), 'location', parameters('replicaLocation'))), createObject('value', null()))]", "publicNetworkAccessForIngestion": "[if(parameters('enablePrivateNetworking'), createObject('value', 'Disabled'), createObject('value', 'Enabled'))]", "publicNetworkAccessForQuery": "[if(parameters('enablePrivateNetworking'), createObject('value', 'Disabled'), createObject('value', 'Enabled'))]", @@ -19362,8 +19821,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.36.1.42791", - "templateHash": "1749032521457140145" + "version": "0.39.26.7824", + "templateHash": "14099489006827800075" }, "name": "Log Analytics Workspaces", "description": "This module deploys a Log Analytics Workspace." @@ -19554,21 +20013,21 @@ "name": { "type": "string", "metadata": { - "description": "Required. Name of the linked service." + "description": "Required. Name of the linked service. E.g., 'Automation' for an automation account, or 'Cluster' for a Log Analytics Cluster." } }, "resourceId": { "type": "string", "nullable": true, "metadata": { - "description": "Optional. The resource id of the resource that will be linked to the workspace. This should be used for linking resources which require read access." + "description": "Optional. The resource id of the resource that will be linked to the workspace. This should be used for linking resources which require read access (e.g., Automation Accounts)." } }, "writeAccessResourceId": { "type": "string", "nullable": true, "metadata": { - "description": "Optional. The resource id of the resource that will be linked to the workspace. This should be used for linking resources which require write access." + "description": "Optional. The resource id of the resource that will be linked to the workspace. This should be used for linking resources which require write access (e.g., Log Analytics Clusters)." } } }, @@ -19804,7 +20263,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.OperationalInsights/workspaces/dataSources@2025-02-01#properties/tags" + "source": "Microsoft.OperationalInsights/workspaces/dataSources@2025-07-01#properties/tags" }, "description": "Optional. Tags to configure in the resource." }, @@ -19856,15 +20315,19 @@ "retentionInDays": { "type": "int", "nullable": true, + "minValue": 4, + "maxValue": 730, "metadata": { - "description": "Optional. The retention in days for the table." + "description": "Optional. The retention in days for the table. Don't provide to use the default workspace retention." } }, "totalRetentionInDays": { "type": "int", "nullable": true, + "minValue": 4, + "maxValue": 2555, "metadata": { - "description": "Optional. The total retention in days for the table." + "description": "Optional. The total retention in days for the table. Don't provide use the default table retention." } }, "roleAssignments": { @@ -20057,12 +20520,19 @@ "metadata": { "description": "Optional. Specify the type of lock." } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } } }, "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -20090,7 +20560,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -20197,7 +20667,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -20345,7 +20815,7 @@ "Standard" ], "metadata": { - "description": "Optional. The name of the SKU." + "description": "Optional. The name of the SKU. Must be 'LACluster' to be linked to a Log Analytics cluster." } }, "skuCapacityReservationLevel": { @@ -20454,11 +20924,17 @@ } }, "dailyQuotaGb": { - "type": "int", - "defaultValue": -1, - "minValue": -1, + "type": "string", + "defaultValue": "-1", + "metadata": { + "description": "Optional. The workspace daily quota for ingestion in GB. Supports decimal values. Example: '0.5' for 0.5 GB, '2' for 2 GB. Default is '-1' (no limit)." + } + }, + "defaultDataCollectionRuleResourceId": { + "type": "string", + "nullable": true, "metadata": { - "description": "Optional. The workspace daily quota for ingestion." + "description": "Optional. The resource ID of the default Data Collection Rule to use for this workspace. Note: the default DCR is not applicable on workspace creation and the workspace must be listed as a destination in the DCR." } }, "publicNetworkAccessForIngestion": { @@ -20466,7 +20942,8 @@ "defaultValue": "Enabled", "allowedValues": [ "Enabled", - "Disabled" + "Disabled", + "SecuredByPerimeter" ], "metadata": { "description": "Optional. The network access type for accessing Log Analytics ingestion." @@ -20477,7 +20954,8 @@ "defaultValue": "Enabled", "allowedValues": [ "Enabled", - "Disabled" + "Disabled", + "SecuredByPerimeter" ], "metadata": { "description": "Optional. The network access type for accessing Log Analytics query." @@ -20542,7 +21020,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.OperationalInsights/workspaces@2025-02-01#properties/tags" + "source": "Microsoft.OperationalInsights/workspaces@2025-07-01#properties/tags" }, "description": "Optional. Tags of the resource." }, @@ -20586,7 +21064,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.operationalinsights-workspace.{0}.{1}', replace('0.12.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.operationalinsights-workspace.{0}.{1}', replace('0.15.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -20604,7 +21082,7 @@ }, "logAnalyticsWorkspace": { "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -20622,12 +21100,13 @@ }, "retentionInDays": "[parameters('dataRetention')]", "workspaceCapping": { - "dailyQuotaGb": "[parameters('dailyQuotaGb')]" + "dailyQuotaGb": "[json(parameters('dailyQuotaGb'))]" }, "publicNetworkAccessForIngestion": "[parameters('publicNetworkAccessForIngestion')]", "publicNetworkAccessForQuery": "[parameters('publicNetworkAccessForQuery')]", "forceCmkForQuery": "[parameters('forceCmkForQuery')]", - "replication": "[parameters('replication')]" + "replication": "[parameters('replication')]", + "defaultDataCollectionRuleResourceId": "[parameters('defaultDataCollectionRuleResourceId')]" }, "identity": "[variables('identity')]" }, @@ -20675,7 +21154,7 @@ "logAnalyticsWorkspace_sentinelOnboarding": { "condition": "[and(not(empty(filter(coalesce(parameters('gallerySolutions'), createArray()), lambda('item', startsWith(lambdaVariables('item').name, 'SecurityInsights'))))), parameters('onboardWorkspaceToSentinel'))]", "type": "Microsoft.SecurityInsights/onboardingStates", - "apiVersion": "2024-03-01", + "apiVersion": "2025-09-01", "scope": "[format('Microsoft.OperationalInsights/workspaces/{0}', parameters('name'))]", "name": "default", "properties": {}, @@ -20691,7 +21170,7 @@ "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + "notes": "[coalesce(tryGet(parameters('lock'), 'notes'), if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.'))]" }, "dependsOn": [ "logAnalyticsWorkspace" @@ -20725,8 +21204,8 @@ "count": "[length(coalesce(parameters('storageInsightsConfigs'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-LAW-StorageInsightsConfig-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-LAW-StorageInsightsConfig-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -20753,8 +21232,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.36.1.42791", - "templateHash": "1306323182548882150" + "version": "0.39.26.7824", + "templateHash": "140290971998938797" }, "name": "Log Analytics Workspace Storage Insight Configs", "description": "This module deploys a Log Analytics Workspace Storage Insight Config." @@ -20803,7 +21282,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.OperationalInsights/workspaces/storageInsightConfigs@2025-02-01#properties/tags" + "source": "Microsoft.OperationalInsights/workspaces/storageInsightConfigs@2025-07-01#properties/tags" }, "description": "Optional. Tags to configure in the resource." }, @@ -20814,18 +21293,18 @@ "storageAccount": { "existing": true, "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[last(split(parameters('storageAccountResourceId'), '/'))]" }, "workspace": { "existing": true, "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[parameters('logAnalyticsWorkspaceName')]" }, "storageinsightconfig": { "type": "Microsoft.OperationalInsights/workspaces/storageInsightConfigs", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[format('{0}/{1}', parameters('logAnalyticsWorkspaceName'), parameters('name'))]", "tags": "[parameters('tags')]", "properties": { @@ -20833,7 +21312,7 @@ "tables": "[parameters('tables')]", "storageAccount": { "id": "[parameters('storageAccountResourceId')]", - "key": "[listKeys('storageAccount', '2024-01-01').keys[0].value]" + "key": "[listKeys('storageAccount', '2025-06-01').keys[0].value]" } } } @@ -20873,8 +21352,8 @@ "count": "[length(coalesce(parameters('linkedServices'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-LAW-LinkedService-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-LAW-LinkedService-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -20901,8 +21380,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.36.1.42791", - "templateHash": "5230241501765697269" + "version": "0.39.26.7824", + "templateHash": "14482465616812596213" }, "name": "Log Analytics Workspace Linked Services", "description": "This module deploys a Log Analytics Workspace Linked Service." @@ -20938,7 +21417,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.OperationalInsights/workspaces/linkedServices@2025-02-01#properties/tags" + "source": "Microsoft.OperationalInsights/workspaces/linkedServices@2025-07-01#properties/tags" }, "description": "Optional. Tags to configure in the resource." }, @@ -20949,12 +21428,12 @@ "workspace": { "existing": true, "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[parameters('logAnalyticsWorkspaceName')]" }, "linkedService": { "type": "Microsoft.OperationalInsights/workspaces/linkedServices", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[format('{0}/{1}', parameters('logAnalyticsWorkspaceName'), parameters('name'))]", "tags": "[parameters('tags')]", "properties": { @@ -20998,8 +21477,8 @@ "count": "[length(coalesce(parameters('linkedStorageAccounts'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-LAW-LinkedStorageAccount-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-LAW-LinkedStorageAccount-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -21023,8 +21502,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.36.1.42791", - "templateHash": "10372135754202496594" + "version": "0.39.26.7824", + "templateHash": "14864721709229272590" }, "name": "Log Analytics Workspace Linked Storage Accounts", "description": "This module deploys a Log Analytics Workspace Linked Storage Account." @@ -21063,12 +21542,12 @@ "workspace": { "existing": true, "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[parameters('logAnalyticsWorkspaceName')]" }, "linkedStorageAccount": { "type": "Microsoft.OperationalInsights/workspaces/linkedStorageAccounts", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[format('{0}/{1}', parameters('logAnalyticsWorkspaceName'), parameters('name'))]", "properties": { "storageAccountIds": "[parameters('storageAccountIds')]" @@ -21110,8 +21589,8 @@ "count": "[length(coalesce(parameters('savedSearches'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-LAW-SavedSearch-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-LAW-SavedSearch-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -21122,7 +21601,7 @@ "value": "[parameters('name')]" }, "name": { - "value": "[format('{0}{1}', coalesce(parameters('savedSearches'), createArray())[copyIndex()].name, uniqueString(deployment().name))]" + "value": "[format('{0}{1}', coalesce(parameters('savedSearches'), createArray())[copyIndex()].name, uniqueString(subscription().id, resourceGroup().id))]" }, "etag": { "value": "[tryGet(coalesce(parameters('savedSearches'), createArray())[copyIndex()], 'etag')]" @@ -21156,8 +21635,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.36.1.42791", - "templateHash": "9015459905306126128" + "version": "0.39.26.7824", + "templateHash": "17904092372918022238" }, "name": "Log Analytics Workspace Saved Searches", "description": "This module deploys a Log Analytics Workspace Saved Search." @@ -21197,7 +21676,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.OperationalInsights/workspaces/savedSearches@2025-02-01#properties/properties/properties/tags" + "source": "Microsoft.OperationalInsights/workspaces/savedSearches@2025-07-01#properties/properties/properties/tags" }, "description": "Optional. Tags to configure in the resource." }, @@ -21236,12 +21715,12 @@ "workspace": { "existing": true, "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[parameters('logAnalyticsWorkspaceName')]" }, "savedSearch": { "type": "Microsoft.OperationalInsights/workspaces/savedSearches", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[format('{0}/{1}', parameters('logAnalyticsWorkspaceName'), parameters('name'))]", "properties": { "etag": "[parameters('etag')]", @@ -21291,8 +21770,8 @@ "count": "[length(coalesce(parameters('dataExports'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-LAW-DataExport-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-LAW-DataExport-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -21322,8 +21801,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.36.1.42791", - "templateHash": "8586520532175356447" + "version": "0.39.26.7824", + "templateHash": "17943947755417749524" }, "name": "Log Analytics Workspace Data Exports", "description": "This module deploys a Log Analytics Workspace Data Export." @@ -21405,12 +21884,12 @@ "workspace": { "existing": true, "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[parameters('workspaceName')]" }, "dataExport": { "type": "Microsoft.OperationalInsights/workspaces/dataExports", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[format('{0}/{1}', parameters('workspaceName'), parameters('name'))]", "properties": { "destination": "[parameters('destination')]", @@ -21454,8 +21933,8 @@ "count": "[length(coalesce(parameters('dataSources'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-LAW-DataSource-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-LAW-DataSource-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -21515,8 +21994,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.36.1.42791", - "templateHash": "8336916453932906250" + "version": "0.39.26.7824", + "templateHash": "15360290236166491819" }, "name": "Log Analytics Workspace Datasources", "description": "This module deploys a Log Analytics Workspace Data Source." @@ -21555,7 +22034,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.OperationalInsights/workspaces/dataSources@2025-02-01#properties/tags" + "source": "Microsoft.OperationalInsights/workspaces/dataSources@2025-07-01#properties/tags" }, "description": "Optional. Tags to configure in the resource." }, @@ -21643,12 +22122,12 @@ "workspace": { "existing": true, "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[parameters('logAnalyticsWorkspaceName')]" }, "dataSource": { "type": "Microsoft.OperationalInsights/workspaces/dataSources", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[format('{0}/{1}', parameters('logAnalyticsWorkspaceName'), parameters('name'))]", "kind": "[parameters('kind')]", "tags": "[parameters('tags')]", @@ -21702,8 +22181,8 @@ "count": "[length(coalesce(parameters('tables'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-LAW-Table-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-LAW-Table-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -21745,8 +22224,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.36.1.42791", - "templateHash": "315390662258960765" + "version": "0.39.26.7824", + "templateHash": "18383178824663161801" }, "name": "Log Analytics Workspace Tables", "description": "This module deploys a Log Analytics Workspace Table." @@ -22030,11 +22509,11 @@ }, "retentionInDays": { "type": "int", - "defaultValue": -1, - "minValue": -1, + "nullable": true, + "minValue": 4, "maxValue": 730, "metadata": { - "description": "Optional. The table retention in days, between 4 and 730. Setting this property to -1 will default to the workspace retention." + "description": "Optional. The table retention in days, between 4 and 730. Don't provide to use the default workspace retention." } }, "schema": { @@ -22053,11 +22532,11 @@ }, "totalRetentionInDays": { "type": "int", - "defaultValue": -1, - "minValue": -1, + "nullable": true, + "minValue": 4, "maxValue": 2555, "metadata": { - "description": "Optional. The table total retention in days, between 4 and 2555. Setting this property to -1 will default to table retention." + "description": "Optional. The table total retention in days, between 4 and 2555. Don't provide use the default table retention." } }, "roleAssignments": { @@ -22095,20 +22574,20 @@ "workspace": { "existing": true, "type": "Microsoft.OperationalInsights/workspaces", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[parameters('workspaceName')]" }, "table": { "type": "Microsoft.OperationalInsights/workspaces/tables", - "apiVersion": "2025-02-01", + "apiVersion": "2025-07-01", "name": "[format('{0}/{1}', parameters('workspaceName'), parameters('name'))]", "properties": { "plan": "[parameters('plan')]", "restoredLogs": "[parameters('restoredLogs')]", - "retentionInDays": "[parameters('retentionInDays')]", + "retentionInDays": "[coalesce(parameters('retentionInDays'), -1)]", "schema": "[parameters('schema')]", "searchResults": "[parameters('searchResults')]", - "totalRetentionInDays": "[parameters('totalRetentionInDays')]" + "totalRetentionInDays": "[coalesce(parameters('totalRetentionInDays'), -1)]" } }, "table_roleAssignments": { @@ -22170,8 +22649,8 @@ }, "condition": "[not(empty(parameters('gallerySolutions')))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-LAW-Solution-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "apiVersion": "2025-04-01", + "name": "[format('{0}-LAW-Solution-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -22386,7 +22865,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('logAnalyticsWorkspace', '2025-02-01', 'full').location]" + "value": "[reference('logAnalyticsWorkspace', '2025-07-01', 'full').location]" }, "systemAssignedMIPrincipalId": { "type": "string", @@ -22394,21 +22873,21 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[tryGet(tryGet(reference('logAnalyticsWorkspace', '2025-02-01', 'full'), 'identity'), 'principalId')]" + "value": "[tryGet(tryGet(reference('logAnalyticsWorkspace', '2025-07-01', 'full'), 'identity'), 'principalId')]" }, "primarySharedKey": { "type": "securestring", "metadata": { "description": "The primary shared key of the log analytics workspace." }, - "value": "[listKeys('logAnalyticsWorkspace', '2025-02-01').primarySharedKey]" + "value": "[listKeys('logAnalyticsWorkspace', '2025-07-01').primarySharedKey]" }, "secondarySharedKey": { "type": "securestring", "metadata": { "description": "The secondary shared key of the log analytics workspace." }, - "value": "[listKeys('logAnalyticsWorkspace', '2025-02-01').secondarySharedKey]" + "value": "[listKeys('logAnalyticsWorkspace', '2025-07-01').secondarySharedKey]" } } } @@ -22430,7 +22909,7 @@ }, "location": { "type": "string", - "value": "[if(variables('useExistingWorkspace'), reference('existingLogAnalyticsWorkspace', '2023-09-01', 'full').location, reference('logAnalyticsWorkspace').outputs.location.value)]" + "value": "[if(variables('useExistingWorkspace'), reference('existingLogAnalyticsWorkspace', '2025-07-01', 'full').location, reference('logAnalyticsWorkspace').outputs.location.value)]" }, "name": { "type": "string", @@ -22485,8 +22964,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "13842668180838264807" + "version": "0.39.26.7824", + "templateHash": "17358780145253914698" }, "name": "Application Insights", "description": "This component deploys an Application Insights instance." @@ -22896,7 +23375,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Insights/components@2020-10-01#properties/tags" + "source": "Microsoft.Insights/components@2020-02-02#properties/tags" }, "description": "Optional. Tags of the resource." }, @@ -22945,7 +23424,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.insights-component.{0}.{1}', replace('0.7.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.insights-component.{0}.{1}', replace('0.7.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -23085,8 +23564,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "9567302051678045750" + "version": "0.39.26.7824", + "templateHash": "5059808225314360251" }, "name": "Application Insights Linked Storage Account", "description": "This component deploys an Application Insights Linked Storage Account." @@ -23231,8 +23710,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "13929816981891754138" + "version": "0.42.1.51946", + "templateHash": "18123481228095028530" } }, "parameters": { @@ -23292,8 +23771,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "4802029174070596736" + "version": "0.39.26.7824", + "templateHash": "7591858083424858339" }, "name": "User Assigned Identities", "description": "This module deploys a User Assigned Identity." @@ -23505,6 +23984,17 @@ "metadata": { "description": "Optional. Enable/Disable usage telemetry for module." } + }, + "isolationScope": { + "type": "string", + "nullable": true, + "allowedValues": [ + "None", + "Regional" + ], + "metadata": { + "description": "Optional. Enum to configure regional restrictions on identity assignment, as necessary. Allowed values: \"None\", \"Regional\"." + } } }, "variables": { @@ -23530,7 +24020,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.managedidentity-userassignedidentity.{0}.{1}', replace('0.4.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.managedidentity-userassignedidentity.{0}.{1}', replace('0.5.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -23551,7 +24041,8 @@ "apiVersion": "2024-11-30", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]" + "tags": "[parameters('tags')]", + "properties": "[if(not(equals(parameters('isolationScope'), null())), createObject('isolationScope', parameters('isolationScope')), createObject())]" }, "userAssignedIdentity_lock": { "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", @@ -23598,7 +24089,7 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2025-04-01", - "name": "[format('{0}-UserMSI-FederatedIdentityCred-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-UserMSI-FederatedIdentityCred-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -23627,8 +24118,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "8235783049087377232" + "version": "0.39.26.7824", + "templateHash": "1387931959101373036" }, "name": "User Assigned Identity Federated Identity Credential", "description": "This module deploys a User Assigned Identity Federated Identity Credential." @@ -23823,8 +24314,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "17694195801715707119" + "version": "0.42.1.51946", + "templateHash": "1869938830611166930" }, "name": "Container Registry Module" }, @@ -23900,7 +24391,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -24033,8 +24524,8 @@ }, "replications": "[if(parameters('enableRedundancy'), createObject('value', createArray(createObject('location', parameters('replicaLocation'), 'name', format('acrrepl{0}', replace(parameters('replicaLocation'), '-', ''))))), createObject('value', null()))]", "networkRuleSetDefaultAction": "[if(parameters('enablePrivateNetworking'), createObject('value', 'Deny'), createObject('value', 'Allow'))]", - "networkRuleSetIpRules": "[if(parameters('enablePrivateNetworking'), createObject('value', createArray()), createObject('value', createArray()))]", - "exportPolicyStatus": "[if(parameters('enablePrivateNetworking'), createObject('value', 'disabled'), createObject('value', 'enabled'))]", + "networkRuleSetIpRules": "[if(parameters('enablePrivateNetworking'), createObject('value', createArray()), createObject('value', null()))]", + "exportPolicyStatus": "[if(parameters('enablePrivateNetworking'), createObject('value', 'disabled'), createObject('value', null()))]", "privateEndpoints": "[if(parameters('enablePrivateNetworking'), createObject('value', createArray(createObject('name', format('pep-acr-{0}', parameters('acrName')), 'customNetworkInterfaceName', format('nic-acr-{0}', parameters('acrName')), 'privateDnsZoneGroup', if(not(empty(parameters('privateDnsZoneResourceId'))), createObject('privateDnsZoneGroupConfigs', createArray(createObject('name', 'acr-dns-zone-group', 'privateDnsZoneResourceId', parameters('privateDnsZoneResourceId')))), null()), 'subnetResourceId', parameters('backendSubnetResourceId')))), createObject('value', createArray()))]" }, "template": { @@ -24044,8 +24535,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "10440624024470892086" + "version": "0.42.1.51946", + "templateHash": "1509121545318808417" }, "name": "Azure Container Registries (ACR)", "description": "This module deploys an Azure Container Registry (ACR)." @@ -24114,6 +24605,43 @@ "__bicep_export!": true } }, + "credentialSetType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the credential set." + } + }, + "managedIdentities": { + "$ref": "#/definitions/managedIdentityOnlySysAssignedType", + "nullable": true, + "metadata": { + "description": "Optional. The managed identity definition for this resource." + } + }, + "authCredentials": { + "type": "array", + "items": { + "$ref": "#/definitions/authCredentialsType" + }, + "metadata": { + "description": "Required. List of authentication credentials stored for an upstream. Usually consists of a primary and an optional secondary credential." + } + }, + "loginServer": { + "type": "string", + "metadata": { + "description": "Required. The credentials are stored for this upstream or login server." + } + } + }, + "metadata": { + "__bicep_export!": true, + "description": "The type for a credential set." + } + }, "scopeMapsType": { "type": "object", "properties": { @@ -24126,10 +24654,10 @@ }, "actions": { "type": "array", - "items": { - "type": "string" - }, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/scopeMaps@2025-03-01-preview#properties/properties/properties/actions" + }, "description": "Required. The list of scoped permissions for registry artifacts." } }, @@ -24182,50 +24710,62 @@ "description": "The type for a cache rule." } }, - "credentialSetType": { + "replicationType": { "type": "object", "properties": { "name": { "type": "string", "metadata": { - "description": "Required. The name of the credential set." + "description": "Required. The name of the replication." } }, - "managedIdentities": { - "$ref": "#/definitions/managedIdentityOnlySysAssignedType", + "location": { + "type": "string", "nullable": true, "metadata": { - "description": "Optional. The managed identity definition for this resource." + "description": "Optional. Location for all resources." } }, - "authCredentials": { - "type": "array", - "items": { - "$ref": "#/definitions/authCredentialsType" + "tags": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/replications@2025-03-01-preview#properties/tags" + }, + "description": "Optional. Tags of the resource." }, + "nullable": true + }, + "regionEndpointEnabled": { + "type": "bool", + "nullable": true, "metadata": { - "description": "Required. List of authentication credentials stored for an upstream. Usually consists of a primary and an optional secondary credential." + "description": "Optional. Specifies whether the replication regional endpoint is enabled. Requests will not be routed to a replication whose regional endpoint is disabled, however its data will continue to be synced with other replications." } }, - "loginServer": { + "zoneRedundancy": { "type": "string", "metadata": { - "description": "Required. The credentials are stored for this upstream or login server." - } + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries@2025-03-01-preview#properties/properties/properties/zoneRedundancy" + }, + "description": "Optional. Whether or not zone redundancy is enabled for this container registry." + }, + "nullable": true } }, "metadata": { "__bicep_export!": true, - "description": "The type for a credential set." + "description": "The type for a replication." } }, - "replicationType": { + "taskType": { "type": "object", "properties": { "name": { "type": "string", "metadata": { - "description": "Required. The name of the replication." + "description": "Required. The name of the task." } }, "location": { @@ -24237,33 +24777,133 @@ }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/tasks@2025-03-01-preview#properties/tags" + }, "description": "Optional. Tags of the resource." + }, + "nullable": true + }, + "platform": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/tasks@2025-03-01-preview#properties/properties/properties/platform" + }, + "description": "Optional. The platform properties for the task." + }, + "nullable": true + }, + "step": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/tasks@2025-03-01-preview#properties/properties/properties/step" + }, + "description": "Optional. The step properties for the task." + }, + "nullable": true + }, + "trigger": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/tasks@2025-03-01-preview#properties/properties/properties/trigger" + }, + "description": "Optional. The trigger properties for the task." + }, + "nullable": true + }, + "status": { + "type": "string", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/tasks@2025-03-01-preview#properties/properties/properties/status" + }, + "description": "Optional. The status of the task at the time the operation was called." + }, + "nullable": true + }, + "timeout": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The timeout in seconds for the task to run before it is automatically disabled." } }, - "regionEndpointEnabled": { + "agentConfiguration": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/tasks@2025-03-01-preview#properties/properties/properties/agentConfiguration" + }, + "description": "Optional. The agent configuration for the task." + }, + "nullable": true + }, + "agentPoolName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the agent pool to run the task on. If not specified, the task will run on Microsoft-hosted agents." + } + }, + "isSystemTask": { "type": "bool", "nullable": true, "metadata": { - "description": "Optional. Specifies whether the replication regional endpoint is enabled. Requests will not be routed to a replication whose regional endpoint is disabled, however its data will continue to be synced with other replications." + "description": "Optional. Whether this is a system task or not. System tasks have some additional restrictions and are used for internal purposes by Microsoft services, such as Azure DevOps pipelines integration." } }, - "zoneRedundancy": { + "logTemplate": { "type": "string", - "allowedValues": [ - "Disabled", - "Enabled" - ], "nullable": true, "metadata": { - "description": "Optional. Whether or not zone redundancy is enabled for this container registry." + "description": "Optional. The log template for the task to use when creating logs in Log Analytics." } } }, "metadata": { "__bicep_export!": true, - "description": "The type for a replication." + "description": "The type for a task." + } + }, + "tokenType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the token." + } + }, + "scopeMapResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the scope map which defines the permissions for this token." + } + }, + "status": { + "type": "string", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/tokens@2025-11-01#properties/properties/properties/status" + }, + "description": "Optional. The status of the token at the time the operation was called." + }, + "nullable": true + }, + "credentials": { + "type": "array", + "items": { + "$ref": "#/definitions/authCredentialsType" + }, + "nullable": true, + "metadata": { + "description": "Optional. The list of credentials associated with the token. Usually consists of a primary and an optional secondary credential." + } + } } }, "webhookType": { @@ -24286,14 +24926,13 @@ }, "status": { "type": "string", - "allowedValues": [ - "disabled", - "enabled" - ], - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/webhooks@2025-03-01-preview#properties/properties/properties/status" + }, "description": "Optional. The status of the webhook at the time the operation was called." - } + }, + "nullable": true }, "action": { "type": "array", @@ -24314,17 +24953,23 @@ }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/webhooks@2025-03-01-preview#properties/tags" + }, "description": "Optional. Tags of the resource." - } + }, + "nullable": true }, "customHeaders": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/webhooks@2025-03-01-preview#properties/properties/properties/customHeaders" + }, "description": "Optional. Custom headers that will be added to the webhook notifications." - } + }, + "nullable": true }, "scope": { "type": "string", @@ -24339,43 +24984,6 @@ "description": "The type for a webhook." } }, - "_1.lockType": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Specify the name of lock." - } - }, - "kind": { - "type": "string", - "allowedValues": [ - "CanNotDelete", - "None", - "ReadOnly" - ], - "nullable": true, - "metadata": { - "description": "Optional. Specify the type of lock." - } - }, - "notes": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Specify the notes of the lock." - } - } - }, - "metadata": { - "description": "An AVM-aligned type for a lock.", - "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" - } - } - }, "_1.privateEndpointCustomDnsConfigType": { "type": "object", "properties": { @@ -24398,7 +25006,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -24440,7 +25048,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -24481,82 +25089,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" - } - } - }, - "_1.roleAssignmentType": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated." - } - }, - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "principalId": { - "type": "string", - "metadata": { - "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." - } - }, - "principalType": { - "type": "string", - "allowedValues": [ - "Device", - "ForeignGroup", - "Group", - "ServicePrincipal", - "User" - ], - "nullable": true, - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "description": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "condition": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." - } - }, - "conditionVersion": { - "type": "string", - "allowedValues": [ - "2.0" - ], - "nullable": true, - "metadata": { - "description": "Optional. Version of the condition." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The Resource Id of the delegated managed identity resource." - } - } - }, - "metadata": { - "description": "An AVM-aligned type for a role assignment.", - "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -24629,7 +25162,7 @@ "metadata": { "description": "An AVM-aligned type for a customer-managed key. To be used if the resource type supports auto-rotation of the customer-managed key.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -24751,7 +25284,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if both logs & metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -24788,7 +25321,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -24816,7 +25349,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -24834,7 +25367,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if only system-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -24942,7 +25475,7 @@ } }, "lock": { - "$ref": "#/definitions/_1.lockType", + "$ref": "#/definitions/lockType", "nullable": true, "metadata": { "description": "Optional. Specify the type of lock." @@ -24951,7 +25484,7 @@ "roleAssignments": { "type": "array", "items": { - "$ref": "#/definitions/_1.roleAssignmentType" + "$ref": "#/definitions/roleAssignmentType" }, "nullable": true, "metadata": { @@ -24979,7 +25512,7 @@ "metadata": { "description": "An AVM-aligned type for a private endpoint. To be used if the private endpoint's default service / groupId can be assumed (i.e., for services that only have one Private Endpoint type like 'vault' for key vault).", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -25054,7 +25587,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -25092,6 +25625,31 @@ "description": "Optional. Array of role assignments to create." } }, + "autoGeneratedDomainNameLabelScope": { + "type": "string", + "nullable": true, + "allowedValues": [ + "NoReuse", + "ResourceGroupReuse", + "SubscriptionReuse", + "TenantReuse", + "Unsecure" + ], + "metadata": { + "description": "Optional. The domain name label reuse scope." + } + }, + "roleAssignmentMode": { + "type": "string", + "nullable": true, + "allowedValues": [ + "AbacRepositoryPermissions", + "LegacyRegistryPermissions" + ], + "metadata": { + "description": "Optional. The registry permissions role assignment mode." + } + }, "acrSku": { "type": "string", "defaultValue": "Premium", @@ -25157,13 +25715,13 @@ }, "azureADAuthenticationAsArmPolicyStatus": { "type": "string", - "defaultValue": "enabled", + "defaultValue": "disabled", "allowedValues": [ "disabled", "enabled" ], "metadata": { - "description": "Optional. The value that indicates whether the policy for using ARM audience token for a container registry is enabled or not. Default is enabled." + "description": "Optional. The value that indicates whether the policy for using ARM audience token for a container registry is enabled or not. Default is disabled." } }, "softDeletePolicyStatus": { @@ -25228,7 +25786,7 @@ "type": "array", "nullable": true, "metadata": { - "description": "Optional. The IP ACL rules. Note, requires the 'acrSku' to be 'Premium'." + "description": "Optional. The IP ACL rules. Note, requires the 'acrSku' to be 'Premium'. Set to an empty array to explicitly configure no allowed IPs." } }, "privateEndpoints": { @@ -25310,7 +25868,7 @@ }, "nullable": true, "metadata": { - "description": "Optional. The diagnostic settings of the service." + "description": "Optional. The diagnostic settings of the service. If neither metrics nor logs are specified, all metrics & logs are configured by default. If either one is specified, the other is ignored." } }, "anonymousPullEnabled": { @@ -25356,6 +25914,26 @@ "metadata": { "description": "Optional. Scope maps setting." } + }, + "tokens": { + "type": "array", + "items": { + "$ref": "#/definitions/tokenType" + }, + "nullable": true, + "metadata": { + "description": "Optional. Tokens to create for the container registry." + } + }, + "tasks": { + "type": "array", + "items": { + "$ref": "#/definitions/taskType" + }, + "nullable": true, + "metadata": { + "description": "Optional. Array of ACR Tasks to create." + } } }, "variables": { @@ -25376,12 +25954,18 @@ "AcrPush": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8311e382-0749-4cb8-b61a-304f252e45ec')]", "AcrQuarantineReader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'cdda3590-29a3-44f6-95f2-9f980659eb04')]", "AcrQuarantineWriter": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c8d4ff99-41c3-41a8-9f60-21dfdad59608')]", + "Container Registry Repository Catalog Lister": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'bfdb9389-c9a5-478a-bb2f-ba9ca092c3c7')]", + "Container Registry Repository Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2efddaa5-3f1f-4df3-97df-af3f13818f4c')]", + "Container Registry Repository Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b93aa761-3e63-49ed-ac28-beffa264f7ac')]", + "Container Registry Repository Writer": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2a1e307c-b015-4ebd-883e-5b7698a07328')]", "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", "Role Based Access Control Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" - } + }, + "publicNetworkAccessMode": "[if(not(empty(parameters('publicNetworkAccess'))), parameters('publicNetworkAccess'), if(and(not(empty(parameters('privateEndpoints'))), empty(parameters('networkRuleSetIpRules'))), 'Disabled', null()))]", + "shouldConfigureNetworkRuleSet": "[or(not(equals(parameters('networkRuleSetIpRules'), null())), and(equals(variables('publicNetworkAccessMode'), 'Enabled'), equals(parameters('networkRuleSetDefaultAction'), 'Deny')))]" }, "resources": { "cMKKeyVault::cMKKey": { @@ -25396,8 +25980,8 @@ "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.containerregistry-registry.{0}.{1}', replace('0.9.3', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.containerregistry-registry.{0}.{1}', replace('0.12.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -25433,7 +26017,7 @@ }, "registry": { "type": "Microsoft.ContainerRegistry/registries", - "apiVersion": "2023-06-01-preview", + "apiVersion": "2025-06-01-preview", "name": "[parameters('name')]", "location": "[parameters('location')]", "identity": "[variables('identity')]", @@ -25444,6 +26028,8 @@ "properties": { "anonymousPullEnabled": "[parameters('anonymousPullEnabled')]", "adminUserEnabled": "[parameters('acrAdminUserEnabled')]", + "autoGeneratedDomainNameLabelScope": "[parameters('autoGeneratedDomainNameLabelScope')]", + "roleAssignmentMode": "[parameters('roleAssignmentMode')]", "encryption": "[if(not(empty(parameters('customerManagedKey'))), createObject('status', 'enabled', 'keyVaultProperties', createObject('identity', if(not(empty(coalesce(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'), ''))), reference('cMKUserAssignedIdentity').clientId, null()), 'keyIdentifier', if(not(empty(tryGet(parameters('customerManagedKey'), 'keyVersion'))), format('{0}/{1}', reference('cMKKeyVault::cMKKey').keyUri, tryGet(parameters('customerManagedKey'), 'keyVersion')), if(coalesce(tryGet(parameters('customerManagedKey'), 'autoRotationEnabled'), true()), reference('cMKKeyVault::cMKKey').keyUri, reference('cMKKeyVault::cMKKey').keyUriWithVersion)))), null())]", "policies": { "azureADAuthenticationAsArmPolicy": { @@ -25459,9 +26045,9 @@ } }, "dataEndpointEnabled": "[parameters('dataEndpointEnabled')]", - "publicNetworkAccess": "[if(not(empty(parameters('publicNetworkAccess'))), parameters('publicNetworkAccess'), if(and(not(empty(parameters('privateEndpoints'))), empty(parameters('networkRuleSetIpRules'))), 'Disabled', null()))]", + "publicNetworkAccess": "[variables('publicNetworkAccessMode')]", "networkRuleBypassOptions": "[parameters('networkRuleBypassOptions')]", - "networkRuleSet": "[if(not(empty(parameters('networkRuleSetIpRules'))), createObject('defaultAction', parameters('networkRuleSetDefaultAction'), 'ipRules', parameters('networkRuleSetIpRules')), null())]", + "networkRuleSet": "[if(variables('shouldConfigureNetworkRuleSet'), createObject('defaultAction', parameters('networkRuleSetDefaultAction'), 'ipRules', coalesce(parameters('networkRuleSetIpRules'), createArray())), null())]", "zoneRedundancy": "[if(equals(parameters('acrSku'), 'Premium'), parameters('zoneRedundancy'), null())]" }, "dependsOn": [ @@ -25473,7 +26059,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.ContainerRegistry/registries/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.ContainerRegistry/registries', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -25490,26 +26076,26 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.ContainerRegistry/registries/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.ContainerRegistry/registries', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ { "name": "metrics", - "count": "[length(coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics'))))]", + "count": "[length(coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), if(empty(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups')), createArray(createObject('category', 'AllMetrics')), createArray())))]", "input": { - "category": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics')))[copyIndex('metrics')].category]", - "enabled": "[coalesce(tryGet(coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), createArray(createObject('category', 'AllMetrics')))[copyIndex('metrics')], 'enabled'), true())]", + "category": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), if(empty(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups')), createArray(createObject('category', 'AllMetrics')), createArray()))[copyIndex('metrics')].category]", + "enabled": "[coalesce(tryGet(coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories'), if(empty(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups')), createArray(createObject('category', 'AllMetrics')), createArray()))[copyIndex('metrics')], 'enabled'), true())]", "timeGrain": null } }, { "name": "logs", - "count": "[length(coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), createArray(createObject('categoryGroup', 'allLogs'))))]", + "count": "[length(coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), if(empty(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories')), createArray(createObject('categoryGroup', 'allLogs')), createArray())))]", "input": { - "categoryGroup": "[tryGet(coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), createArray(createObject('categoryGroup', 'allLogs')))[copyIndex('logs')], 'categoryGroup')]", - "category": "[tryGet(coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), createArray(createObject('categoryGroup', 'allLogs')))[copyIndex('logs')], 'category')]", - "enabled": "[coalesce(tryGet(coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), createArray(createObject('categoryGroup', 'allLogs')))[copyIndex('logs')], 'enabled'), true())]" + "categoryGroup": "[tryGet(coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), if(empty(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories')), createArray(createObject('categoryGroup', 'allLogs')), createArray()))[copyIndex('logs')], 'categoryGroup')]", + "category": "[tryGet(coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), if(empty(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories')), createArray(createObject('categoryGroup', 'allLogs')), createArray()))[copyIndex('logs')], 'category')]", + "enabled": "[coalesce(tryGet(coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'logCategoriesAndGroups'), if(empty(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'metricCategories')), createArray(createObject('categoryGroup', 'allLogs')), createArray()))[copyIndex('logs')], 'enabled'), true())]" } } ], @@ -25531,7 +26117,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.ContainerRegistry/registries/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.ContainerRegistry/registries', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.ContainerRegistry/registries', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -25552,7 +26138,7 @@ "count": "[length(coalesce(parameters('scopeMaps'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-Registry-Scope-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -25571,6 +26157,9 @@ }, "registryName": { "value": "[parameters('name')]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" } }, "template": { @@ -25580,11 +26169,11 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "6143951528715126111" + "version": "0.42.1.51946", + "templateHash": "3787322352564227867" }, - "name": "Container Registries scopeMaps", - "description": "This module deploys an Azure Container Registry (ACR) scopeMap." + "name": "Container Registries scope maps", + "description": "This module deploys an Azure Container Registry (ACR) scope map." }, "parameters": { "registryName": { @@ -25615,18 +26204,45 @@ "metadata": { "description": "Optional. The user friendly description of the scope map." } + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } } }, "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.containerregistry-registry-scopemap.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, "registry": { "existing": true, "type": "Microsoft.ContainerRegistry/registries", - "apiVersion": "2023-06-01-preview", + "apiVersion": "2025-11-01", "name": "[parameters('registryName')]" }, "scopeMap": { "type": "Microsoft.ContainerRegistry/registries/scopeMaps", - "apiVersion": "2023-06-01-preview", + "apiVersion": "2025-11-01", "name": "[format('{0}/{1}', parameters('registryName'), parameters('name'))]", "properties": { "actions": "[parameters('actions')]", @@ -25669,7 +26285,7 @@ "count": "[length(coalesce(parameters('replications'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-Registry-Replication-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -25694,6 +26310,9 @@ }, "tags": { "value": "[coalesce(tryGet(coalesce(parameters('replications'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" } }, "template": { @@ -25703,8 +26322,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "9998680016086915512" + "version": "0.42.1.51946", + "templateHash": "6219097750044645017" }, "name": "Azure Container Registry (ACR) Replications", "description": "This module deploys an Azure Container Registry (ACR) Replication." @@ -25731,10 +26350,13 @@ }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/replications@2025-11-01#properties/tags" + }, "description": "Optional. Tags of the resource." - } + }, + "nullable": true }, "regionEndpointEnabled": { "type": "bool", @@ -25753,18 +26375,45 @@ "metadata": { "description": "Optional. Whether or not zone redundancy is enabled for this container registry." } + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } } }, "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.containerregistry-registry-repl.{0}.{1}', replace('0.1.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, "registry": { "existing": true, "type": "Microsoft.ContainerRegistry/registries", - "apiVersion": "2023-06-01-preview", + "apiVersion": "2025-11-01", "name": "[parameters('registryName')]" }, "replication": { "type": "Microsoft.ContainerRegistry/registries/replications", - "apiVersion": "2023-06-01-preview", + "apiVersion": "2025-11-01", "name": "[format('{0}/{1}', parameters('registryName'), parameters('name'))]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -25801,7 +26450,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('replication', '2023-06-01-preview', 'full').location]" + "value": "[reference('replication', '2025-11-01', 'full').location]" } } } @@ -25816,7 +26465,7 @@ "count": "[length(coalesce(parameters('credentialSets'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-Registry-CredentialSet-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -25838,6 +26487,9 @@ }, "loginServer": { "value": "[coalesce(parameters('credentialSets'), createArray())[copyIndex()].loginServer]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" } }, "template": { @@ -25847,8 +26499,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "10146775336818580275" + "version": "0.42.1.51946", + "templateHash": "13412699468141336519" }, "name": "Container Registries Credential Sets", "description": "This module deploys an ACR Credential Set." @@ -25895,7 +26547,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if only system-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -25934,23 +26586,47 @@ "metadata": { "description": "Required. The credentials are stored for this upstream or login server." } + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } } }, - "variables": { - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), 'SystemAssigned', null())), null())]" - }, "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.containerregistry-registry-credset.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, "registry": { "existing": true, "type": "Microsoft.ContainerRegistry/registries", - "apiVersion": "2023-06-01-preview", + "apiVersion": "2025-11-01", "name": "[parameters('registryName')]" }, "credentialSet": { "type": "Microsoft.ContainerRegistry/registries/credentialSets", - "apiVersion": "2023-11-01-preview", + "apiVersion": "2025-11-01", "name": "[format('{0}/{1}', parameters('registryName'), parameters('name'))]", - "identity": "[variables('identity')]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), 'SystemAssigned', null())), null())]", "properties": { "authCredentials": "[parameters('authCredentials')]", "loginServer": "[parameters('loginServer')]" @@ -25985,7 +26661,7 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[tryGet(tryGet(reference('credentialSet', '2023-11-01-preview', 'full'), 'identity'), 'principalId')]" + "value": "[tryGet(tryGet(reference('credentialSet', '2025-11-01', 'full'), 'identity'), 'principalId')]" } } } @@ -26000,7 +26676,7 @@ "count": "[length(coalesce(parameters('cacheRules'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-Registry-Cache-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -26022,6 +26698,9 @@ }, "credentialSetResourceId": { "value": "[tryGet(coalesce(parameters('cacheRules'), createArray())[copyIndex()], 'credentialSetResourceId')]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" } }, "template": { @@ -26031,11 +26710,11 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "16179895563671172347" + "version": "0.42.1.51946", + "templateHash": "1319901650921923538" }, - "name": "Container Registries Cache", - "description": "Cache for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Cache for ACR, is a preview feature available in Basic, Standard, and Premium service tiers ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache))." + "name": "Container Registry Cache", + "description": "The cache for Azure Container Registry (Preview) feature allows users to cache container images in a private container registry. Cache for ACR, is a preview feature available in Basic, Standard, and Premium service tiers ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache))." }, "parameters": { "registryName": { @@ -26068,20 +26747,47 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The resource ID of the credential store which is associated with the cache rule." + "description": "Optional. The resource ID of the credential store which is associated with the cache rule. Required only when pulling from authenticated upstream registries (e.g., Docker Hub). Omit for anonymous public registries such as MCR (mcr.microsoft.com)." + } + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." } } }, "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.containerregistry-registry-cacherule.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, "registry": { "existing": true, "type": "Microsoft.ContainerRegistry/registries", - "apiVersion": "2023-06-01-preview", + "apiVersion": "2025-11-01", "name": "[parameters('registryName')]" }, "cacheRule": { "type": "Microsoft.ContainerRegistry/registries/cacheRules", - "apiVersion": "2023-06-01-preview", + "apiVersion": "2025-11-01", "name": "[format('{0}/{1}', parameters('registryName'), parameters('name'))]", "properties": { "sourceRepository": "[parameters('sourceRepository')]", @@ -26120,13 +26826,517 @@ "registry_credentialSets" ] }, + "registry_tokens": { + "copy": { + "name": "registry_tokens", + "count": "[length(coalesce(parameters('tokens'), createArray()))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2025-04-01", + "name": "[format('{0}-Registry-Token-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[coalesce(parameters('tokens'), createArray())[copyIndex()].name]" + }, + "registryName": { + "value": "[parameters('name')]" + }, + "scopeMapResourceId": { + "value": "[coalesce(parameters('tokens'), createArray())[copyIndex()].scopeMapResourceId]" + }, + "status": { + "value": "[tryGet(coalesce(parameters('tokens'), createArray())[copyIndex()], 'status')]" + }, + "credentials": { + "value": "[tryGet(coalesce(parameters('tokens'), createArray())[copyIndex()], 'credentials')]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.42.1.51946", + "templateHash": "5970335582661416899" + }, + "name": "Container Registries Tokens", + "description": "Deploys an Azure Container Registry (ACR) Token." + }, + "parameters": { + "registryName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent registry. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "minLength": 5, + "maxLength": 50, + "metadata": { + "description": "Required. The name of the token." + } + }, + "scopeMapResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the scope map to which the token will be associated with." + } + }, + "status": { + "type": "string", + "defaultValue": "enabled", + "allowedValues": [ + "disabled", + "enabled" + ], + "metadata": { + "description": "Optional. The status of the token. Default is enabled." + } + }, + "credentials": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/tokens@2025-11-01#properties/properties/properties/credentials" + }, + "description": "Optional. The credentials associated with the token for authentication." + }, + "nullable": true + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + } + }, + "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.containerregistry-registry-token.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, + "registry": { + "existing": true, + "type": "Microsoft.ContainerRegistry/registries", + "apiVersion": "2025-11-01", + "name": "[parameters('registryName')]" + }, + "token": { + "type": "Microsoft.ContainerRegistry/registries/tokens", + "apiVersion": "2025-11-01", + "name": "[format('{0}/{1}', parameters('registryName'), parameters('name'))]", + "properties": { + "scopeMapId": "[parameters('scopeMapResourceId')]", + "status": "[parameters('status')]", + "credentials": "[if(not(empty(coalesce(parameters('credentials'), createArray()))), createObject('certificates', tryGet(parameters('credentials'), 'certificates'), 'passwords', tryGet(parameters('credentials'), 'passwords')), null())]" + } + } + }, + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the token." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the token was created in." + }, + "value": "[resourceGroup().name]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the token." + }, + "value": "[resourceId('Microsoft.ContainerRegistry/registries/tokens', parameters('registryName'), parameters('name'))]" + } + } + } + }, + "dependsOn": [ + "registry", + "registry_scopeMaps" + ] + }, + "registry_tasks": { + "copy": { + "name": "registry_tasks", + "count": "[length(coalesce(parameters('tasks'), createArray()))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2025-04-01", + "name": "[format('{0}-Registry-Task-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "registryName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "[coalesce(parameters('tasks'), createArray())[copyIndex()].name]" + }, + "location": { + "value": "[coalesce(tryGet(coalesce(parameters('tasks'), createArray())[copyIndex()], 'location'), parameters('location'))]" + }, + "tags": { + "value": "[coalesce(tryGet(coalesce(parameters('tasks'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" + }, + "platform": { + "value": "[tryGet(coalesce(parameters('tasks'), createArray())[copyIndex()], 'platform')]" + }, + "step": { + "value": "[tryGet(coalesce(parameters('tasks'), createArray())[copyIndex()], 'step')]" + }, + "trigger": { + "value": "[tryGet(coalesce(parameters('tasks'), createArray())[copyIndex()], 'trigger')]" + }, + "status": { + "value": "[tryGet(coalesce(parameters('tasks'), createArray())[copyIndex()], 'status')]" + }, + "timeout": { + "value": "[tryGet(coalesce(parameters('tasks'), createArray())[copyIndex()], 'timeout')]" + }, + "agentConfiguration": { + "value": "[tryGet(coalesce(parameters('tasks'), createArray())[copyIndex()], 'agentConfiguration')]" + }, + "agentPoolName": { + "value": "[tryGet(coalesce(parameters('tasks'), createArray())[copyIndex()], 'agentPoolName')]" + }, + "credentials": { + "value": "[tryGet(coalesce(parameters('tasks'), createArray())[copyIndex()], 'credentials')]" + }, + "isSystemTask": { + "value": "[tryGet(coalesce(parameters('tasks'), createArray())[copyIndex()], 'isSystemTask')]" + }, + "logTemplate": { + "value": "[tryGet(coalesce(parameters('tasks'), createArray())[copyIndex()], 'logTemplate')]" + }, + "managedIdentities": { + "value": "[tryGet(coalesce(parameters('tasks'), createArray())[copyIndex()], 'managedIdentities')]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.42.1.51946", + "templateHash": "2468771835002458415" + }, + "name": "Container Registries Tasks", + "description": "Deploys an Azure Container Registry (ACR) Task that can be used to automate container image builds and other workflows ([ref](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-tasks-overview))." + }, + "definitions": { + "managedIdentityAllType": { + "type": "object", + "properties": { + "systemAssigned": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enables system assigned managed identity on the resource." + } + }, + "userAssignedResourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption." + } + } + }, + "metadata": { + "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" + } + } + } + }, + "parameters": { + "registryName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent registry. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "minLength": 5, + "maxLength": 50, + "metadata": { + "description": "Required. The name of the task." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "tags": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/tasks@2025-03-01-preview#properties/tags" + }, + "description": "Optional. Tags of the resource." + }, + "nullable": true + }, + "platform": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/tasks@2025-03-01-preview#properties/properties/properties/platform" + }, + "description": "Optional. The platform properties against which the task has to run." + }, + "nullable": true + }, + "step": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/tasks@2025-03-01-preview#properties/properties/properties/step" + }, + "description": "Optional. The task step properties. Exactly one of dockerBuildStep, encodedTaskStep, or fileTaskStep must be provided." + }, + "nullable": true + }, + "trigger": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/tasks@2025-03-01-preview#properties/properties/properties/trigger" + }, + "description": "Optional. The properties that describe all triggers for the task." + }, + "nullable": true + }, + "status": { + "type": "string", + "defaultValue": "Enabled", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "metadata": { + "description": "Optional. The current status of task." + } + }, + "timeout": { + "type": "int", + "defaultValue": 3600, + "minValue": 300, + "maxValue": 28800, + "metadata": { + "description": "Optional. Run timeout in seconds." + } + }, + "agentConfiguration": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/tasks@2025-03-01-preview#properties/properties/properties/agentConfiguration" + }, + "description": "Optional. The machine configuration of the run agent." + }, + "nullable": true + }, + "agentPoolName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The dedicated agent pool for the task." + } + }, + "credentials": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/tasks@2025-03-01-preview#properties/properties/properties/credentials" + }, + "description": "Optional. The properties that describe the credentials that will be used when the task is invoked." + }, + "nullable": true + }, + "isSystemTask": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. The value of this property indicates whether the task resource is system task or not." + } + }, + "logTemplate": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The template that describes the repository and tag information for run log artifact." + } + }, + "managedIdentities": { + "$ref": "#/definitions/managedIdentityAllType", + "nullable": true, + "metadata": { + "description": "Optional. The managed identity definition for this resource." + } + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + } + }, + "variables": { + "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned, UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]" + }, + "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.containerregistry-registry-task.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, + "registry": { + "existing": true, + "type": "Microsoft.ContainerRegistry/registries", + "apiVersion": "2025-11-01", + "name": "[parameters('registryName')]" + }, + "task": { + "type": "Microsoft.ContainerRegistry/registries/tasks", + "apiVersion": "2025-03-01-preview", + "name": "[format('{0}/{1}', parameters('registryName'), parameters('name'))]", + "location": "[parameters('location')]", + "identity": "[variables('identity')]", + "tags": "[parameters('tags')]", + "properties": { + "agentConfiguration": "[parameters('agentConfiguration')]", + "agentPoolName": "[parameters('agentPoolName')]", + "credentials": "[parameters('credentials')]", + "isSystemTask": "[parameters('isSystemTask')]", + "logTemplate": "[parameters('logTemplate')]", + "platform": "[parameters('platform')]", + "status": "[parameters('status')]", + "step": "[parameters('step')]", + "timeout": "[parameters('timeout')]", + "trigger": "[parameters('trigger')]" + } + } + }, + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the task." + }, + "value": "[parameters('name')]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the task was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the task." + }, + "value": "[resourceId('Microsoft.ContainerRegistry/registries/tasks', parameters('registryName'), parameters('name'))]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference('task', '2025-03-01-preview', 'full').location]" + }, + "systemAssignedMIPrincipalId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "The principal ID of the system assigned identity." + }, + "value": "[tryGet(tryGet(reference('task', '2025-03-01-preview', 'full'), 'identity'), 'principalId')]" + } + } + } + }, + "dependsOn": [ + "registry" + ] + }, "registry_webhooks": { "copy": { "name": "registry_webhooks", "count": "[length(coalesce(parameters('webhooks'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-Registry-Webhook-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { @@ -26160,6 +27370,9 @@ }, "tags": { "value": "[coalesce(tryGet(coalesce(parameters('webhooks'), createArray())[copyIndex()], 'tags'), parameters('tags'))]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" } }, "template": { @@ -26169,8 +27382,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "6514847976022081392" + "version": "0.42.1.51946", + "templateHash": "3200175097987099858" }, "name": "Azure Container Registry (ACR) Webhooks", "description": "This module deploys an Azure Container Registry (ACR) Webhook." @@ -26192,7 +27405,7 @@ } }, "serviceUri": { - "type": "string", + "type": "securestring", "metadata": { "description": "Required. The service URI for the webhook to post notifications." } @@ -26233,10 +27446,13 @@ }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.ContainerRegistry/registries/webhooks@2025-11-01#properties/tags" + }, "description": "Optional. Tags of the resource." - } + }, + "nullable": true }, "customHeaders": { "type": "object", @@ -26251,18 +27467,45 @@ "metadata": { "description": "Optional. The scope of repositories where the event can be triggered. For example, 'foo:*' means events for all tags under repository 'foo'. 'foo:bar' means events for 'foo:bar' only. 'foo' is equivalent to 'foo:latest'. Empty means all events." } + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } } }, "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.containerregistry-registry-webhook.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, "registry": { "existing": true, "type": "Microsoft.ContainerRegistry/registries", - "apiVersion": "2023-06-01-preview", + "apiVersion": "2025-11-01", "name": "[parameters('registryName')]" }, "webhook": { "type": "Microsoft.ContainerRegistry/registries/webhooks", - "apiVersion": "2023-06-01-preview", + "apiVersion": "2025-11-01", "name": "[format('{0}/{1}', parameters('registryName'), parameters('name'))]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -26323,7 +27566,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('webhook', '2023-06-01-preview', 'full').location]" + "value": "[reference('webhook', '2025-11-01', 'full').location]" } } } @@ -26338,7 +27581,7 @@ "count": "[length(coalesce(parameters('privateEndpoints'), createArray()))]" }, "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-registry-PrivateEndpoint-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "subscriptionId": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), resourceGroup().id), '/')[2]]", "resourceGroup": "[split(coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'resourceGroupResourceId'), resourceGroup().id), '/')[4]]", @@ -26394,8 +27637,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.34.44.8038", - "templateHash": "12389807800450456797" + "version": "0.41.2.15936", + "templateHash": "18436885663402767850" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint." @@ -26422,115 +27665,8 @@ } }, "metadata": { - "__bicep_export!": true - } - }, - "ipConfigurationType": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the resource that is unique within a resource group." - } - }, - "properties": { - "type": "object", - "properties": { - "groupId": { - "type": "string", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string." - } - }, - "memberName": { - "type": "string", - "metadata": { - "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string." - } - }, - "privateIPAddress": { - "type": "string", - "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." - } - } - }, - "metadata": { - "description": "Required. Properties of private endpoint IP configurations." - } - } - }, - "metadata": { - "__bicep_export!": true - } - }, - "privateLinkServiceConnectionType": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, - "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string array `[]`." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } - }, - "requestMessage": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } - } - }, - "metadata": { - "description": "Required. Properties of private link service connection." - } - } - }, - "metadata": { - "__bicep_export!": true - } - }, - "customDnsConfigType": { - "type": "object", - "properties": { - "fqdn": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. FQDN that resolves to private endpoint IP address." - } - }, - "ipAddresses": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." - } - } - }, - "metadata": { - "__bicep_export!": true + "__bicep_export!": true, + "description": "The type of a private dns zone group." } }, "lockType": { @@ -26554,12 +27690,19 @@ "metadata": { "description": "Optional. Specify the type of lock." } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } } }, "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -26581,6 +27724,7 @@ } }, "metadata": { + "description": "The type of a private DNS zone group configuration.", "__bicep_imported_from!": { "sourceTemplate": "private-dns-zone-group/main.bicep" } @@ -26657,7 +27801,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -26694,13 +27838,23 @@ }, "ipConfigurations": { "type": "array", - "items": { - "$ref": "#/definitions/ipConfigurationType" - }, - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/ipConfigurations" + }, "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." - } + }, + "nullable": true + }, + "ipVersionType": { + "type": "string", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/ipVersionType" + }, + "description": "Optional. Specifies the IP version type for the private IPs of the private endpoint. If not defined, this defaults to IPv4." + }, + "defaultValue": "IPv4" }, "privateDnsZoneGroup": { "$ref": "#/definitions/privateDnsZoneGroupType", @@ -26735,40 +27889,43 @@ }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/tags" + }, "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." - } + }, + "nullable": true }, "customDnsConfigs": { "type": "array", - "items": { - "$ref": "#/definitions/customDnsConfigType" - }, - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/customDnsConfigs" + }, "description": "Optional. Custom DNS configurations." - } + }, + "nullable": true }, "manualPrivateLinkServiceConnections": { "type": "array", - "items": { - "$ref": "#/definitions/privateLinkServiceConnectionType" - }, - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/manualPrivateLinkServiceConnections" + }, "description": "Conditional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource. Required if `privateLinkServiceConnections` is empty." - } + }, + "nullable": true }, "privateLinkServiceConnections": { "type": "array", - "items": { - "$ref": "#/definitions/privateLinkServiceConnectionType" - }, - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/privateLinkServiceConnections" + }, "description": "Conditional. A grouping of information about the connection to the remote resource. Required if `manualPrivateLinkServiceConnections` is empty." - } + }, + "nullable": true }, "enableTelemetry": { "type": "bool", @@ -26803,8 +27960,8 @@ "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.11.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.12.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -26822,7 +27979,7 @@ }, "privateEndpoint": { "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2024-05-01", + "apiVersion": "2025-05-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -26843,18 +28000,19 @@ "privateLinkServiceConnections": "[coalesce(parameters('privateLinkServiceConnections'), createArray())]", "subnet": { "id": "[parameters('subnetResourceId')]" - } + }, + "ipVersionType": "[parameters('ipVersionType')]" } }, "privateEndpoint_lock": { "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + "notes": "[coalesce(tryGet(parameters('lock'), 'notes'), if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.'))]" }, "dependsOn": [ "privateEndpoint" @@ -26867,7 +28025,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -26885,7 +28043,7 @@ "privateEndpoint_privateDnsZoneGroup": { "condition": "[not(empty(parameters('privateDnsZoneGroup')))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateEndpoint-PrivateDnsZoneGroup', uniqueString(deployment().name))]", "properties": { "expressionEvaluationOptions": { @@ -26910,8 +28068,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.34.44.8038", - "templateHash": "13997305779829540948" + "version": "0.41.2.15936", + "templateHash": "9935179114830442414" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group." @@ -26935,7 +28093,8 @@ } }, "metadata": { - "__bicep_export!": true + "__bicep_export!": true, + "description": "The type of a private DNS zone group configuration." } } }, @@ -26965,33 +28124,30 @@ } } }, - "variables": { - "copy": [ - { - "name": "privateDnsZoneConfigsVar", - "count": "[length(parameters('privateDnsZoneConfigs'))]", - "input": { - "name": "[coalesce(tryGet(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')], 'name'), last(split(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')].privateDnsZoneResourceId, '/')))]", - "properties": { - "privateDnsZoneId": "[parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')].privateDnsZoneResourceId]" - } - } - } - ] - }, "resources": { "privateEndpoint": { "existing": true, "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2024-05-01", + "apiVersion": "2025-05-01", "name": "[parameters('privateEndpointName')]" }, "privateDnsZoneGroup": { "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2024-05-01", + "apiVersion": "2025-05-01", "name": "[format('{0}/{1}', parameters('privateEndpointName'), parameters('name'))]", "properties": { - "privateDnsZoneConfigs": "[variables('privateDnsZoneConfigsVar')]" + "copy": [ + { + "name": "privateDnsZoneConfigs", + "count": "[length(parameters('privateDnsZoneConfigs'))]", + "input": { + "name": "[coalesce(tryGet(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigs')], 'name'), last(split(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigs')].privateDnsZoneResourceId, '/')))]", + "properties": { + "privateDnsZoneId": "[parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigs')].privateDnsZoneResourceId]" + } + } + } + ] } } }, @@ -27052,14 +28208,15 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('privateEndpoint', '2024-05-01', 'full').location]" + "value": "[reference('privateEndpoint', '2025-05-01', 'full').location]" }, "customDnsConfigs": { "type": "array", - "items": { - "$ref": "#/definitions/customDnsConfigType" - }, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/customDnsConfigs", + "output": true + }, "description": "The custom DNS configurations of the private endpoint." }, "value": "[reference('privateEndpoint').customDnsConfigs]" @@ -27126,14 +28283,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[tryGet(tryGet(reference('registry', '2023-06-01-preview', 'full'), 'identity'), 'principalId')]" + "value": "[tryGet(tryGet(reference('registry', '2025-06-01-preview', 'full'), 'identity'), 'principalId')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('registry', '2023-06-01-preview', 'full').location]" + "value": "[reference('registry', '2025-06-01-preview', 'full').location]" }, "credentialSetsSystemAssignedMIPrincipalIds": { "type": "array", @@ -27296,8 +28453,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "1609510538398847306" + "version": "0.41.2.15936", + "templateHash": "1254456195180100771" }, "name": "Storage Accounts", "description": "This module deploys a Storage Account." @@ -27885,14 +29042,14 @@ "type": "bool", "nullable": true, "metadata": { - "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API." + "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. Defaults to false." } }, "allowProtectedAppendWritesAll": { "type": "bool", "nullable": true, "metadata": { - "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both \"Append and Block Blobs\" while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The \"allowProtectedAppendWrites\" and \"allowProtectedAppendWritesAll\" properties are mutually exclusive." + "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both \"Append and Block Blobs\" while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The \"allowProtectedAppendWrites\" and \"allowProtectedAppendWritesAll\" properties are mutually exclusive. Defaults to false." } } }, @@ -28565,6 +29722,22 @@ "description": "Optional. The maximum size of the share, in gigabytes. Must be greater than 0, and less than or equal to 5120 (5TB). For Large File Shares, the maximum size is 102400 (100TB)." } }, + "provisionedBandwidthMibps": { + "type": "int", + "nullable": true, + "maxValue": 10340, + "metadata": { + "description": "Optional. The provisioned bandwidth of the share, in mebibytes per second. Only applicable to FileStorage storage accounts (premium file shares). Must be between 0 and 10340." + } + }, + "provisionedIops": { + "type": "int", + "nullable": true, + "maxValue": 102400, + "metadata": { + "description": "Optional. The provisioned IOPS of the share. Only applicable to FileStorage storage accounts (premium file shares). Must be between 0 and 102400." + } + }, "roleAssignments": { "type": "array", "items": { @@ -29411,7 +30584,8 @@ "type": "string", "defaultValue": "TLS1_2", "allowedValues": [ - "TLS1_2" + "TLS1_2", + "TLS1_3" ], "metadata": { "description": "Optional. Set the minimum TLS version on request to storage. The TLS versions 1.0 and 1.1 are deprecated and not supported anymore." @@ -29505,7 +30679,8 @@ "nullable": true, "allowedValues": [ "Enabled", - "Disabled" + "Disabled", + "SecuredByPerimeter" ], "metadata": { "description": "Optional. Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set." @@ -29622,11 +30797,12 @@ "Storage Table Data Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76199698-9eea-4c19-bc75-cec21354c6b6')]", "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" }, - "formattedManagementPolicies": "[union(coalesce(parameters('managementPolicyRules'), createArray()), if(and(and(not(empty(parameters('blobServices'))), coalesce(tryGet(parameters('blobServices'), 'isVersioningEnabled'), false())), not(equals(tryGet(parameters('blobServices'), 'versionDeletePolicyDays'), null()))), createArray(createObject('name', 'DeletePreviousVersions (auto-created)', 'enabled', true(), 'type', 'Lifecycle', 'definition', createObject('actions', createObject('version', createObject('delete', createObject('daysAfterCreationGreaterThan', parameters('blobServices').versionDeletePolicyDays))), 'filters', createObject('blobTypes', createArray('blockBlob', 'appendBlob'))))), createArray()))]" + "formattedManagementPolicies": "[union(coalesce(parameters('managementPolicyRules'), createArray()), if(and(and(not(empty(parameters('blobServices'))), coalesce(tryGet(parameters('blobServices'), 'isVersioningEnabled'), false())), not(equals(tryGet(parameters('blobServices'), 'versionDeletePolicyDays'), null()))), createArray(createObject('name', 'DeletePreviousVersions (auto-created)', 'enabled', true(), 'type', 'Lifecycle', 'definition', createObject('actions', createObject('version', createObject('delete', createObject('daysAfterCreationGreaterThan', parameters('blobServices').versionDeletePolicyDays))), 'filters', createObject('blobTypes', createArray('blockBlob', 'appendBlob'))))), createArray()))]", + "isHSMManagedCMK": "[equals(tryGet(split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), ''), '/'), 7), 'managedHSMs')]" }, "resources": { "cMKKeyVault::cMKKey": { - "condition": "[and(not(empty(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'))), and(not(empty(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'))), not(empty(tryGet(parameters('customerManagedKey'), 'keyName')))))]", + "condition": "[and(and(not(variables('isHSMManagedCMK')), not(empty(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId')))), and(not(empty(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'))), not(empty(tryGet(parameters('customerManagedKey'), 'keyName')))))]", "existing": true, "type": "Microsoft.KeyVault/vaults/keys", "apiVersion": "2024-11-01", @@ -29638,7 +30814,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2025-04-01", - "name": "[format('46d3xbcp.res.storage-storageaccount.{0}.{1}', replace('0.28.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.storage-storageaccount.{0}.{1}', replace('0.32.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -29655,7 +30831,7 @@ } }, "cMKKeyVault": { - "condition": "[not(empty(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId')))]", + "condition": "[and(not(variables('isHSMManagedCMK')), not(empty(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'))))]", "existing": true, "type": "Microsoft.KeyVault/vaults", "apiVersion": "2025-05-01", @@ -29674,7 +30850,7 @@ }, "storageAccount": { "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2025-01-01", + "apiVersion": "2025-06-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "extendedLocation": "[if(not(empty(parameters('extendedLocationZone'))), createObject('name', parameters('extendedLocationZone'), 'type', 'EdgeZone'), null())]", @@ -29684,7 +30860,7 @@ }, "identity": "[variables('identity')]", "tags": "[parameters('tags')]", - "properties": "[shallowMerge(createArray(createObject('allowSharedKeyAccess', parameters('allowSharedKeyAccess'), 'defaultToOAuthAuthentication', parameters('defaultToOAuthAuthentication'), 'allowCrossTenantReplication', parameters('allowCrossTenantReplication'), 'allowedCopyScope', parameters('allowedCopyScope'), 'customDomain', createObject('name', parameters('customDomainName'), 'useSubDomainName', parameters('customDomainUseSubDomainName')), 'dnsEndpointType', parameters('dnsEndpointType'), 'isLocalUserEnabled', parameters('isLocalUserEnabled'), 'encryption', union(createObject('keySource', if(not(empty(parameters('customerManagedKey'))), 'Microsoft.Keyvault', 'Microsoft.Storage'), 'services', createObject('blob', if(variables('supportsBlobService'), createObject('enabled', true()), null()), 'file', if(variables('supportsFileService'), createObject('enabled', true()), null()), 'table', createObject('enabled', true(), 'keyType', parameters('keyType')), 'queue', createObject('enabled', true(), 'keyType', parameters('keyType'))), 'keyvaultproperties', if(not(empty(parameters('customerManagedKey'))), createObject('keyname', parameters('customerManagedKey').keyName, 'keyvaulturi', reference('cMKKeyVault').vaultUri, 'keyversion', if(not(empty(tryGet(parameters('customerManagedKey'), 'keyVersion'))), parameters('customerManagedKey').keyVersion, if(coalesce(tryGet(parameters('customerManagedKey'), 'autoRotationEnabled'), true()), null(), last(split(reference('cMKKeyVault::cMKKey').keyUriWithVersion, '/'))))), null()), 'identity', createObject('userAssignedIdentity', if(not(empty(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'))), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'), '/')[2], split(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'), '/')[4]), 'Microsoft.ManagedIdentity/userAssignedIdentities', last(split(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'), '/'))), null()))), if(parameters('requireInfrastructureEncryption'), createObject('requireInfrastructureEncryption', if(not(equals(parameters('kind'), 'Storage')), parameters('requireInfrastructureEncryption'), null())), createObject())), 'accessTier', if(and(not(equals(parameters('kind'), 'Storage')), not(equals(parameters('kind'), 'BlockBlobStorage'))), parameters('accessTier'), null()), 'sasPolicy', if(not(empty(parameters('sasExpirationPeriod'))), createObject('expirationAction', parameters('sasExpirationAction'), 'sasExpirationPeriod', parameters('sasExpirationPeriod')), null()), 'supportsHttpsTrafficOnly', parameters('supportsHttpsTrafficOnly'), 'isSftpEnabled', parameters('enableSftp'), 'isNfsV3Enabled', if(parameters('enableNfsV3'), parameters('enableNfsV3'), ''), 'largeFileSharesState', if(or(equals(parameters('skuName'), 'Standard_LRS'), equals(parameters('skuName'), 'Standard_ZRS')), parameters('largeFileSharesState'), null()), 'minimumTlsVersion', parameters('minimumTlsVersion'), 'networkAcls', if(not(empty(parameters('networkAcls'))), union(createObject('resourceAccessRules', tryGet(parameters('networkAcls'), 'resourceAccessRules'), 'defaultAction', coalesce(tryGet(parameters('networkAcls'), 'defaultAction'), 'Deny'), 'virtualNetworkRules', tryGet(parameters('networkAcls'), 'virtualNetworkRules'), 'ipRules', tryGet(parameters('networkAcls'), 'ipRules')), if(contains(parameters('networkAcls'), 'bypass'), createObject('bypass', tryGet(parameters('networkAcls'), 'bypass')), createObject())), createObject('bypass', 'AzureServices', 'defaultAction', 'Deny')), 'allowBlobPublicAccess', parameters('allowBlobPublicAccess'), 'publicNetworkAccess', if(not(empty(parameters('publicNetworkAccess'))), parameters('publicNetworkAccess'), if(and(not(empty(parameters('privateEndpoints'))), empty(parameters('networkAcls'))), 'Disabled', null()))), if(not(empty(parameters('azureFilesIdentityBasedAuthentication'))), createObject('azureFilesIdentityBasedAuthentication', parameters('azureFilesIdentityBasedAuthentication')), createObject()), if(not(equals(parameters('enableHierarchicalNamespace'), null())), createObject('isHnsEnabled', parameters('enableHierarchicalNamespace')), createObject()), createObject('immutableStorageWithVersioning', parameters('immutableStorageWithVersioning'))))]", + "properties": "[shallowMerge(createArray(createObject('allowSharedKeyAccess', parameters('allowSharedKeyAccess'), 'defaultToOAuthAuthentication', parameters('defaultToOAuthAuthentication'), 'allowCrossTenantReplication', parameters('allowCrossTenantReplication'), 'allowedCopyScope', parameters('allowedCopyScope'), 'customDomain', createObject('name', parameters('customDomainName'), 'useSubDomainName', parameters('customDomainUseSubDomainName')), 'dnsEndpointType', parameters('dnsEndpointType'), 'isLocalUserEnabled', parameters('isLocalUserEnabled'), 'encryption', union(createObject('keySource', if(not(empty(parameters('customerManagedKey'))), 'Microsoft.Keyvault', 'Microsoft.Storage'), 'services', createObject('blob', if(variables('supportsBlobService'), createObject('enabled', true()), null()), 'file', if(variables('supportsFileService'), createObject('enabled', true()), null()), 'table', createObject('enabled', true(), 'keyType', parameters('keyType')), 'queue', createObject('enabled', true(), 'keyType', parameters('keyType'))), 'keyvaultproperties', if(not(empty(parameters('customerManagedKey'))), createObject('keyname', parameters('customerManagedKey').keyName, 'keyvaulturi', if(not(variables('isHSMManagedCMK')), reference('cMKKeyVault').vaultUri, format('https://{0}.managedhsm.azure.net/', last(split(parameters('customerManagedKey').keyVaultResourceId, '/')))), 'keyversion', if(not(empty(tryGet(parameters('customerManagedKey'), 'keyVersion'))), parameters('customerManagedKey').keyVersion, if(coalesce(tryGet(parameters('customerManagedKey'), 'autoRotationEnabled'), true()), null(), if(not(variables('isHSMManagedCMK')), last(split(reference('cMKKeyVault::cMKKey').keyUriWithVersion, '/')), fail('Managed HSM CMK encryption requires either specifying the ''keyVersion'' or omitting the ''autoRotationEnabled'' property. Setting ''autoRotationEnabled'' to false without a ''keyVersion'' is not allowed.'))))), null()), 'identity', createObject('userAssignedIdentity', if(not(empty(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'))), extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'), '/')[2], split(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'), '/')[4]), 'Microsoft.ManagedIdentity/userAssignedIdentities', last(split(tryGet(parameters('customerManagedKey'), 'userAssignedIdentityResourceId'), '/'))), null()))), if(parameters('requireInfrastructureEncryption'), createObject('requireInfrastructureEncryption', if(not(equals(parameters('kind'), 'Storage')), parameters('requireInfrastructureEncryption'), null())), createObject())), 'accessTier', if(and(not(equals(parameters('kind'), 'Storage')), not(equals(parameters('kind'), 'BlockBlobStorage'))), parameters('accessTier'), null()), 'sasPolicy', if(not(empty(parameters('sasExpirationPeriod'))), createObject('expirationAction', parameters('sasExpirationAction'), 'sasExpirationPeriod', parameters('sasExpirationPeriod')), null()), 'supportsHttpsTrafficOnly', parameters('supportsHttpsTrafficOnly'), 'isSftpEnabled', parameters('enableSftp'), 'isNfsV3Enabled', if(parameters('enableNfsV3'), parameters('enableNfsV3'), ''), 'largeFileSharesState', if(or(equals(parameters('skuName'), 'Standard_LRS'), equals(parameters('skuName'), 'Standard_ZRS')), parameters('largeFileSharesState'), null()), 'minimumTlsVersion', parameters('minimumTlsVersion'), 'networkAcls', if(not(empty(parameters('networkAcls'))), union(createObject('resourceAccessRules', tryGet(parameters('networkAcls'), 'resourceAccessRules'), 'defaultAction', coalesce(tryGet(parameters('networkAcls'), 'defaultAction'), 'Deny'), 'virtualNetworkRules', tryGet(parameters('networkAcls'), 'virtualNetworkRules'), 'ipRules', tryGet(parameters('networkAcls'), 'ipRules')), if(contains(parameters('networkAcls'), 'bypass'), createObject('bypass', tryGet(parameters('networkAcls'), 'bypass')), createObject())), createObject('bypass', 'AzureServices', 'defaultAction', 'Deny')), 'allowBlobPublicAccess', parameters('allowBlobPublicAccess'), 'publicNetworkAccess', if(not(empty(parameters('publicNetworkAccess'))), parameters('publicNetworkAccess'), if(and(not(empty(parameters('privateEndpoints'))), empty(parameters('networkAcls'))), 'Disabled', null()))), if(not(empty(parameters('azureFilesIdentityBasedAuthentication'))), createObject('azureFilesIdentityBasedAuthentication', parameters('azureFilesIdentityBasedAuthentication')), createObject()), if(not(equals(parameters('enableHierarchicalNamespace'), null())), createObject('isHnsEnabled', parameters('enableHierarchicalNamespace')), createObject()), createObject('immutableStorageWithVersioning', parameters('immutableStorageWithVersioning'))))]", "dependsOn": [ "cMKKeyVault", "cMKKeyVault::cMKKey" @@ -29697,7 +30873,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -29726,7 +30902,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -29743,7 +30919,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Storage/storageAccounts', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Storage/storageAccounts', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -30434,6 +31610,9 @@ }, "rules": { "value": "[variables('formattedManagementPolicies')]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" } }, "template": { @@ -30442,8 +31621,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "6960218931054567030" + "version": "0.41.2.15936", + "templateHash": "4000605059554016072" }, "name": "Storage Account Management Policies", "description": "This module deploys a Storage Account Management Policy." @@ -30460,16 +31639,43 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.Storage/storageAccounts/managementPolicies@2024-01-01#properties/properties/properties/policy/properties/rules" + "source": "Microsoft.Storage/storageAccounts/managementPolicies@2025-06-01#properties/properties/properties/policy/properties/rules" }, "description": "Required. The Storage Account ManagementPolicies Rules." } + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } } }, "resources": [ + { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2024-03-01", + "name": "[format('46d3xbcp.res.storage-mgmtpolicy.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, { "type": "Microsoft.Storage/storageAccounts/managementPolicies", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[format('{0}/{1}', parameters('storageAccountName'), 'default')]", "properties": { "policy": { @@ -30545,6 +31751,9 @@ }, "sshAuthorizedKeys": { "value": "[tryGet(coalesce(parameters('localUsers'), createArray())[copyIndex()], 'sshAuthorizedKeys')]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" } }, "template": { @@ -30554,8 +31763,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "9436518181019837288" + "version": "0.41.2.15936", + "templateHash": "1801226901235196767" }, "name": "Storage Account Local Users", "description": "This module deploys a Storage Account Local User, which is used for SFTP authentication." @@ -30667,18 +31876,45 @@ "metadata": { "description": "Optional. The local user SSH authorized keys for SFTP." } + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } } }, "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2024-03-01", + "name": "[format('46d3xbcp.res.storage-localuser.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, "storageAccount": { "existing": true, "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[parameters('storageAccountName')]" }, "localUsers": { "type": "Microsoft.Storage/storageAccounts/localUsers", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('name'))]", "properties": { "hasSharedKey": "[parameters('hasSharedKey')]", @@ -30792,8 +32028,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "8062953820630056631" + "version": "0.41.2.15936", + "templateHash": "468225492069709453" }, "name": "Storage Account blob Services", "description": "This module deploys a Storage Account Blob Service." @@ -31084,14 +32320,14 @@ "type": "bool", "nullable": true, "metadata": { - "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API." + "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. Defaults to false." } }, "allowProtectedAppendWritesAll": { "type": "bool", "nullable": true, "metadata": { - "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both \"Append and Block Blobs\" while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The \"allowProtectedAppendWrites\" and \"allowProtectedAppendWritesAll\" properties are mutually exclusive." + "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both \"Append and Block Blobs\" while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The \"allowProtectedAppendWrites\" and \"allowProtectedAppendWritesAll\" properties are mutually exclusive. Defaults to false." } } }, @@ -31367,7 +32603,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}/blobServices/{1}', parameters('storageAccountName'), variables('name'))]", + "scope": "[resourceId('Microsoft.Storage/storageAccounts/blobServices', parameters('storageAccountName'), variables('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', variables('name')))]", "properties": { "copy": [ @@ -31462,8 +32698,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "12049267755110696809" + "version": "0.41.2.15936", + "templateHash": "273904034769611992" }, "name": "Storage Account Blob Containers", "description": "This module deploys a Storage Account Blob Container." @@ -31483,14 +32719,14 @@ "type": "bool", "nullable": true, "metadata": { - "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API." + "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. Defaults to false." } }, "allowProtectedAppendWritesAll": { "type": "bool", "nullable": true, "metadata": { - "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both \"Append and Block Blobs\" while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The \"allowProtectedAppendWrites\" and \"allowProtectedAppendWritesAll\" properties are mutually exclusive." + "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both \"Append and Block Blobs\" while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The \"allowProtectedAppendWrites\" and \"allowProtectedAppendWritesAll\" properties are mutually exclusive. Defaults to false." } } }, @@ -31700,7 +32936,8 @@ "Storage Blob Data Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1')]", "Storage Blob Delegator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'db58b8e5-c6ad-4a2a-8342-4190687cbf4a')]", "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" - } + }, + "enableReferencedModulesTelemetry": false }, "resources": { "storageAccount::blobServices": { @@ -31713,7 +32950,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.storage-blobcontainer.{0}.{1}', replace('0.3.1', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.storage-blobcontainer.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -31756,7 +32993,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}/blobServices/{1}/containers/{2}', parameters('storageAccountName'), parameters('blobServiceName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers', parameters('storageAccountName'), parameters('blobServiceName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Storage/storageAccounts/blobServices/containers', parameters('storageAccountName'), parameters('blobServiceName'), parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -31796,6 +33033,9 @@ }, "allowProtectedAppendWritesAll": { "value": "[tryGet(parameters('immutabilityPolicy'), 'allowProtectedAppendWritesAll')]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" } }, "template": { @@ -31804,8 +33044,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "1872120962131123050" + "version": "0.41.2.15936", + "templateHash": "15304742179563677019" }, "name": "Storage Account Blob Container Immutability Policies", "description": "This module deploys a Storage Account Blob Container Immutability Policy." @@ -31833,27 +33073,51 @@ }, "allowProtectedAppendWrites": { "type": "bool", - "defaultValue": true, + "defaultValue": false, "metadata": { - "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The \"allowProtectedAppendWrites\" and \"allowProtectedAppendWritesAll\" properties are mutually exclusive." + "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The \"allowProtectedAppendWrites\" and \"allowProtectedAppendWritesAll\" properties are mutually exclusive. Defaults to false." } }, "allowProtectedAppendWritesAll": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both \"Append and Block Blobs\" while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The \"allowProtectedAppendWrites\" and \"allowProtectedAppendWritesAll\" properties are mutually exclusive. Defaults to false." + } + }, + "enableTelemetry": { "type": "bool", "defaultValue": true, "metadata": { - "description": "Optional. This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both \"Append and Block Blobs\" while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The \"allowProtectedAppendWrites\" and \"allowProtectedAppendWritesAll\" properties are mutually exclusive." + "description": "Optional. Enable/Disable usage telemetry for module." } } }, - "variables": { - "name": "default" - }, "resources": [ + { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2024-03-01", + "name": "[format('46d3xbcp.res.storage-containerimmutpolicy.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, { "type": "Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies", "apiVersion": "2025-01-01", - "name": "[format('{0}/{1}/{2}/{3}', parameters('storageAccountName'), 'default', parameters('containerName'), variables('name'))]", + "name": "[format('{0}/{1}/{2}/{3}', parameters('storageAccountName'), 'default', parameters('containerName'), 'default')]", "properties": { "immutabilityPeriodSinceCreationInDays": "[parameters('immutabilityPeriodSinceCreationInDays')]", "allowProtectedAppendWrites": "[parameters('allowProtectedAppendWrites')]", @@ -31867,14 +33131,14 @@ "metadata": { "description": "The name of the deployed immutability policy." }, - "value": "[variables('name')]" + "value": "default" }, "resourceId": { "type": "string", "metadata": { "description": "The resource ID of the deployed immutability policy." }, - "value": "[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies', parameters('storageAccountName'), 'default', parameters('containerName'), variables('name'))]" + "value": "[resourceId('Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies', parameters('storageAccountName'), 'default', parameters('containerName'), 'default')]" }, "resourceGroupName": { "type": "string", @@ -31987,8 +33251,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "7372615490119026510" + "version": "0.41.2.15936", + "templateHash": "17583198711200998285" }, "name": "Storage Account File Share Services", "description": "This module deploys a Storage Account File Share Service." @@ -32106,6 +33370,22 @@ "description": "Optional. The maximum size of the share, in gigabytes. Must be greater than 0, and less than or equal to 5120 (5TB). For Large File Shares, the maximum size is 102400 (100TB)." } }, + "provisionedBandwidthMibps": { + "type": "int", + "nullable": true, + "maxValue": 10340, + "metadata": { + "description": "Optional. The provisioned bandwidth of the share, in mebibytes per second. Only applicable to FileStorage storage accounts (premium file shares). Must be between 0 and 10340." + } + }, + "provisionedIops": { + "type": "int", + "nullable": true, + "maxValue": 102400, + "metadata": { + "description": "Optional. The provisioned IOPS of the share. Only applicable to FileStorage storage accounts (premium file shares). Must be between 0 and 102400." + } + }, "roleAssignments": { "type": "array", "items": { @@ -32396,12 +33676,12 @@ "storageAccount": { "existing": true, "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[parameters('storageAccountName')]" }, "fileServices": { "type": "Microsoft.Storage/storageAccounts/fileServices", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('name'))]", "properties": { "cors": "[if(not(equals(parameters('corsRules'), null())), createObject('corsRules', parameters('corsRules')), null())]", @@ -32416,7 +33696,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}/fileServices/{1}', parameters('storageAccountName'), parameters('name'))]", + "scope": "[resourceId('Microsoft.Storage/storageAccounts/fileServices', parameters('storageAccountName'), parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -32474,7 +33754,7 @@ "value": "[coalesce(parameters('shares'), createArray())[copyIndex()].name]" }, "accessTier": { - "value": "[coalesce(tryGet(coalesce(parameters('shares'), createArray())[copyIndex()], 'accessTier'), if(equals(reference('storageAccount', '2024-01-01', 'full').kind, 'FileStorage'), 'Premium', 'TransactionOptimized'))]" + "value": "[coalesce(tryGet(coalesce(parameters('shares'), createArray())[copyIndex()], 'accessTier'), if(equals(reference('storageAccount', '2025-06-01', 'full').kind, 'FileStorage'), if(startsWith(reference('storageAccount', '2025-06-01', 'full').sku.name, 'PremiumV2_'), null(), 'Premium'), 'TransactionOptimized'))]" }, "enabledProtocols": { "value": "[tryGet(coalesce(parameters('shares'), createArray())[copyIndex()], 'enabledProtocols')]" @@ -32485,6 +33765,12 @@ "shareQuota": { "value": "[tryGet(coalesce(parameters('shares'), createArray())[copyIndex()], 'shareQuota')]" }, + "provisionedBandwidthMibps": { + "value": "[tryGet(coalesce(parameters('shares'), createArray())[copyIndex()], 'provisionedBandwidthMibps')]" + }, + "provisionedIops": { + "value": "[tryGet(coalesce(parameters('shares'), createArray())[copyIndex()], 'provisionedIops')]" + }, "roleAssignments": { "value": "[tryGet(coalesce(parameters('shares'), createArray())[copyIndex()], 'roleAssignments')]" }, @@ -32499,8 +33785,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "6443667442431835489" + "version": "0.41.2.15936", + "templateHash": "10353179772982843397" }, "name": "Storage Account File Shares", "description": "This module deploys a Storage Account File Share." @@ -32605,7 +33891,7 @@ }, "accessTier": { "type": "string", - "defaultValue": "TransactionOptimized", + "nullable": true, "allowedValues": [ "Premium", "Hot", @@ -32613,7 +33899,7 @@ "TransactionOptimized" ], "metadata": { - "description": "Conditional. Access tier for specific share. Required if the Storage Account kind is set to FileStorage (should be set to \"Premium\"). GpV2 account can choose between TransactionOptimized (default), Hot, and Cool." + "description": "Conditional. Access tier for specific share. Required if the Storage Account kind is set to FileStorage (should be set to \"Premium\"). GpV2 account can choose between TransactionOptimized, Hot, and Cool." } }, "shareQuota": { @@ -32646,6 +33932,24 @@ "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." } }, + "provisionedBandwidthMibps": { + "type": "int", + "nullable": true, + "minValue": 0, + "maxValue": 10340, + "metadata": { + "description": "Optional. The provisioned bandwidth of the share, in mebibytes per second. Only applicable to FileStorage storage accounts (premium file shares). Must be between 0 and 10340." + } + }, + "provisionedIops": { + "type": "int", + "nullable": true, + "minValue": 0, + "maxValue": 102400, + "metadata": { + "description": "Optional. The provisioned IOPS of the share. Only applicable to FileStorage storage accounts (premium file shares). Must be between 0 and 102400." + } + }, "enableTelemetry": { "type": "bool", "defaultValue": true, @@ -32691,14 +33995,14 @@ "storageAccount::fileService": { "existing": true, "type": "Microsoft.Storage/storageAccounts/fileServices", - "apiVersion": "2024-01-01", + "apiVersion": "2025-01-01", "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('fileServicesName'))]" }, "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.storage-fileshare.{0}.{1}', replace('0.1.1', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "name": "[format('46d3xbcp.res.storage-fileshare.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -32717,19 +34021,24 @@ "storageAccount": { "existing": true, "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2024-01-01", + "apiVersion": "2025-01-01", "name": "[parameters('storageAccountName')]" }, "fileShare": { "type": "Microsoft.Storage/storageAccounts/fileServices/shares", - "apiVersion": "2024-01-01", + "apiVersion": "2025-01-01", "name": "[format('{0}/{1}/{2}', parameters('storageAccountName'), parameters('fileServicesName'), parameters('name'))]", "properties": { "accessTier": "[parameters('accessTier')]", "shareQuota": "[parameters('shareQuota')]", "rootSquash": "[if(equals(parameters('enabledProtocols'), 'NFS'), parameters('rootSquash'), null())]", - "enabledProtocols": "[parameters('enabledProtocols')]" - } + "enabledProtocols": "[parameters('enabledProtocols')]", + "provisionedBandwidthMibps": "[if(equals(reference('storageAccount', '2025-01-01', 'full').kind, 'FileStorage'), parameters('provisionedBandwidthMibps'), null())]", + "provisionedIops": "[if(equals(reference('storageAccount', '2025-01-01', 'full').kind, 'FileStorage'), parameters('provisionedIops'), null())]" + }, + "dependsOn": [ + "storageAccount" + ] }, "fileShare_roleAssignments": { "copy": { @@ -32961,8 +34270,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "14320740623684459446" + "version": "0.41.2.15936", + "templateHash": "9644461291744477521" }, "name": "Storage Account Queue Services", "description": "This module deploys a Storage Account Queue Service." @@ -33301,18 +34610,19 @@ } }, "variables": { - "name": "default" + "name": "default", + "enableReferencedModulesTelemetry": false }, "resources": { "storageAccount": { "existing": true, "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[parameters('storageAccountName')]" }, "queueServices": { "type": "Microsoft.Storage/storageAccounts/queueServices", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[format('{0}/{1}', parameters('storageAccountName'), variables('name'))]", "properties": { "cors": "[if(not(equals(parameters('corsRules'), null())), createObject('corsRules', parameters('corsRules')), null())]" @@ -33325,7 +34635,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}/queueServices/{1}', parameters('storageAccountName'), variables('name'))]", + "scope": "[resourceId('Microsoft.Storage/storageAccounts/queueServices', parameters('storageAccountName'), variables('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', variables('name')))]", "properties": { "copy": [ @@ -33384,6 +34694,9 @@ }, "roleAssignments": { "value": "[tryGet(coalesce(parameters('queues'), createArray())[copyIndex()], 'roleAssignments')]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" } }, "template": { @@ -33393,8 +34706,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "17820569818642693530" + "version": "0.41.2.15936", + "templateHash": "12812824360066955039" }, "name": "Storage Account Queues", "description": "This module deploys a Storage Account Queue." @@ -33509,6 +34822,13 @@ "metadata": { "description": "Optional. Array of role assignments to create." } + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } } }, "variables": { @@ -33539,18 +34859,38 @@ "storageAccount::queueServices": { "existing": true, "type": "Microsoft.Storage/storageAccounts/queueServices", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[format('{0}/{1}', parameters('storageAccountName'), 'default')]" }, + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2024-03-01", + "name": "[format('46d3xbcp.res.storage-queue.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, "storageAccount": { "existing": true, "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[parameters('storageAccountName')]" }, "queue": { "type": "Microsoft.Storage/storageAccounts/queueServices/queues", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[format('{0}/{1}/{2}', parameters('storageAccountName'), 'default', parameters('name'))]", "properties": { "metadata": "[parameters('metadata')]" @@ -33563,7 +34903,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}/queueServices/{1}/queues/{2}', parameters('storageAccountName'), 'default', parameters('name'))]", + "scope": "[resourceId('Microsoft.Storage/storageAccounts/queueServices/queues', parameters('storageAccountName'), 'default', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Storage/storageAccounts/queueServices/queues', parameters('storageAccountName'), 'default', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -33666,8 +35006,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "15397070691540239144" + "version": "0.41.2.15936", + "templateHash": "10320403358700650147" }, "name": "Storage Account Table Services", "description": "This module deploys a Storage Account Table Service." @@ -33996,18 +35336,19 @@ } }, "variables": { - "name": "default" + "name": "default", + "enableReferencedModulesTelemetry": false }, "resources": { "storageAccount": { "existing": true, "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[parameters('storageAccountName')]" }, "tableServices": { "type": "Microsoft.Storage/storageAccounts/tableServices", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[format('{0}/{1}', parameters('storageAccountName'), variables('name'))]", "properties": { "cors": "[if(not(equals(parameters('corsRules'), null())), createObject('corsRules', parameters('corsRules')), null())]" @@ -34020,7 +35361,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}/tableServices/{1}', parameters('storageAccountName'), variables('name'))]", + "scope": "[resourceId('Microsoft.Storage/storageAccounts/tableServices', parameters('storageAccountName'), variables('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', variables('name')))]", "properties": { "copy": [ @@ -34076,6 +35417,9 @@ }, "roleAssignments": { "value": "[tryGet(coalesce(parameters('tables'), createArray())[copyIndex()], 'roleAssignments')]" + }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" } }, "template": { @@ -34085,8 +35429,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "2494851345252564065" + "version": "0.41.2.15936", + "templateHash": "11362260974696477885" }, "name": "Storage Account Table", "description": "This module deploys a Storage Account Table." @@ -34191,6 +35535,13 @@ "metadata": { "description": "Required. Name of the table." } + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } } }, "variables": { @@ -34219,18 +35570,38 @@ "storageAccount::tableServices": { "existing": true, "type": "Microsoft.Storage/storageAccounts/tableServices", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[format('{0}/{1}', parameters('storageAccountName'), 'default')]" }, + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2024-03-01", + "name": "[format('46d3xbcp.res.storage-table.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, "storageAccount": { "existing": true, "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[parameters('storageAccountName')]" }, "table": { "type": "Microsoft.Storage/storageAccounts/tableServices/tables", - "apiVersion": "2024-01-01", + "apiVersion": "2025-06-01", "name": "[format('{0}/{1}/{2}', parameters('storageAccountName'), 'default', parameters('name'))]" }, "table_roleAssignments": { @@ -34240,7 +35611,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Storage/storageAccounts/{0}/tableServices/{1}/tables/{2}', parameters('storageAccountName'), 'default', parameters('name'))]", + "scope": "[resourceId('Microsoft.Storage/storageAccounts/tableServices/tables', parameters('storageAccountName'), 'default', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Storage/storageAccounts/tableServices/tables', parameters('storageAccountName'), 'default', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -34329,7 +35700,7 @@ "value": "[last(split(tryGet(parameters('secretsExportConfiguration'), 'keyVaultResourceId'), '/'))]" }, "secretsToSet": { - "value": "[union(createArray(), if(contains(parameters('secretsExportConfiguration'), 'accessKey1Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey1Name'), 'value', listKeys('storageAccount', '2025-01-01').keys[0].value)), createArray()), if(contains(parameters('secretsExportConfiguration'), 'connectionString1Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'connectionString1Name'), 'value', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('name'), listKeys('storageAccount', '2025-01-01').keys[0].value, environment().suffixes.storage))), createArray()), if(contains(parameters('secretsExportConfiguration'), 'accessKey2Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey2Name'), 'value', listKeys('storageAccount', '2025-01-01').keys[1].value)), createArray()), if(contains(parameters('secretsExportConfiguration'), 'connectionString2Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'connectionString2Name'), 'value', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('name'), listKeys('storageAccount', '2025-01-01').keys[1].value, environment().suffixes.storage))), createArray()))]" + "value": "[union(createArray(), if(contains(parameters('secretsExportConfiguration'), 'accessKey1Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey1Name'), 'value', listKeys('storageAccount', '2025-06-01').keys[0].value)), createArray()), if(contains(parameters('secretsExportConfiguration'), 'connectionString1Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'connectionString1Name'), 'value', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('name'), listKeys('storageAccount', '2025-06-01').keys[0].value, environment().suffixes.storage))), createArray()), if(contains(parameters('secretsExportConfiguration'), 'accessKey2Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey2Name'), 'value', listKeys('storageAccount', '2025-06-01').keys[1].value)), createArray()), if(contains(parameters('secretsExportConfiguration'), 'connectionString2Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'connectionString2Name'), 'value', format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('name'), listKeys('storageAccount', '2025-06-01').keys[1].value, environment().suffixes.storage))), createArray()))]" } }, "template": { @@ -34339,8 +35710,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "15162266628501794465" + "version": "0.41.2.15936", + "templateHash": "13227497656004178962" } }, "definitions": { @@ -34493,8 +35864,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "7981342209922290627" + "version": "0.41.2.15936", + "templateHash": "1894366578172550759" }, "name": "Storage Account Object Replication Policy", "description": "This module deploys a Storage Account Object Replication Policy for both the source account and destination account." @@ -34647,8 +36018,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "13231340475360081313" + "version": "0.41.2.15936", + "templateHash": "14995722372031126283" }, "name": "Storage Account Object Replication Policy", "description": "This module deploys a Storage Account Object Replication Policy for a provided storage account." @@ -34864,8 +36235,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "13231340475360081313" + "version": "0.41.2.15936", + "templateHash": "14995722372031126283" }, "name": "Storage Account Object Replication Policy", "description": "This module deploys a Storage Account Object Replication Policy for a provided storage account." @@ -35109,14 +36480,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[tryGet(tryGet(reference('storageAccount', '2025-01-01', 'full'), 'identity'), 'principalId')]" + "value": "[tryGet(tryGet(reference('storageAccount', '2025-06-01', 'full'), 'identity'), 'principalId')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('storageAccount', '2025-01-01', 'full').location]" + "value": "[reference('storageAccount', '2025-06-01', 'full').location]" }, "serviceEndpoints": { "type": "object", @@ -35156,28 +36527,28 @@ "metadata": { "description": "The primary access key of the storage account." }, - "value": "[listKeys('storageAccount', '2025-01-01').keys[0].value]" + "value": "[listKeys('storageAccount', '2025-06-01').keys[0].value]" }, "secondaryAccessKey": { "type": "securestring", "metadata": { "description": "The secondary access key of the storage account." }, - "value": "[listKeys('storageAccount', '2025-01-01').keys[1].value]" + "value": "[listKeys('storageAccount', '2025-06-01').keys[1].value]" }, "primaryConnectionString": { "type": "securestring", "metadata": { "description": "The primary connection string of the storage account." }, - "value": "[format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('name'), listKeys('storageAccount', '2025-01-01').keys[0].value, environment().suffixes.storage)]" + "value": "[format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('name'), listKeys('storageAccount', '2025-06-01').keys[0].value, environment().suffixes.storage)]" }, "secondaryConnectionString": { "type": "securestring", "metadata": { "description": "The secondary connection string of the storage account." }, - "value": "[format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('name'), listKeys('storageAccount', '2025-01-01').keys[1].value, environment().suffixes.storage)]" + "value": "[format('DefaultEndpointsProtocol=https;AccountName={0};AccountKey={1};EndpointSuffix={2}', parameters('name'), listKeys('storageAccount', '2025-06-01').keys[1].value, environment().suffixes.storage)]" } } } @@ -35308,8 +36679,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "11676375352983709807" + "version": "0.42.1.51946", + "templateHash": "7193650014508794560" }, "name": "Cognitive Services", "description": "This module deploys a Cognitive Service." @@ -35552,7 +36923,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -35594,7 +36965,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -35635,7 +37006,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -35664,7 +37035,7 @@ "metadata": { "description": "An AVM-aligned type for the output of the secret set via the secrets export feature.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -35730,7 +37101,7 @@ "metadata": { "description": "An AVM-aligned type for a customer-managed key. To be used if the resource type does not support auto-rotation of the customer-managed key.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -35852,7 +37223,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if both logs & metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -35877,12 +37248,19 @@ "metadata": { "description": "Optional. Specify the type of lock." } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } } }, "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -35910,7 +37288,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -36038,6 +37416,9 @@ "type": "object", "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2024-07-01#properties/tags" + }, "description": "Optional. Tags to be applied on all resources/Resource Groups in this deployment." } }, @@ -36052,7 +37433,7 @@ "metadata": { "description": "An AVM-aligned type for a private endpoint. To be used if the private endpoint's default service / groupId can be assumed (i.e., for services that only have one Private Endpoint type like 'vault' for key vault).", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -36127,7 +37508,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -36143,7 +37524,7 @@ "metadata": { "description": "A map of the exported secrets", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -36418,7 +37799,7 @@ "condition": "[and(not(empty(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'))), and(not(empty(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'))), not(empty(tryGet(parameters('customerManagedKey'), 'keyName')))))]", "existing": true, "type": "Microsoft.KeyVault/vaults/keys", - "apiVersion": "2025-05-01", + "apiVersion": "2026-02-01", "subscriptionId": "[split(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '/')[2]]", "resourceGroup": "[split(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '/')[4]]", "name": "[format('{0}/{1}', last(split(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '/')), tryGet(parameters('customerManagedKey'), 'keyName'))]" @@ -36426,7 +37807,7 @@ "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", + "apiVersion": "2025-04-01", "name": "[format('46d3xbcp.res.cognitiveservices-account.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", @@ -36447,7 +37828,7 @@ "condition": "[not(empty(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId')))]", "existing": true, "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2025-05-01", + "apiVersion": "2026-02-01", "subscriptionId": "[split(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '/')[2]]", "resourceGroup": "[split(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '/')[4]]", "name": "[last(split(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '/'))]" @@ -36464,7 +37845,7 @@ "cognitiveServiceNew": { "condition": "[not(variables('useExistingService'))]", "type": "Microsoft.CognitiveServices/accounts", - "apiVersion": "2025-07-01-preview", + "apiVersion": "2025-12-01", "name": "[parameters('name')]", "kind": "[parameters('kind')]", "identity": "[variables('identity')]", @@ -36498,7 +37879,7 @@ "condition": "[variables('useExistingService')]", "existing": true, "type": "Microsoft.CognitiveServices/accounts", - "apiVersion": "2025-07-01-preview", + "apiVersion": "2025-12-01", "subscriptionId": "[variables('existingCognitiveServiceDetails')[2]]", "resourceGroup": "[variables('existingCognitiveServiceDetails')[4]]", "name": "[variables('existingCognitiveServiceDetails')[8]]" @@ -36558,8 +37939,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "8716336912243881623" + "version": "0.42.1.51946", + "templateHash": "17826936588966243586" } }, "definitions": { @@ -36800,7 +38181,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -36842,7 +38223,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -36883,7 +38264,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -36912,7 +38293,7 @@ "metadata": { "description": "An AVM-aligned type for the output of the secret set via the secrets export feature.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -37063,7 +38444,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if both logs & metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -37088,12 +38469,19 @@ "metadata": { "description": "Optional. Specify the type of lock." } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } } }, "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -37221,6 +38609,9 @@ "type": "object", "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2024-07-01#properties/tags" + }, "description": "Optional. Tags to be applied on all resources/Resource Groups in this deployment." } }, @@ -37235,7 +38626,7 @@ "metadata": { "description": "An AVM-aligned type for a private endpoint. To be used if the private endpoint's default service / groupId can be assumed (i.e., for services that only have one Private Endpoint type like 'vault' for key vault).", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -37310,7 +38701,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -37326,7 +38717,7 @@ "metadata": { "description": "A map of the exported secrets", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -37498,7 +38889,7 @@ "cognitiveService": { "existing": true, "type": "Microsoft.CognitiveServices/accounts", - "apiVersion": "2025-07-01-preview", + "apiVersion": "2025-12-01", "name": "[parameters('name')]" }, "cognitiveService_deployments": { @@ -37509,7 +38900,7 @@ "batchSize": 1 }, "type": "Microsoft.CognitiveServices/accounts/deployments", - "apiVersion": "2025-07-01-preview", + "apiVersion": "2025-12-01", "name": "[format('{0}/{1}', parameters('name'), coalesce(tryGet(coalesce(parameters('deployments'), createArray())[copyIndex()], 'name'), format('{0}-deployments', parameters('name'))))]", "properties": { "model": "[coalesce(parameters('deployments'), createArray())[copyIndex()].model]", @@ -37648,8 +39039,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.34.44.8038", - "templateHash": "12389807800450456797" + "version": "0.41.2.15936", + "templateHash": "18436885663402767850" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint." @@ -37676,115 +39067,8 @@ } }, "metadata": { - "__bicep_export!": true - } - }, - "ipConfigurationType": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the resource that is unique within a resource group." - } - }, - "properties": { - "type": "object", - "properties": { - "groupId": { - "type": "string", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string." - } - }, - "memberName": { - "type": "string", - "metadata": { - "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string." - } - }, - "privateIPAddress": { - "type": "string", - "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." - } - } - }, - "metadata": { - "description": "Required. Properties of private endpoint IP configurations." - } - } - }, - "metadata": { - "__bicep_export!": true - } - }, - "privateLinkServiceConnectionType": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, - "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string array `[]`." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } - }, - "requestMessage": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } - } - }, - "metadata": { - "description": "Required. Properties of private link service connection." - } - } - }, - "metadata": { - "__bicep_export!": true - } - }, - "customDnsConfigType": { - "type": "object", - "properties": { - "fqdn": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. FQDN that resolves to private endpoint IP address." - } - }, - "ipAddresses": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." - } - } - }, - "metadata": { - "__bicep_export!": true + "__bicep_export!": true, + "description": "The type of a private dns zone group." } }, "lockType": { @@ -37808,12 +39092,19 @@ "metadata": { "description": "Optional. Specify the type of lock." } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } } }, "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -37835,6 +39126,7 @@ } }, "metadata": { + "description": "The type of a private DNS zone group configuration.", "__bicep_imported_from!": { "sourceTemplate": "private-dns-zone-group/main.bicep" } @@ -37911,7 +39203,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -37948,13 +39240,23 @@ }, "ipConfigurations": { "type": "array", - "items": { - "$ref": "#/definitions/ipConfigurationType" - }, - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/ipConfigurations" + }, "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." - } + }, + "nullable": true + }, + "ipVersionType": { + "type": "string", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/ipVersionType" + }, + "description": "Optional. Specifies the IP version type for the private IPs of the private endpoint. If not defined, this defaults to IPv4." + }, + "defaultValue": "IPv4" }, "privateDnsZoneGroup": { "$ref": "#/definitions/privateDnsZoneGroupType", @@ -37989,40 +39291,43 @@ }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/tags" + }, "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." - } + }, + "nullable": true }, "customDnsConfigs": { "type": "array", - "items": { - "$ref": "#/definitions/customDnsConfigType" - }, - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/customDnsConfigs" + }, "description": "Optional. Custom DNS configurations." - } + }, + "nullable": true }, "manualPrivateLinkServiceConnections": { "type": "array", - "items": { - "$ref": "#/definitions/privateLinkServiceConnectionType" - }, - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/manualPrivateLinkServiceConnections" + }, "description": "Conditional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource. Required if `privateLinkServiceConnections` is empty." - } + }, + "nullable": true }, "privateLinkServiceConnections": { "type": "array", - "items": { - "$ref": "#/definitions/privateLinkServiceConnectionType" - }, - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/privateLinkServiceConnections" + }, "description": "Conditional. A grouping of information about the connection to the remote resource. Required if `manualPrivateLinkServiceConnections` is empty." - } + }, + "nullable": true }, "enableTelemetry": { "type": "bool", @@ -38057,8 +39362,8 @@ "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.11.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.12.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -38076,7 +39381,7 @@ }, "privateEndpoint": { "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2024-05-01", + "apiVersion": "2025-05-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -38097,18 +39402,19 @@ "privateLinkServiceConnections": "[coalesce(parameters('privateLinkServiceConnections'), createArray())]", "subnet": { "id": "[parameters('subnetResourceId')]" - } + }, + "ipVersionType": "[parameters('ipVersionType')]" } }, "privateEndpoint_lock": { "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + "notes": "[coalesce(tryGet(parameters('lock'), 'notes'), if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.'))]" }, "dependsOn": [ "privateEndpoint" @@ -38121,7 +39427,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -38139,7 +39445,7 @@ "privateEndpoint_privateDnsZoneGroup": { "condition": "[not(empty(parameters('privateDnsZoneGroup')))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateEndpoint-PrivateDnsZoneGroup', uniqueString(deployment().name))]", "properties": { "expressionEvaluationOptions": { @@ -38164,8 +39470,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.34.44.8038", - "templateHash": "13997305779829540948" + "version": "0.41.2.15936", + "templateHash": "9935179114830442414" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group." @@ -38189,7 +39495,8 @@ } }, "metadata": { - "__bicep_export!": true + "__bicep_export!": true, + "description": "The type of a private DNS zone group configuration." } } }, @@ -38219,33 +39526,30 @@ } } }, - "variables": { - "copy": [ - { - "name": "privateDnsZoneConfigsVar", - "count": "[length(parameters('privateDnsZoneConfigs'))]", - "input": { - "name": "[coalesce(tryGet(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')], 'name'), last(split(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')].privateDnsZoneResourceId, '/')))]", - "properties": { - "privateDnsZoneId": "[parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')].privateDnsZoneResourceId]" - } - } - } - ] - }, "resources": { "privateEndpoint": { "existing": true, "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2024-05-01", + "apiVersion": "2025-05-01", "name": "[parameters('privateEndpointName')]" }, "privateDnsZoneGroup": { "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2024-05-01", + "apiVersion": "2025-05-01", "name": "[format('{0}/{1}', parameters('privateEndpointName'), parameters('name'))]", "properties": { - "privateDnsZoneConfigs": "[variables('privateDnsZoneConfigsVar')]" + "copy": [ + { + "name": "privateDnsZoneConfigs", + "count": "[length(parameters('privateDnsZoneConfigs'))]", + "input": { + "name": "[coalesce(tryGet(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigs')], 'name'), last(split(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigs')].privateDnsZoneResourceId, '/')))]", + "properties": { + "privateDnsZoneId": "[parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigs')].privateDnsZoneResourceId]" + } + } + } + ] } } }, @@ -38306,14 +39610,15 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('privateEndpoint', '2024-05-01', 'full').location]" + "value": "[reference('privateEndpoint', '2025-05-01', 'full').location]" }, "customDnsConfigs": { "type": "array", - "items": { - "$ref": "#/definitions/customDnsConfigType" - }, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/customDnsConfigs", + "output": true + }, "description": "The custom DNS configurations of the private endpoint." }, "value": "[reference('privateEndpoint').customDnsConfigs]" @@ -38357,7 +39662,7 @@ "value": "[last(split(tryGet(parameters('secretsExportConfiguration'), 'keyVaultResourceId'), '/'))]" }, "secretsToSet": { - "value": "[union(createArray(), if(contains(parameters('secretsExportConfiguration'), 'accessKey1Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey1Name'), 'value', listKeys('cognitiveService', '2025-07-01-preview').key1)), createArray()), if(contains(parameters('secretsExportConfiguration'), 'accessKey2Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey2Name'), 'value', listKeys('cognitiveService', '2025-07-01-preview').key2)), createArray()))]" + "value": "[union(createArray(), if(contains(parameters('secretsExportConfiguration'), 'accessKey1Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey1Name'), 'value', listKeys('cognitiveService', '2025-12-01').key1)), createArray()), if(contains(parameters('secretsExportConfiguration'), 'accessKey2Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey2Name'), 'value', listKeys('cognitiveService', '2025-12-01').key2)), createArray()))]" } }, "template": { @@ -38367,8 +39672,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "10989408486030617267" + "version": "0.42.1.51946", + "templateHash": "12801288885438838277" } }, "definitions": { @@ -38397,7 +39702,7 @@ "metadata": { "description": "An AVM-aligned type for the output of the secret set via the secrets export feature.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -38420,7 +39725,7 @@ "metadata": { "description": "An AVM-aligned type for the secret to set via the secrets export feature.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -38446,7 +39751,7 @@ "keyVault": { "existing": true, "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2025-05-01", + "apiVersion": "2026-02-01", "name": "[parameters('keyVaultName')]" }, "secrets": { @@ -38455,7 +39760,7 @@ "count": "[length(parameters('secretsToSet'))]" }, "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "2025-05-01", + "apiVersion": "2026-02-01", "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('secretsToSet')[copyIndex()].name)]", "properties": { "value": "[parameters('secretsToSet')[copyIndex()].value]" @@ -38521,8 +39826,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "7933643033523871028" + "version": "0.42.1.51946", + "templateHash": "2020223351407601593" } }, "definitions": { @@ -38605,13 +39910,13 @@ "cogServiceReference": { "existing": true, "type": "Microsoft.CognitiveServices/accounts", - "apiVersion": "2024-10-01", + "apiVersion": "2025-12-01", "name": "[parameters('aiServicesName')]" }, "aiProject": { "condition": "[not(variables('useExistingProject'))]", "type": "Microsoft.CognitiveServices/accounts/projects", - "apiVersion": "2025-07-01-preview", + "apiVersion": "2025-12-01", "name": "[format('{0}/{1}', parameters('aiServicesName'), parameters('name'))]", "tags": "[parameters('tags')]", "location": "[parameters('location')]", @@ -38739,8 +40044,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "8716336912243881623" + "version": "0.42.1.51946", + "templateHash": "17826936588966243586" } }, "definitions": { @@ -38981,7 +40286,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -39023,7 +40328,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -39064,7 +40369,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -39093,7 +40398,7 @@ "metadata": { "description": "An AVM-aligned type for the output of the secret set via the secrets export feature.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -39244,7 +40549,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if both logs & metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -39269,12 +40574,19 @@ "metadata": { "description": "Optional. Specify the type of lock." } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } } }, "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -39402,6 +40714,9 @@ "type": "object", "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2024-07-01#properties/tags" + }, "description": "Optional. Tags to be applied on all resources/Resource Groups in this deployment." } }, @@ -39416,7 +40731,7 @@ "metadata": { "description": "An AVM-aligned type for a private endpoint. To be used if the private endpoint's default service / groupId can be assumed (i.e., for services that only have one Private Endpoint type like 'vault' for key vault).", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -39491,7 +40806,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -39507,7 +40822,7 @@ "metadata": { "description": "A map of the exported secrets", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -39679,7 +40994,7 @@ "cognitiveService": { "existing": true, "type": "Microsoft.CognitiveServices/accounts", - "apiVersion": "2025-07-01-preview", + "apiVersion": "2025-12-01", "name": "[parameters('name')]" }, "cognitiveService_deployments": { @@ -39690,7 +41005,7 @@ "batchSize": 1 }, "type": "Microsoft.CognitiveServices/accounts/deployments", - "apiVersion": "2025-07-01-preview", + "apiVersion": "2025-12-01", "name": "[format('{0}/{1}', parameters('name'), coalesce(tryGet(coalesce(parameters('deployments'), createArray())[copyIndex()], 'name'), format('{0}-deployments', parameters('name'))))]", "properties": { "model": "[coalesce(parameters('deployments'), createArray())[copyIndex()].model]", @@ -39829,8 +41144,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.34.44.8038", - "templateHash": "12389807800450456797" + "version": "0.41.2.15936", + "templateHash": "18436885663402767850" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint." @@ -39857,115 +41172,8 @@ } }, "metadata": { - "__bicep_export!": true - } - }, - "ipConfigurationType": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the resource that is unique within a resource group." - } - }, - "properties": { - "type": "object", - "properties": { - "groupId": { - "type": "string", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string." - } - }, - "memberName": { - "type": "string", - "metadata": { - "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string." - } - }, - "privateIPAddress": { - "type": "string", - "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." - } - } - }, - "metadata": { - "description": "Required. Properties of private endpoint IP configurations." - } - } - }, - "metadata": { - "__bicep_export!": true - } - }, - "privateLinkServiceConnectionType": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, - "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string array `[]`." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } - }, - "requestMessage": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } - } - }, - "metadata": { - "description": "Required. Properties of private link service connection." - } - } - }, - "metadata": { - "__bicep_export!": true - } - }, - "customDnsConfigType": { - "type": "object", - "properties": { - "fqdn": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. FQDN that resolves to private endpoint IP address." - } - }, - "ipAddresses": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." - } - } - }, - "metadata": { - "__bicep_export!": true + "__bicep_export!": true, + "description": "The type of a private dns zone group." } }, "lockType": { @@ -39989,12 +41197,19 @@ "metadata": { "description": "Optional. Specify the type of lock." } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." + } } }, "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -40016,6 +41231,7 @@ } }, "metadata": { + "description": "The type of a private DNS zone group configuration.", "__bicep_imported_from!": { "sourceTemplate": "private-dns-zone-group/main.bicep" } @@ -40092,7 +41308,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -40129,13 +41345,23 @@ }, "ipConfigurations": { "type": "array", - "items": { - "$ref": "#/definitions/ipConfigurationType" - }, - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/ipConfigurations" + }, "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." - } + }, + "nullable": true + }, + "ipVersionType": { + "type": "string", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/ipVersionType" + }, + "description": "Optional. Specifies the IP version type for the private IPs of the private endpoint. If not defined, this defaults to IPv4." + }, + "defaultValue": "IPv4" }, "privateDnsZoneGroup": { "$ref": "#/definitions/privateDnsZoneGroupType", @@ -40170,40 +41396,43 @@ }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/tags" + }, "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." - } + }, + "nullable": true }, "customDnsConfigs": { "type": "array", - "items": { - "$ref": "#/definitions/customDnsConfigType" - }, - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/customDnsConfigs" + }, "description": "Optional. Custom DNS configurations." - } + }, + "nullable": true }, "manualPrivateLinkServiceConnections": { "type": "array", - "items": { - "$ref": "#/definitions/privateLinkServiceConnectionType" - }, - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/manualPrivateLinkServiceConnections" + }, "description": "Conditional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource. Required if `privateLinkServiceConnections` is empty." - } + }, + "nullable": true }, "privateLinkServiceConnections": { "type": "array", - "items": { - "$ref": "#/definitions/privateLinkServiceConnectionType" - }, - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/privateLinkServiceConnections" + }, "description": "Conditional. A grouping of information about the connection to the remote resource. Required if `manualPrivateLinkServiceConnections` is empty." - } + }, + "nullable": true }, "enableTelemetry": { "type": "bool", @@ -40238,8 +41467,8 @@ "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.11.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.12.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -40257,7 +41486,7 @@ }, "privateEndpoint": { "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2024-05-01", + "apiVersion": "2025-05-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -40278,18 +41507,19 @@ "privateLinkServiceConnections": "[coalesce(parameters('privateLinkServiceConnections'), createArray())]", "subnet": { "id": "[parameters('subnetResourceId')]" - } + }, + "ipVersionType": "[parameters('ipVersionType')]" } }, "privateEndpoint_lock": { "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + "notes": "[coalesce(tryGet(parameters('lock'), 'notes'), if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.'))]" }, "dependsOn": [ "privateEndpoint" @@ -40302,7 +41532,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -40320,7 +41550,7 @@ "privateEndpoint_privateDnsZoneGroup": { "condition": "[not(empty(parameters('privateDnsZoneGroup')))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateEndpoint-PrivateDnsZoneGroup', uniqueString(deployment().name))]", "properties": { "expressionEvaluationOptions": { @@ -40345,8 +41575,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.34.44.8038", - "templateHash": "13997305779829540948" + "version": "0.41.2.15936", + "templateHash": "9935179114830442414" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group." @@ -40370,7 +41600,8 @@ } }, "metadata": { - "__bicep_export!": true + "__bicep_export!": true, + "description": "The type of a private DNS zone group configuration." } } }, @@ -40400,33 +41631,30 @@ } } }, - "variables": { - "copy": [ - { - "name": "privateDnsZoneConfigsVar", - "count": "[length(parameters('privateDnsZoneConfigs'))]", - "input": { - "name": "[coalesce(tryGet(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')], 'name'), last(split(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')].privateDnsZoneResourceId, '/')))]", - "properties": { - "privateDnsZoneId": "[parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')].privateDnsZoneResourceId]" - } - } - } - ] - }, "resources": { "privateEndpoint": { "existing": true, "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2024-05-01", + "apiVersion": "2025-05-01", "name": "[parameters('privateEndpointName')]" }, "privateDnsZoneGroup": { "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2024-05-01", + "apiVersion": "2025-05-01", "name": "[format('{0}/{1}', parameters('privateEndpointName'), parameters('name'))]", "properties": { - "privateDnsZoneConfigs": "[variables('privateDnsZoneConfigsVar')]" + "copy": [ + { + "name": "privateDnsZoneConfigs", + "count": "[length(parameters('privateDnsZoneConfigs'))]", + "input": { + "name": "[coalesce(tryGet(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigs')], 'name'), last(split(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigs')].privateDnsZoneResourceId, '/')))]", + "properties": { + "privateDnsZoneId": "[parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigs')].privateDnsZoneResourceId]" + } + } + } + ] } } }, @@ -40487,14 +41715,15 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('privateEndpoint', '2024-05-01', 'full').location]" + "value": "[reference('privateEndpoint', '2025-05-01', 'full').location]" }, "customDnsConfigs": { "type": "array", - "items": { - "$ref": "#/definitions/customDnsConfigType" - }, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/customDnsConfigs", + "output": true + }, "description": "The custom DNS configurations of the private endpoint." }, "value": "[reference('privateEndpoint').customDnsConfigs]" @@ -40538,7 +41767,7 @@ "value": "[last(split(tryGet(parameters('secretsExportConfiguration'), 'keyVaultResourceId'), '/'))]" }, "secretsToSet": { - "value": "[union(createArray(), if(contains(parameters('secretsExportConfiguration'), 'accessKey1Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey1Name'), 'value', listKeys('cognitiveService', '2025-07-01-preview').key1)), createArray()), if(contains(parameters('secretsExportConfiguration'), 'accessKey2Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey2Name'), 'value', listKeys('cognitiveService', '2025-07-01-preview').key2)), createArray()))]" + "value": "[union(createArray(), if(contains(parameters('secretsExportConfiguration'), 'accessKey1Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey1Name'), 'value', listKeys('cognitiveService', '2025-12-01').key1)), createArray()), if(contains(parameters('secretsExportConfiguration'), 'accessKey2Name'), createArray(createObject('name', tryGet(parameters('secretsExportConfiguration'), 'accessKey2Name'), 'value', listKeys('cognitiveService', '2025-12-01').key2)), createArray()))]" } }, "template": { @@ -40548,8 +41777,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "10989408486030617267" + "version": "0.42.1.51946", + "templateHash": "12801288885438838277" } }, "definitions": { @@ -40578,7 +41807,7 @@ "metadata": { "description": "An AVM-aligned type for the output of the secret set via the secrets export feature.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -40601,7 +41830,7 @@ "metadata": { "description": "An AVM-aligned type for the secret to set via the secrets export feature.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.5.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -40627,7 +41856,7 @@ "keyVault": { "existing": true, "type": "Microsoft.KeyVault/vaults", - "apiVersion": "2025-05-01", + "apiVersion": "2026-02-01", "name": "[parameters('keyVaultName')]" }, "secrets": { @@ -40636,7 +41865,7 @@ "count": "[length(parameters('secretsToSet'))]" }, "type": "Microsoft.KeyVault/vaults/secrets", - "apiVersion": "2025-05-01", + "apiVersion": "2026-02-01", "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('secretsToSet')[copyIndex()].name)]", "properties": { "value": "[parameters('secretsToSet')[copyIndex()].value]" @@ -40702,8 +41931,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.41.2.15936", - "templateHash": "7933643033523871028" + "version": "0.42.1.51946", + "templateHash": "2020223351407601593" } }, "definitions": { @@ -40786,13 +42015,13 @@ "cogServiceReference": { "existing": true, "type": "Microsoft.CognitiveServices/accounts", - "apiVersion": "2024-10-01", + "apiVersion": "2025-12-01", "name": "[parameters('aiServicesName')]" }, "aiProject": { "condition": "[not(variables('useExistingProject'))]", "type": "Microsoft.CognitiveServices/accounts/projects", - "apiVersion": "2025-07-01-preview", + "apiVersion": "2025-12-01", "name": "[format('{0}/{1}', parameters('aiServicesName'), parameters('name'))]", "tags": "[parameters('tags')]", "location": "[parameters('location')]", @@ -40892,14 +42121,14 @@ "metadata": { "description": "The service endpoint of the cognitive services account." }, - "value": "[if(variables('useExistingService'), reference('cognitiveServiceExisting').endpoint, if(variables('useExistingService'), reference('cognitiveServiceExisting', '2025-07-01-preview', 'full'), reference('cognitiveServiceNew', '2025-07-01-preview', 'full')).properties.endpoint)]" + "value": "[if(variables('useExistingService'), reference('cognitiveServiceExisting').endpoint, if(variables('useExistingService'), reference('cognitiveServiceExisting', '2025-12-01', 'full'), reference('cognitiveServiceNew', '2025-12-01', 'full')).properties.endpoint)]" }, "endpoints": { "$ref": "#/definitions/endpointType", "metadata": { "description": "All endpoints available for the cognitive services account, types depends on the cognitive service kind." }, - "value": "[if(variables('useExistingService'), reference('cognitiveServiceExisting').endpoints, if(variables('useExistingService'), reference('cognitiveServiceExisting', '2025-07-01-preview', 'full'), reference('cognitiveServiceNew', '2025-07-01-preview', 'full')).properties.endpoints)]" + "value": "[if(variables('useExistingService'), reference('cognitiveServiceExisting').endpoints, if(variables('useExistingService'), reference('cognitiveServiceExisting', '2025-12-01', 'full'), reference('cognitiveServiceNew', '2025-12-01', 'full')).properties.endpoints)]" }, "systemAssignedMIPrincipalId": { "type": "string", @@ -40907,14 +42136,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[if(variables('useExistingService'), reference('cognitiveServiceExisting', '2025-07-01-preview', 'full').identity.principalId, tryGet(tryGet(if(variables('useExistingService'), reference('cognitiveServiceExisting', '2025-07-01-preview', 'full'), reference('cognitiveServiceNew', '2025-07-01-preview', 'full')), 'identity'), 'principalId'))]" + "value": "[if(variables('useExistingService'), reference('cognitiveServiceExisting', '2025-12-01', 'full').identity.principalId, tryGet(tryGet(if(variables('useExistingService'), reference('cognitiveServiceExisting', '2025-12-01', 'full'), reference('cognitiveServiceNew', '2025-12-01', 'full')), 'identity'), 'principalId'))]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[if(variables('useExistingService'), reference('cognitiveServiceExisting', '2025-07-01-preview', 'full').location, if(variables('useExistingService'), reference('cognitiveServiceExisting', '2025-07-01-preview', 'full'), reference('cognitiveServiceNew', '2025-07-01-preview', 'full')).location)]" + "value": "[if(variables('useExistingService'), reference('cognitiveServiceExisting', '2025-12-01', 'full').location, if(variables('useExistingService'), reference('cognitiveServiceExisting', '2025-12-01', 'full'), reference('cognitiveServiceNew', '2025-12-01', 'full')).location)]" }, "exportedSecrets": { "$ref": "#/definitions/secretsOutputType", @@ -41016,12 +42245,11 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "2541425927059591098" + "version": "0.41.2.15936", + "templateHash": "18436885663402767850" }, "name": "Private Endpoints", - "description": "This module deploys a Private Endpoint.", - "owner": "Azure/module-maintainers" + "description": "This module deploys a Private Endpoint." }, "definitions": { "privateDnsZoneGroupType": { @@ -41043,80 +42271,11 @@ "description": "Required. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones." } } - } - }, - "roleAssignmentType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated." - } - }, - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "principalId": { - "type": "string", - "metadata": { - "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." - } - }, - "principalType": { - "type": "string", - "allowedValues": [ - "Device", - "ForeignGroup", - "Group", - "ServicePrincipal", - "User" - ], - "nullable": true, - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "description": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "condition": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." - } - }, - "conditionVersion": { - "type": "string", - "allowedValues": [ - "2.0" - ], - "nullable": true, - "metadata": { - "description": "Optional. Version of the condition." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The Resource Id of the delegated managed identity resource." - } - } - } }, - "nullable": true + "metadata": { + "__bicep_export!": true, + "description": "The type of a private dns zone group." + } }, "lockType": { "type": "object", @@ -41139,165 +42298,21 @@ "metadata": { "description": "Optional. Specify the type of lock." } - } - }, - "nullable": true - }, - "ipConfigurationsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the resource that is unique within a resource group." - } - }, - "properties": { - "type": "object", - "properties": { - "groupId": { - "type": "string", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string." - } - }, - "memberName": { - "type": "string", - "metadata": { - "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string." - } - }, - "privateIPAddress": { - "type": "string", - "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." - } - } - }, - "metadata": { - "description": "Required. Properties of private endpoint IP configurations." - } - } - } - }, - "nullable": true - }, - "manualPrivateLinkServiceConnectionsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, - "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string array `[]`." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } - }, - "requestMessage": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } - } - }, - "metadata": { - "description": "Required. Properties of private link service connection." - } - } - } - }, - "nullable": true - }, - "privateLinkServiceConnectionsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, - "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string array `[]`." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } - }, - "requestMessage": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } - } - }, - "metadata": { - "description": "Required. Properties of private link service connection." - } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." } } }, - "nullable": true - }, - "customDnsConfigType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "fqdn": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. FQDN that resolves to private endpoint IP address." - } - }, - "ipAddresses": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." - } - } + "metadata": { + "description": "An AVM-aligned type for a lock.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } - }, - "nullable": true + } }, "privateDnsZoneGroupConfigType": { "type": "object", @@ -41317,10 +42332,86 @@ } }, "metadata": { + "description": "The type of a private DNS zone group configuration.", "__bicep_imported_from!": { "sourceTemplate": "private-dns-zone-group/main.bicep" } } + }, + "roleAssignmentType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." + } + } + }, + "metadata": { + "description": "An AVM-aligned type for a role assignment.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" + } + } } }, "parameters": { @@ -41338,6 +42429,9 @@ }, "applicationSecurityGroupResourceIds": { "type": "array", + "items": { + "type": "string" + }, "nullable": true, "metadata": { "description": "Optional. Application security groups in which the private endpoint IP configuration is included." @@ -41351,10 +42445,24 @@ } }, "ipConfigurations": { - "$ref": "#/definitions/ipConfigurationsType", + "type": "array", "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/ipConfigurations" + }, "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." - } + }, + "nullable": true + }, + "ipVersionType": { + "type": "string", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/ipVersionType" + }, + "description": "Optional. Specifies the IP version type for the private IPs of the private endpoint. If not defined, this defaults to IPv4." + }, + "defaultValue": "IPv4" }, "privateDnsZoneGroup": { "$ref": "#/definitions/privateDnsZoneGroupType", @@ -41372,40 +42480,60 @@ }, "lock": { "$ref": "#/definitions/lockType", + "nullable": true, "metadata": { "description": "Optional. The lock settings of the service." } }, "roleAssignments": { - "$ref": "#/definitions/roleAssignmentType", + "type": "array", + "items": { + "$ref": "#/definitions/roleAssignmentType" + }, + "nullable": true, "metadata": { "description": "Optional. Array of role assignments to create." } }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/tags" + }, "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." - } + }, + "nullable": true }, "customDnsConfigs": { - "$ref": "#/definitions/customDnsConfigType", + "type": "array", "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/customDnsConfigs" + }, "description": "Optional. Custom DNS configurations." - } + }, + "nullable": true }, "manualPrivateLinkServiceConnections": { - "$ref": "#/definitions/manualPrivateLinkServiceConnectionsType", + "type": "array", "metadata": { - "description": "Optional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource." - } + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/manualPrivateLinkServiceConnections" + }, + "description": "Conditional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource. Required if `privateLinkServiceConnections` is empty." + }, + "nullable": true }, "privateLinkServiceConnections": { - "$ref": "#/definitions/privateLinkServiceConnectionsType", + "type": "array", "metadata": { - "description": "Optional. A grouping of information about the connection to the remote resource." - } + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/privateLinkServiceConnections" + }, + "description": "Conditional. A grouping of information about the connection to the remote resource. Required if `manualPrivateLinkServiceConnections` is empty." + }, + "nullable": true }, "enableTelemetry": { "type": "bool", @@ -41440,8 +42568,8 @@ "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.8.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.12.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -41459,7 +42587,7 @@ }, "privateEndpoint": { "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2023-11-01", + "apiVersion": "2025-05-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -41480,18 +42608,19 @@ "privateLinkServiceConnections": "[coalesce(parameters('privateLinkServiceConnections'), createArray())]", "subnet": { "id": "[parameters('subnetResourceId')]" - } + }, + "ipVersionType": "[parameters('ipVersionType')]" } }, "privateEndpoint_lock": { "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + "notes": "[coalesce(tryGet(parameters('lock'), 'notes'), if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.'))]" }, "dependsOn": [ "privateEndpoint" @@ -41504,7 +42633,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -41522,7 +42651,7 @@ "privateEndpoint_privateDnsZoneGroup": { "condition": "[not(empty(parameters('privateDnsZoneGroup')))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateEndpoint-PrivateDnsZoneGroup', uniqueString(deployment().name))]", "properties": { "expressionEvaluationOptions": { @@ -41547,12 +42676,11 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "12329174801198479603" + "version": "0.41.2.15936", + "templateHash": "9935179114830442414" }, "name": "Private Endpoint Private DNS Zone Groups", - "description": "This module deploys a Private Endpoint Private DNS Zone Group.", - "owner": "Azure/module-maintainers" + "description": "This module deploys a Private Endpoint Private DNS Zone Group." }, "definitions": { "privateDnsZoneGroupConfigType": { @@ -41573,7 +42701,8 @@ } }, "metadata": { - "__bicep_export!": true + "__bicep_export!": true, + "description": "The type of a private DNS zone group configuration." } } }, @@ -41603,37 +42732,31 @@ } } }, - "variables": { - "copy": [ - { - "name": "privateDnsZoneConfigsVar", - "count": "[length(parameters('privateDnsZoneConfigs'))]", - "input": { - "name": "[coalesce(tryGet(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')], 'name'), last(split(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')].privateDnsZoneResourceId, '/')))]", - "properties": { - "privateDnsZoneId": "[parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')].privateDnsZoneResourceId]" - } - } - } - ] - }, "resources": { "privateEndpoint": { "existing": true, "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2023-11-01", + "apiVersion": "2025-05-01", "name": "[parameters('privateEndpointName')]" }, "privateDnsZoneGroup": { "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2023-11-01", + "apiVersion": "2025-05-01", "name": "[format('{0}/{1}', parameters('privateEndpointName'), parameters('name'))]", "properties": { - "privateDnsZoneConfigs": "[variables('privateDnsZoneConfigsVar')]" - }, - "dependsOn": [ - "privateEndpoint" - ] + "copy": [ + { + "name": "privateDnsZoneConfigs", + "count": "[length(parameters('privateDnsZoneConfigs'))]", + "input": { + "name": "[coalesce(tryGet(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigs')], 'name'), last(split(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigs')].privateDnsZoneResourceId, '/')))]", + "properties": { + "privateDnsZoneId": "[parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigs')].privateDnsZoneResourceId]" + } + } + } + ] + } } }, "outputs": { @@ -41693,38 +42816,46 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('privateEndpoint', '2023-11-01', 'full').location]" + "value": "[reference('privateEndpoint', '2025-05-01', 'full').location]" }, - "customDnsConfig": { - "$ref": "#/definitions/customDnsConfigType", + "customDnsConfigs": { + "type": "array", "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/customDnsConfigs", + "output": true + }, "description": "The custom DNS configurations of the private endpoint." }, "value": "[reference('privateEndpoint').customDnsConfigs]" }, - "networkInterfaceIds": { + "networkInterfaceResourceIds": { "type": "array", + "items": { + "type": "string" + }, "metadata": { - "description": "The IDs of the network interfaces associated with the private endpoint." + "description": "The resource IDs of the network interfaces associated with the private endpoint." }, - "value": "[reference('privateEndpoint').networkInterfaces]" + "value": "[map(reference('privateEndpoint').networkInterfaces, lambda('nic', lambdaVariables('nic').id))]" }, "groupId": { "type": "string", + "nullable": true, "metadata": { "description": "The group Id for the private endpoint Group." }, - "value": "[if(and(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), greater(length(tryGet(reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties, 'groupIds')), 0)), coalesce(tryGet(reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties, 'groupIds', 0), ''), if(and(not(empty(reference('privateEndpoint').privateLinkServiceConnections)), greater(length(tryGet(reference('privateEndpoint').privateLinkServiceConnections[0].properties, 'groupIds')), 0)), coalesce(tryGet(reference('privateEndpoint').privateLinkServiceConnections[0].properties, 'groupIds', 0), ''), ''))]" + "value": "[coalesce(tryGet(tryGet(tryGet(tryGet(reference('privateEndpoint'), 'manualPrivateLinkServiceConnections'), 0, 'properties'), 'groupIds'), 0), tryGet(tryGet(tryGet(tryGet(reference('privateEndpoint'), 'privateLinkServiceConnections'), 0, 'properties'), 'groupIds'), 0))]" } } } }, "dependsOn": [ "avmAiServices", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]", "virtualNetwork" ] }, @@ -41802,8 +42933,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.39.26.7824", - "templateHash": "6544538318162038728" + "version": "0.41.2.15936", + "templateHash": "8642151282041103672" }, "name": "Cognitive Services", "description": "This module deploys a Cognitive Service." @@ -41900,8 +43031,9 @@ }, "version": { "type": "string", + "nullable": true, "metadata": { - "description": "Required. The version of Cognitive Services account deployment model." + "description": "Conditional. The version of Cognitive Services account deployment model. Required if the model does not have a default version." } } }, @@ -43165,7 +44297,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.cognitiveservices-account.{0}.{1}', replace('0.14.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.cognitiveservices-account.{0}.{1}', replace('0.14.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -43256,7 +44388,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -43286,7 +44418,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -43327,7 +44459,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.CognitiveServices/accounts/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.CognitiveServices/accounts', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.CognitiveServices/accounts', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -44029,8 +45161,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.39.26.7824", - "templateHash": "356315690886888607" + "version": "0.41.2.15936", + "templateHash": "13968722110082077308" } }, "definitions": { @@ -44317,12 +45449,11 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "2541425927059591098" + "version": "0.41.2.15936", + "templateHash": "18436885663402767850" }, "name": "Private Endpoints", - "description": "This module deploys a Private Endpoint.", - "owner": "Azure/module-maintainers" + "description": "This module deploys a Private Endpoint." }, "definitions": { "privateDnsZoneGroupType": { @@ -44344,80 +45475,11 @@ "description": "Required. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones." } } - } - }, - "roleAssignmentType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated." - } - }, - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "principalId": { - "type": "string", - "metadata": { - "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." - } - }, - "principalType": { - "type": "string", - "allowedValues": [ - "Device", - "ForeignGroup", - "Group", - "ServicePrincipal", - "User" - ], - "nullable": true, - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "description": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "condition": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." - } - }, - "conditionVersion": { - "type": "string", - "allowedValues": [ - "2.0" - ], - "nullable": true, - "metadata": { - "description": "Optional. Version of the condition." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The Resource Id of the delegated managed identity resource." - } - } - } }, - "nullable": true + "metadata": { + "__bicep_export!": true, + "description": "The type of a private dns zone group." + } }, "lockType": { "type": "object", @@ -44440,165 +45502,21 @@ "metadata": { "description": "Optional. Specify the type of lock." } - } - }, - "nullable": true - }, - "ipConfigurationsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the resource that is unique within a resource group." - } - }, - "properties": { - "type": "object", - "properties": { - "groupId": { - "type": "string", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string." - } - }, - "memberName": { - "type": "string", - "metadata": { - "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string." - } - }, - "privateIPAddress": { - "type": "string", - "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." - } - } - }, - "metadata": { - "description": "Required. Properties of private endpoint IP configurations." - } - } - } - }, - "nullable": true - }, - "manualPrivateLinkServiceConnectionsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, - "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string array `[]`." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } - }, - "requestMessage": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } - } - }, - "metadata": { - "description": "Required. Properties of private link service connection." - } - } - } - }, - "nullable": true - }, - "privateLinkServiceConnectionsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, - "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string array `[]`." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } - }, - "requestMessage": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } - } - }, - "metadata": { - "description": "Required. Properties of private link service connection." - } + }, + "notes": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the notes of the lock." } } }, - "nullable": true - }, - "customDnsConfigType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "fqdn": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. FQDN that resolves to private endpoint IP address." - } - }, - "ipAddresses": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." - } - } + "metadata": { + "description": "An AVM-aligned type for a lock.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } - }, - "nullable": true + } }, "privateDnsZoneGroupConfigType": { "type": "object", @@ -44618,10 +45536,86 @@ } }, "metadata": { + "description": "The type of a private DNS zone group configuration.", "__bicep_imported_from!": { "sourceTemplate": "private-dns-zone-group/main.bicep" } } + }, + "roleAssignmentType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." + } + } + }, + "metadata": { + "description": "An AVM-aligned type for a role assignment.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" + } + } } }, "parameters": { @@ -44639,6 +45633,9 @@ }, "applicationSecurityGroupResourceIds": { "type": "array", + "items": { + "type": "string" + }, "nullable": true, "metadata": { "description": "Optional. Application security groups in which the private endpoint IP configuration is included." @@ -44652,10 +45649,24 @@ } }, "ipConfigurations": { - "$ref": "#/definitions/ipConfigurationsType", + "type": "array", "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/ipConfigurations" + }, "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." - } + }, + "nullable": true + }, + "ipVersionType": { + "type": "string", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/ipVersionType" + }, + "description": "Optional. Specifies the IP version type for the private IPs of the private endpoint. If not defined, this defaults to IPv4." + }, + "defaultValue": "IPv4" }, "privateDnsZoneGroup": { "$ref": "#/definitions/privateDnsZoneGroupType", @@ -44673,40 +45684,60 @@ }, "lock": { "$ref": "#/definitions/lockType", + "nullable": true, "metadata": { "description": "Optional. The lock settings of the service." } }, "roleAssignments": { - "$ref": "#/definitions/roleAssignmentType", + "type": "array", + "items": { + "$ref": "#/definitions/roleAssignmentType" + }, + "nullable": true, "metadata": { "description": "Optional. Array of role assignments to create." } }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/tags" + }, "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." - } + }, + "nullable": true }, "customDnsConfigs": { - "$ref": "#/definitions/customDnsConfigType", + "type": "array", "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/customDnsConfigs" + }, "description": "Optional. Custom DNS configurations." - } + }, + "nullable": true }, "manualPrivateLinkServiceConnections": { - "$ref": "#/definitions/manualPrivateLinkServiceConnectionsType", + "type": "array", "metadata": { - "description": "Optional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource." - } + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/manualPrivateLinkServiceConnections" + }, + "description": "Conditional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource. Required if `privateLinkServiceConnections` is empty." + }, + "nullable": true }, "privateLinkServiceConnections": { - "$ref": "#/definitions/privateLinkServiceConnectionsType", + "type": "array", "metadata": { - "description": "Optional. A grouping of information about the connection to the remote resource." - } + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/privateLinkServiceConnections" + }, + "description": "Conditional. A grouping of information about the connection to the remote resource. Required if `manualPrivateLinkServiceConnections` is empty." + }, + "nullable": true }, "enableTelemetry": { "type": "bool", @@ -44741,8 +45772,8 @@ "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.8.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.12.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -44760,7 +45791,7 @@ }, "privateEndpoint": { "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2023-11-01", + "apiVersion": "2025-05-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -44781,18 +45812,19 @@ "privateLinkServiceConnections": "[coalesce(parameters('privateLinkServiceConnections'), createArray())]", "subnet": { "id": "[parameters('subnetResourceId')]" - } + }, + "ipVersionType": "[parameters('ipVersionType')]" } }, "privateEndpoint_lock": { "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", - "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + "notes": "[coalesce(tryGet(parameters('lock'), 'notes'), if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.'))]" }, "dependsOn": [ "privateEndpoint" @@ -44805,7 +45837,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.Network/privateEndpoints', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -44823,7 +45855,7 @@ "privateEndpoint_privateDnsZoneGroup": { "condition": "[not(empty(parameters('privateDnsZoneGroup')))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-PrivateEndpoint-PrivateDnsZoneGroup', uniqueString(deployment().name))]", "properties": { "expressionEvaluationOptions": { @@ -44848,12 +45880,11 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "12329174801198479603" + "version": "0.41.2.15936", + "templateHash": "9935179114830442414" }, "name": "Private Endpoint Private DNS Zone Groups", - "description": "This module deploys a Private Endpoint Private DNS Zone Group.", - "owner": "Azure/module-maintainers" + "description": "This module deploys a Private Endpoint Private DNS Zone Group." }, "definitions": { "privateDnsZoneGroupConfigType": { @@ -44874,7 +45905,8 @@ } }, "metadata": { - "__bicep_export!": true + "__bicep_export!": true, + "description": "The type of a private DNS zone group configuration." } } }, @@ -44904,37 +45936,31 @@ } } }, - "variables": { - "copy": [ - { - "name": "privateDnsZoneConfigsVar", - "count": "[length(parameters('privateDnsZoneConfigs'))]", - "input": { - "name": "[coalesce(tryGet(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')], 'name'), last(split(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')].privateDnsZoneResourceId, '/')))]", - "properties": { - "privateDnsZoneId": "[parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')].privateDnsZoneResourceId]" - } - } - } - ] - }, "resources": { "privateEndpoint": { "existing": true, "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2023-11-01", + "apiVersion": "2025-05-01", "name": "[parameters('privateEndpointName')]" }, "privateDnsZoneGroup": { "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2023-11-01", + "apiVersion": "2025-05-01", "name": "[format('{0}/{1}', parameters('privateEndpointName'), parameters('name'))]", "properties": { - "privateDnsZoneConfigs": "[variables('privateDnsZoneConfigsVar')]" - }, - "dependsOn": [ - "privateEndpoint" - ] + "copy": [ + { + "name": "privateDnsZoneConfigs", + "count": "[length(parameters('privateDnsZoneConfigs'))]", + "input": { + "name": "[coalesce(tryGet(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigs')], 'name'), last(split(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigs')].privateDnsZoneResourceId, '/')))]", + "properties": { + "privateDnsZoneId": "[parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigs')].privateDnsZoneResourceId]" + } + } + } + ] + } } }, "outputs": { @@ -44994,37 +46020,45 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('privateEndpoint', '2023-11-01', 'full').location]" + "value": "[reference('privateEndpoint', '2025-05-01', 'full').location]" }, - "customDnsConfig": { - "$ref": "#/definitions/customDnsConfigType", + "customDnsConfigs": { + "type": "array", "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.Network/privateEndpoints@2025-05-01#properties/properties/properties/customDnsConfigs", + "output": true + }, "description": "The custom DNS configurations of the private endpoint." }, "value": "[reference('privateEndpoint').customDnsConfigs]" }, - "networkInterfaceIds": { + "networkInterfaceResourceIds": { "type": "array", + "items": { + "type": "string" + }, "metadata": { - "description": "The IDs of the network interfaces associated with the private endpoint." + "description": "The resource IDs of the network interfaces associated with the private endpoint." }, - "value": "[reference('privateEndpoint').networkInterfaces]" + "value": "[map(reference('privateEndpoint').networkInterfaces, lambda('nic', lambdaVariables('nic').id))]" }, "groupId": { "type": "string", + "nullable": true, "metadata": { "description": "The group Id for the private endpoint Group." }, - "value": "[if(and(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), greater(length(tryGet(reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties, 'groupIds')), 0)), coalesce(tryGet(reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties, 'groupIds', 0), ''), if(and(not(empty(reference('privateEndpoint').privateLinkServiceConnections)), greater(length(tryGet(reference('privateEndpoint').privateLinkServiceConnections[0].properties, 'groupIds')), 0)), coalesce(tryGet(reference('privateEndpoint').privateLinkServiceConnections[0].properties, 'groupIds', 0), ''), ''))]" + "value": "[coalesce(tryGet(tryGet(tryGet(tryGet(reference('privateEndpoint'), 'manualPrivateLinkServiceConnections'), 0, 'properties'), 'groupIds'), 0), tryGet(tryGet(tryGet(tryGet(reference('privateEndpoint'), 'privateLinkServiceConnections'), 0, 'properties'), 'groupIds'), 0))]" } } } }, "dependsOn": [ "avmAiServices_cu", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]", - "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]", "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').aiServices)]", + "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').contentUnderstanding)]", "virtualNetwork" ] }, @@ -45055,7 +46089,7 @@ "systemAssigned": true } }, - "appLogsConfiguration": "[if(parameters('enableMonitoring'), createObject('value', createObject('destination', 'log-analytics', 'logAnalyticsConfiguration', createObject('customerId', reference('logAnalyticsWorkspace').outputs.logAnalyticsWorkspaceId.value, 'sharedKey', listOutputsWithSecureValues('logAnalyticsWorkspace', '2025-04-01').primarySharedKey))), createObject('value', null()))]", + "appLogsConfiguration": "[if(parameters('enableMonitoring'), createObject('value', createObject('destination', 'log-analytics', 'logAnalyticsWorkspaceResourceId', reference('logAnalyticsWorkspace').outputs.resourceId.value)), createObject('value', null()))]", "workloadProfiles": { "value": [ { @@ -45086,8 +46120,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "1345160196550942789" + "version": "0.42.1.51946", + "templateHash": "11924518395502120940" }, "name": "App ManagedEnvironments", "description": "This module deploys an App Managed Environment (also known as a Container App Environment)." @@ -45122,7 +46156,7 @@ } }, "certificatePassword": { - "type": "string", + "type": "securestring", "nullable": true, "metadata": { "description": "Optional. The password of the certificate." @@ -45134,6 +46168,23 @@ "metadata": { "description": "Optional. A key vault reference." } + }, + "location": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The location for the resource." + } + }, + "tags": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/managedEnvironments/certificates@2025-10-02-preview#properties/tags" + }, + "description": "Optional. Tags of the resource." + }, + "nullable": true } }, "metadata": { @@ -45170,7 +46221,7 @@ "description": "Required. Storage account name." } }, - "shareName": { + "name": { "type": "string", "metadata": { "description": "Required. File share name." @@ -45183,45 +46234,61 @@ } }, "appLogsConfigurationType": { + "type": "object", + "discriminator": { + "propertyName": "destination", + "mapping": { + "azure-monitor": { + "$ref": "#/definitions/appLogsConfigurationMonitorType" + }, + "log-analytics": { + "$ref": "#/definitions/appLogsConfigurationLawType" + } + } + }, + "metadata": { + "__bicep_export!": true, + "description": "The type for the App Logs Configuration." + } + }, + "appLogsConfigurationMonitorType": { "type": "object", "properties": { "destination": { "type": "string", "allowedValues": [ - "azure-monitor", - "log-analytics", - "none" + "azure-monitor" ], - "nullable": true, "metadata": { - "description": "Optional. The destination of the logs." + "description": "Required. The destination of the logs." + } + } + }, + "metadata": { + "description": "The type for the App Logs Configuration if using azure-monitor." + } + }, + "appLogsConfigurationLawType": { + "type": "object", + "properties": { + "destination": { + "type": "string", + "allowedValues": [ + "log-analytics" + ], + "metadata": { + "description": "Required. The destination of the logs." } }, - "logAnalyticsConfiguration": { - "type": "object", - "properties": { - "customerId": { - "type": "string", - "metadata": { - "description": "Required. The Log Analytics Workspace ID." - } - }, - "sharedKey": { - "type": "securestring", - "metadata": { - "description": "Required. The shared key of the Log Analytics workspace." - } - } - }, - "nullable": true, + "logAnalyticsWorkspaceResourceId": { + "type": "string", "metadata": { - "description": "Conditional. The Log Analytics configuration. Required if `destination` is `log-analytics`." + "description": "Required. Existing Log Analytics Workspace resource ID." } } }, "metadata": { - "__bicep_export!": true, - "description": "The type for the App Logs Configuration." + "description": "The type for the App Logs Configuration if using log-analytics." } }, "certificateKeyVaultPropertiesType": { @@ -45243,7 +46310,7 @@ "metadata": { "description": "The type for the certificate's key vault properties.", "__bicep_imported_from!": { - "sourceTemplate": "certificates/main.bicep" + "sourceTemplate": "certificate/main.bicep" } } }, @@ -45406,7 +46473,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/managedEnvironments@2024-10-02-preview#properties/tags" + "source": "Microsoft.App/managedEnvironments@2025-10-02-preview#properties/tags" }, "description": "Optional. Tags of the resource." }, @@ -45443,6 +46510,46 @@ "description": "Optional. Application Insights connection string." } }, + "daprConfiguration": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/managedEnvironments@2025-10-02-preview#properties/properties/properties/daprConfiguration" + }, + "description": "Optional. The configuration of Dapr component." + }, + "nullable": true + }, + "ingressConfiguration": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/managedEnvironments@2025-10-02-preview#properties/properties/properties/ingressConfiguration" + }, + "description": "Optional. Ingress configuration for the Managed Environment." + }, + "nullable": true + }, + "kedaConfiguration": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/managedEnvironments@2025-10-02-preview#properties/properties/properties/kedaConfiguration" + }, + "description": "Optional. The configuration of Keda component." + }, + "nullable": true + }, + "peerAuthentication": { + "type": "object", + "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/managedEnvironments@2025-10-02-preview#properties/properties/properties/peerAuthentication" + }, + "description": "Optional. Peer authentication settings for the Managed Environment." + }, + "nullable": true + }, "daprAIConnectionString": { "type": "securestring", "defaultValue": "", @@ -45466,7 +46573,7 @@ }, "infrastructureSubnetResourceId": { "type": "string", - "defaultValue": "", + "nullable": true, "metadata": { "description": "Conditional. Resource ID of a subnet for infrastructure components. This is used to deploy the environment into a virtual network. Must not overlap with any other provided IP ranges. Required if \"internal\" is set to true. Required if zoneRedundant is set to true to make the resource WAF compliant." } @@ -45475,7 +46582,7 @@ "type": "bool", "defaultValue": false, "metadata": { - "description": "Conditional. Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then \"infrastructureSubnetId\" must be provided. Required if zoneRedundant is set to true to make the resource WAF compliant." + "description": "Conditional. Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then \"infrastructureSubnetResourceId\" must be provided. Required if zoneRedundant is set to true to make the resource WAF compliant." } }, "platformReservedCidr": { @@ -45526,7 +46633,7 @@ }, "certificateValue": { "type": "securestring", - "defaultValue": "", + "nullable": true, "metadata": { "description": "Optional. Certificate to use for the custom domain. PFX or PEM." } @@ -45547,17 +46654,23 @@ }, "openTelemetryConfiguration": { "type": "object", - "defaultValue": {}, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/managedEnvironments@2025-02-02-preview#properties/properties/properties/openTelemetryConfiguration" + }, "description": "Optional. Open Telemetry configuration." - } + }, + "nullable": true }, "workloadProfiles": { "type": "array", - "defaultValue": [], "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/managedEnvironments@2025-10-02-preview#properties/properties/properties/workloadProfiles" + }, "description": "Conditional. Workload profiles configured for the Managed Environment. Required if zoneRedundant is set to true to make the resource WAF compliant." - } + }, + "nullable": true }, "infrastructureResourceGroupName": { "type": "string", @@ -45600,7 +46713,7 @@ } ], "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(variables('formattedUserAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(variables('formattedUserAssignedIdentities'))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", "builtInRoleNames": { "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", @@ -45610,27 +46723,11 @@ } }, "resources": { - "managedEnvironment::storage": { - "copy": { - "name": "managedEnvironment::storage", - "count": "[length(coalesce(parameters('storages'), createArray()))]" - }, - "type": "Microsoft.App/managedEnvironments/storages", - "apiVersion": "2024-10-02-preview", - "name": "[format('{0}/{1}', parameters('name'), coalesce(parameters('storages'), createArray())[copyIndex()].shareName)]", - "properties": { - "nfsAzureFile": "[if(equals(coalesce(parameters('storages'), createArray())[copyIndex()].kind, 'NFS'), createObject('accessMode', coalesce(parameters('storages'), createArray())[copyIndex()].accessMode, 'server', format('{0}.file.{1}', coalesce(parameters('storages'), createArray())[copyIndex()].storageAccountName, environment().suffixes.storage), 'shareName', format('/{0}/{1}', coalesce(parameters('storages'), createArray())[copyIndex()].storageAccountName, coalesce(parameters('storages'), createArray())[copyIndex()].shareName)), null())]", - "azureFile": "[if(equals(coalesce(parameters('storages'), createArray())[copyIndex()].kind, 'SMB'), createObject('accessMode', coalesce(parameters('storages'), createArray())[copyIndex()].accessMode, 'accountName', coalesce(parameters('storages'), createArray())[copyIndex()].storageAccountName, 'accountKey', listkeys(resourceId('Microsoft.Storage/storageAccounts', coalesce(parameters('storages'), createArray())[copyIndex()].storageAccountName), '2023-01-01').keys[0].value, 'shareName', coalesce(parameters('storages'), createArray())[copyIndex()].shareName), null())]" - }, - "dependsOn": [ - "managedEnvironment" - ] - }, "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-11-01", - "name": "[format('46d3xbcp.res.app-managedenvironment.{0}.{1}', replace('0.11.3', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.app-managedenvironment.{0}.{1}', replace('0.13.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -45646,9 +46743,18 @@ } } }, + "logAnalyticsWorkspace": { + "condition": "[not(empty(tryGet(parameters('appLogsConfiguration'), 'logAnalyticsWorkspaceResourceId')))]", + "existing": true, + "type": "Microsoft.OperationalInsights/workspaces", + "apiVersion": "2025-02-01", + "subscriptionId": "[split(tryGet(parameters('appLogsConfiguration'), 'logAnalyticsWorkspaceResourceId'), '/')[2]]", + "resourceGroup": "[split(tryGet(parameters('appLogsConfiguration'), 'logAnalyticsWorkspaceResourceId'), '/')[4]]", + "name": "[last(split(tryGet(parameters('appLogsConfiguration'), 'logAnalyticsWorkspaceResourceId'), '/'))]" + }, "managedEnvironment": { "type": "Microsoft.App/managedEnvironments", - "apiVersion": "2024-10-02-preview", + "apiVersion": "2025-10-02-preview", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -45657,16 +46763,20 @@ "appInsightsConfiguration": { "connectionString": "[parameters('appInsightsConnectionString')]" }, - "appLogsConfiguration": "[parameters('appLogsConfiguration')]", + "daprConfiguration": "[parameters('daprConfiguration')]", + "ingressConfiguration": "[parameters('ingressConfiguration')]", + "kedaConfiguration": "[parameters('kedaConfiguration')]", + "peerAuthentication": "[parameters('peerAuthentication')]", + "appLogsConfiguration": "[if(not(empty(parameters('appLogsConfiguration'))), shallowMerge(createArray(createObject('destination', parameters('appLogsConfiguration').destination), if(not(empty(tryGet(parameters('appLogsConfiguration'), 'logAnalyticsWorkspaceResourceId'))), createObject('logAnalyticsConfiguration', createObject('customerId', reference('logAnalyticsWorkspace').customerId, 'sharedKey', listKeys('logAnalyticsWorkspace', '2025-02-01').primarySharedKey)), createObject()))), null())]", "daprAIConnectionString": "[parameters('daprAIConnectionString')]", "daprAIInstrumentationKey": "[parameters('daprAIInstrumentationKey')]", "customDomainConfiguration": { "certificatePassword": "[parameters('certificatePassword')]", - "certificateValue": "[if(not(empty(parameters('certificateValue'))), parameters('certificateValue'), null())]", + "certificateValue": "[parameters('certificateValue')]", "dnsSuffix": "[parameters('dnsSuffix')]", "certificateKeyVaultProperties": "[if(not(empty(tryGet(parameters('certificate'), 'certificateKeyVaultProperties'))), createObject('identity', tryGet(parameters('certificate'), 'certificateKeyVaultProperties', 'identityResourceId'), 'keyVaultUrl', tryGet(parameters('certificate'), 'certificateKeyVaultProperties', 'keyVaultUrl')), null())]" }, - "openTelemetryConfiguration": "[if(not(empty(parameters('openTelemetryConfiguration'))), parameters('openTelemetryConfiguration'), null())]", + "openTelemetryConfiguration": "[parameters('openTelemetryConfiguration')]", "peerTrafficConfiguration": { "encryption": { "enabled": "[parameters('peerTrafficEncryption')]" @@ -45675,15 +46785,18 @@ "publicNetworkAccess": "[parameters('publicNetworkAccess')]", "vnetConfiguration": { "internal": "[parameters('internal')]", - "infrastructureSubnetId": "[if(not(empty(parameters('infrastructureSubnetResourceId'))), parameters('infrastructureSubnetResourceId'), null())]", + "infrastructureSubnetId": "[parameters('infrastructureSubnetResourceId')]", "dockerBridgeCidr": "[if(not(empty(parameters('infrastructureSubnetResourceId'))), parameters('dockerBridgeCidr'), null())]", "platformReservedCidr": "[if(and(empty(parameters('workloadProfiles')), not(empty(parameters('infrastructureSubnetResourceId')))), parameters('platformReservedCidr'), null())]", "platformReservedDnsIP": "[if(and(empty(parameters('workloadProfiles')), not(empty(parameters('infrastructureSubnetResourceId')))), parameters('platformReservedDnsIP'), null())]" }, - "workloadProfiles": "[if(not(empty(parameters('workloadProfiles'))), parameters('workloadProfiles'), null())]", + "workloadProfiles": "[parameters('workloadProfiles')]", "zoneRedundant": "[parameters('zoneRedundant')]", "infrastructureResourceGroup": "[parameters('infrastructureResourceGroupName')]" - } + }, + "dependsOn": [ + "logAnalyticsWorkspace" + ] }, "managedEnvironment_roleAssignments": { "copy": { @@ -45692,7 +46805,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.App/managedEnvironments/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/managedEnvironments', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.App/managedEnvironments', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -45711,7 +46824,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.App/managedEnvironments/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/managedEnvironments', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -45721,10 +46834,135 @@ "managedEnvironment" ] }, + "managedEnvironment_storage": { + "copy": { + "name": "managedEnvironment_storage", + "count": "[length(coalesce(parameters('storages'), createArray()))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2025-04-01", + "name": "[format('{0}-Managed-Environment-Storage-{1}', uniqueString(deployment().name), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[coalesce(parameters('storages'), createArray())[copyIndex()].name]" + }, + "managedEnvironmentName": { + "value": "[parameters('name')]" + }, + "kind": { + "value": "[coalesce(parameters('storages'), createArray())[copyIndex()].kind]" + }, + "accessMode": { + "value": "[coalesce(parameters('storages'), createArray())[copyIndex()].accessMode]" + }, + "storageAccountName": { + "value": "[coalesce(parameters('storages'), createArray())[copyIndex()].storageAccountName]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.42.1.51946", + "templateHash": "945327737463253676" + }, + "name": "App ManagedEnvironments Certificates", + "description": "This module deploys a App Managed Environment Certificate." + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the file share." + } + }, + "managedEnvironmentName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent app managed environment. Required if the template is used in a standalone deployment." + } + }, + "accessMode": { + "type": "string", + "metadata": { + "description": "Required. The access mode for the storage." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "NFS", + "SMB" + ], + "metadata": { + "description": "Required. Type of storage: \"SMB\" or \"NFS\"." + } + }, + "storageAccountName": { + "type": "string", + "metadata": { + "description": "Required. Storage account name." + } + } + }, + "resources": { + "managedEnvironment": { + "existing": true, + "type": "Microsoft.App/managedEnvironments", + "apiVersion": "2025-10-02-preview", + "name": "[parameters('managedEnvironmentName')]" + }, + "storage": { + "type": "Microsoft.App/managedEnvironments/storages", + "apiVersion": "2025-10-02-preview", + "name": "[format('{0}/{1}', parameters('managedEnvironmentName'), parameters('name'))]", + "properties": { + "nfsAzureFile": "[if(equals(parameters('kind'), 'NFS'), createObject('accessMode', parameters('accessMode'), 'server', format('{0}.file.{1}', parameters('storageAccountName'), environment().suffixes.storage), 'shareName', format('/{0}/{1}', parameters('storageAccountName'), parameters('name'))), null())]", + "azureFile": "[if(equals(parameters('kind'), 'SMB'), createObject('accessMode', parameters('accessMode'), 'accountName', parameters('storageAccountName'), 'accountKey', listkeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2025-01-01').keys[0].value, 'shareName', parameters('name')), null())]" + } + } + }, + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the file share." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the file share." + }, + "value": "[resourceId('Microsoft.App/managedEnvironments/storages', parameters('managedEnvironmentName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the file share was deployed into." + }, + "value": "[resourceGroup().name]" + } + } + } + }, + "dependsOn": [ + "managedEnvironment" + ] + }, "managedEnvironment_certificate": { "condition": "[not(empty(parameters('certificate')))]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", + "apiVersion": "2025-04-01", "name": "[format('{0}-Managed-Environment-Certificate', uniqueString(deployment().name))]", "properties": { "expressionEvaluationOptions": { @@ -45749,6 +46987,12 @@ }, "certificatePassword": { "value": "[tryGet(parameters('certificate'), 'certificatePassword')]" + }, + "location": { + "value": "[tryGet(parameters('certificate'), 'location')]" + }, + "tags": { + "value": "[tryGet(parameters('certificate'), 'tags')]" } }, "template": { @@ -45758,8 +47002,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.37.4.10188", - "templateHash": "13507794255589178049" + "version": "0.42.1.51946", + "templateHash": "574133184207535827" }, "name": "App ManagedEnvironments Certificates", "description": "This module deploys a App Managed Environment Certificate." @@ -45841,22 +47085,25 @@ }, "tags": { "type": "object", - "nullable": true, "metadata": { + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/managedEnvironments/certificates@2025-10-02-preview#properties/tags" + }, "description": "Optional. Tags of the resource." - } + }, + "nullable": true } }, "resources": { "managedEnvironment": { "existing": true, "type": "Microsoft.App/managedEnvironments", - "apiVersion": "2024-10-02-preview", + "apiVersion": "2025-10-02-preview", "name": "[parameters('managedEnvironmentName')]" }, "managedEnvironmentCertificate": { "type": "Microsoft.App/managedEnvironments/certificates", - "apiVersion": "2024-10-02-preview", + "apiVersion": "2025-10-02-preview", "name": "[format('{0}/{1}', parameters('managedEnvironmentName'), parameters('name'))]", "location": "[parameters('location')]", "properties": { @@ -45886,7 +47133,7 @@ "resourceGroupName": { "type": "string", "metadata": { - "description": "The resource group the batch account was deployed into." + "description": "The resource group the certificate was deployed into." }, "value": "[resourceGroup().name]" } @@ -45911,7 +47158,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('managedEnvironment', '2024-10-02-preview', 'full').location]" + "value": "[reference('managedEnvironment', '2025-10-02-preview', 'full').location]" }, "name": { "type": "string", @@ -45933,7 +47180,7 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[tryGet(tryGet(reference('managedEnvironment', '2024-10-02-preview', 'full'), 'identity'), 'principalId')]" + "value": "[tryGet(tryGet(reference('managedEnvironment', '2025-10-02-preview', 'full'), 'identity'), 'principalId')]" }, "defaultDomain": { "type": "string", @@ -45994,8 +47241,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "4802029174070596736" + "version": "0.39.26.7824", + "templateHash": "7591858083424858339" }, "name": "User Assigned Identities", "description": "This module deploys a User Assigned Identity." @@ -46207,6 +47454,17 @@ "metadata": { "description": "Optional. Enable/Disable usage telemetry for module." } + }, + "isolationScope": { + "type": "string", + "nullable": true, + "allowedValues": [ + "None", + "Regional" + ], + "metadata": { + "description": "Optional. Enum to configure regional restrictions on identity assignment, as necessary. Allowed values: \"None\", \"Regional\"." + } } }, "variables": { @@ -46232,7 +47490,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.managedidentity-userassignedidentity.{0}.{1}', replace('0.4.2', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.managedidentity-userassignedidentity.{0}.{1}', replace('0.5.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -46253,7 +47511,8 @@ "apiVersion": "2024-11-30", "name": "[parameters('name')]", "location": "[parameters('location')]", - "tags": "[parameters('tags')]" + "tags": "[parameters('tags')]", + "properties": "[if(not(equals(parameters('isolationScope'), null())), createObject('isolationScope', parameters('isolationScope')), createObject())]" }, "userAssignedIdentity_lock": { "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", @@ -46300,7 +47559,7 @@ }, "type": "Microsoft.Resources/deployments", "apiVersion": "2025-04-01", - "name": "[format('{0}-UserMSI-FederatedIdentityCred-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-UserMSI-FederatedIdentityCred-{1}', uniqueString(subscription().id, resourceGroup().id, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -46329,8 +47588,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "8235783049087377232" + "version": "0.39.26.7824", + "templateHash": "1387931959101373036" }, "name": "User Assigned Identity Federated Identity Credential", "description": "This module deploys a User Assigned Identity Federated Identity Credential." @@ -46560,8 +47819,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "7056981135113238663" + "version": "0.42.1.51946", + "templateHash": "12626366001403616495" }, "name": "Container Apps", "description": "This module deploys a Container App." @@ -47041,7 +48300,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/encryptionSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/encryptionSettings" }, "description": "Optional. The configuration settings of the secrets references of encryption key and signing key for ContainerApp Service Authentication/Authorization." }, @@ -47051,7 +48310,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/globalValidation" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/globalValidation" }, "description": "Optional. The configuration settings that determines the validation flow of users using Service Authentication and/or Authorization." }, @@ -47061,7 +48320,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/httpSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/httpSettings" }, "description": "Optional. The configuration settings of the HTTP requests for authentication and authorization requests made against ContainerApp Service Authentication/Authorization." }, @@ -47071,7 +48330,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/identityProviders" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/identityProviders" }, "description": "Optional. The configuration settings of each of the identity providers used to configure ContainerApp Service Authentication/Authorization." }, @@ -47081,7 +48340,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/login" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/login" }, "description": "Optional. The configuration settings of the login flow of users using ContainerApp Service Authentication/Authorization." }, @@ -47091,7 +48350,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/platform" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/platform" }, "description": "Optional. The configuration settings of the platform of ContainerApp Service Authentication/Authorization." }, @@ -47188,7 +48447,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if only metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -47225,7 +48484,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -47253,7 +48512,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -47328,7 +48587,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } } @@ -47420,7 +48679,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/service" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/service" }, "description": "Optional. Dev ContainerApp service type." }, @@ -47505,7 +48764,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/tags" + "source": "Microsoft.App/containerApps@2026-01-01#properties/tags" }, "description": "Optional. Tags of the resource." }, @@ -47515,7 +48774,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/registries" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/registries" }, "description": "Optional. Collection of private container registry credentials for containers used by the Container app." }, @@ -47549,7 +48808,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/ingress/properties/customDomains" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/customDomains" }, "description": "Optional. Custom domain bindings for Container App hostnames." }, @@ -47566,45 +48825,27 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/ingress/properties/ipSecurityRestrictions" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/ipSecurityRestrictions" }, "description": "Optional. Rules to restrict incoming IP address." }, "nullable": true }, - "trafficLabel": { - "type": "string", - "defaultValue": "label-1", - "metadata": { - "description": "Optional. Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes." - } - }, - "trafficLatestRevision": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Indicates that the traffic weight belongs to a latest stable revision." - } - }, - "trafficRevisionName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of a revision." - } - }, - "trafficWeight": { - "type": "int", - "defaultValue": 100, + "traffic": { + "type": "array", "metadata": { - "description": "Optional. Traffic weight assigned to a revision." - } + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/traffic" + }, + "description": "Optional. Traffic weight configuration for routing traffic across revisions. Each entry specifies a revision (or latest) and its traffic percentage. Supports blue-green and canary deployment patterns." + }, + "nullable": true }, "dapr": { "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/dapr" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/dapr" }, "description": "Optional. Dapr configuration for the Container App." }, @@ -47614,7 +48855,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/identitySettings" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/identitySettings" }, "description": "Optional. Settings for Managed Identities that are assigned to the Container App. If a Managed Identity is not specified here, default settings will be used." }, @@ -47631,7 +48872,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/runtime" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/runtime" }, "description": "Optional. Runtime configuration for the Container App." }, @@ -47641,7 +48882,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/containers" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/containers" }, "description": "Required. List of container definitions for the Container App." } @@ -47657,7 +48898,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/initContainers" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/initContainers" }, "description": "Optional. List of specialized containers that run before app containers." }, @@ -47684,7 +48925,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/volumes" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/volumes" }, "description": "Optional. List of volume definitions for the Container App." }, @@ -47724,7 +48965,7 @@ } ], "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(variables('formattedUserAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(variables('formattedUserAssignedIdentities'))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", "builtInRoleNames": { "ContainerApp Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b')]", "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", @@ -47732,14 +48973,15 @@ "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", "Role Based Access Control Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" - } + }, + "enableReferencedModulesTelemetry": false }, "resources": { "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.app-containerapp.{0}.{1}', replace('0.19.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.app-containerapp.{0}.{1}', replace('0.22.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -47757,7 +48999,7 @@ }, "containerApp": { "type": "Microsoft.App/containerApps", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[parameters('name')]", "tags": "[parameters('tags')]", "kind": "[parameters('kind')]", @@ -47769,22 +49011,22 @@ "template": { "containers": "[parameters('containers')]", "terminationGracePeriodSeconds": "[parameters('terminationGracePeriodSeconds')]", - "initContainers": "[if(not(empty(parameters('initContainersTemplate'))), parameters('initContainersTemplate'), null())]", + "initContainers": "[parameters('initContainersTemplate')]", "revisionSuffix": "[parameters('revisionSuffix')]", "scale": "[parameters('scaleSettings')]", - "serviceBinds": "[if(and(parameters('includeAddOns'), not(empty(parameters('serviceBinds')))), parameters('serviceBinds'), null())]", - "volumes": "[if(not(empty(parameters('volumes'))), parameters('volumes'), null())]" + "serviceBinds": "[if(parameters('includeAddOns'), parameters('serviceBinds'), null())]", + "volumes": "[parameters('volumes')]" }, "configuration": { "activeRevisionsMode": "[parameters('activeRevisionsMode')]", - "dapr": "[if(not(empty(parameters('dapr'))), parameters('dapr'), null())]", - "identitySettings": "[if(not(empty(parameters('identitySettings'))), parameters('identitySettings'), null())]", - "ingress": "[if(parameters('disableIngress'), null(), createObject('additionalPortMappings', parameters('additionalPortMappings'), 'allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', if(not(empty(parameters('customDomains'))), parameters('customDomains'), null()), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', if(not(empty(parameters('ipSecurityRestrictions'))), parameters('ipSecurityRestrictions'), null()), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), createArray(createObject('label', parameters('trafficLabel'), 'latestRevision', parameters('trafficLatestRevision'), 'revisionName', parameters('trafficRevisionName'), 'weight', parameters('trafficWeight'))), null()), 'transport', parameters('ingressTransport')))]", - "service": "[if(and(parameters('includeAddOns'), not(empty(parameters('service')))), parameters('service'), null())]", + "dapr": "[parameters('dapr')]", + "identitySettings": "[parameters('identitySettings')]", + "ingress": "[if(parameters('disableIngress'), null(), createObject('additionalPortMappings', parameters('additionalPortMappings'), 'allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', parameters('customDomains'), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', parameters('ipSecurityRestrictions'), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('traffic'), null()), 'transport', parameters('ingressTransport')))]", + "service": "[if(parameters('includeAddOns'), parameters('service'), null())]", "maxInactiveRevisions": "[parameters('maxInactiveRevisions')]", - "registries": "[if(not(empty(parameters('registries'))), parameters('registries'), null())]", + "registries": "[parameters('registries')]", "secrets": "[parameters('secrets')]", - "runtime": "[if(not(empty(parameters('runtime'))), parameters('runtime'), null())]" + "runtime": "[parameters('runtime')]" } } }, @@ -47792,7 +49034,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -47809,7 +49051,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.App/containerApps', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -47831,7 +49073,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -47870,6 +49112,9 @@ "containerAppName": { "value": "[parameters('name')]" }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + }, "encryptionSettings": { "value": "[tryGet(parameters('authConfig'), 'encryptionSettings')]" }, @@ -47896,8 +49141,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "12480411243596309951" + "version": "0.42.1.51946", + "templateHash": "4649255393182983719" }, "name": "Container App Auth Configs", "description": "This module deploys Container App Auth Configs." @@ -47913,7 +49158,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/encryptionSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/encryptionSettings" }, "description": "Optional. The configuration settings of the secrets references of encryption key and signing key for ContainerApp Service Authentication/Authorization." }, @@ -47923,7 +49168,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/globalValidation" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/globalValidation" }, "description": "Optional. The configuration settings that determines the validation flow of users using Service Authentication and/or Authorization." }, @@ -47933,7 +49178,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/httpSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/httpSettings" }, "description": "Optional. The configuration settings of the HTTP requests for authentication and authorization requests made against ContainerApp Service Authentication/Authorization." }, @@ -47943,7 +49188,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/identityProviders" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/identityProviders" }, "description": "Optional. The configuration settings of each of the identity providers used to configure ContainerApp Service Authentication/Authorization." }, @@ -47953,7 +49198,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/login" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/login" }, "description": "Optional. The configuration settings of the login flow of users using ContainerApp Service Authentication/Authorization." }, @@ -47963,23 +49208,50 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/platform" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/platform" }, "description": "Optional. The configuration settings of the platform of ContainerApp Service Authentication/Authorization." }, "nullable": true + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } } }, "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.app-containerapp-authconfig.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, "containerApp": { "existing": true, "type": "Microsoft.App/containerApps", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[parameters('containerAppName')]" }, "containerAppAuthConfigs": { "type": "Microsoft.App/containerApps/authConfigs", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[format('{0}/{1}', parameters('containerAppName'), 'current')]", "properties": { "encryptionSettings": "[parameters('encryptionSettings')]", @@ -48056,14 +49328,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[tryGet(tryGet(reference('containerApp', '2025-02-02-preview', 'full'), 'identity'), 'principalId')]" + "value": "[tryGet(tryGet(reference('containerApp', '2026-01-01', 'full'), 'identity'), 'principalId')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('containerApp', '2025-02-02-preview', 'full').location]" + "value": "[reference('containerApp', '2026-01-01', 'full').location]" } } } @@ -48242,8 +49514,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "7056981135113238663" + "version": "0.42.1.51946", + "templateHash": "12626366001403616495" }, "name": "Container Apps", "description": "This module deploys a Container App." @@ -48723,7 +49995,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/encryptionSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/encryptionSettings" }, "description": "Optional. The configuration settings of the secrets references of encryption key and signing key for ContainerApp Service Authentication/Authorization." }, @@ -48733,7 +50005,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/globalValidation" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/globalValidation" }, "description": "Optional. The configuration settings that determines the validation flow of users using Service Authentication and/or Authorization." }, @@ -48743,7 +50015,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/httpSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/httpSettings" }, "description": "Optional. The configuration settings of the HTTP requests for authentication and authorization requests made against ContainerApp Service Authentication/Authorization." }, @@ -48753,7 +50025,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/identityProviders" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/identityProviders" }, "description": "Optional. The configuration settings of each of the identity providers used to configure ContainerApp Service Authentication/Authorization." }, @@ -48763,7 +50035,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/login" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/login" }, "description": "Optional. The configuration settings of the login flow of users using ContainerApp Service Authentication/Authorization." }, @@ -48773,7 +50045,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/platform" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/platform" }, "description": "Optional. The configuration settings of the platform of ContainerApp Service Authentication/Authorization." }, @@ -48870,7 +50142,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if only metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -48907,7 +50179,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -48935,7 +50207,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -49010,7 +50282,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } } @@ -49102,7 +50374,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/service" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/service" }, "description": "Optional. Dev ContainerApp service type." }, @@ -49187,7 +50459,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/tags" + "source": "Microsoft.App/containerApps@2026-01-01#properties/tags" }, "description": "Optional. Tags of the resource." }, @@ -49197,7 +50469,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/registries" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/registries" }, "description": "Optional. Collection of private container registry credentials for containers used by the Container app." }, @@ -49231,7 +50503,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/ingress/properties/customDomains" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/customDomains" }, "description": "Optional. Custom domain bindings for Container App hostnames." }, @@ -49248,45 +50520,27 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/ingress/properties/ipSecurityRestrictions" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/ipSecurityRestrictions" }, "description": "Optional. Rules to restrict incoming IP address." }, "nullable": true }, - "trafficLabel": { - "type": "string", - "defaultValue": "label-1", - "metadata": { - "description": "Optional. Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes." - } - }, - "trafficLatestRevision": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Indicates that the traffic weight belongs to a latest stable revision." - } - }, - "trafficRevisionName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of a revision." - } - }, - "trafficWeight": { - "type": "int", - "defaultValue": 100, + "traffic": { + "type": "array", "metadata": { - "description": "Optional. Traffic weight assigned to a revision." - } + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/traffic" + }, + "description": "Optional. Traffic weight configuration for routing traffic across revisions. Each entry specifies a revision (or latest) and its traffic percentage. Supports blue-green and canary deployment patterns." + }, + "nullable": true }, "dapr": { "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/dapr" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/dapr" }, "description": "Optional. Dapr configuration for the Container App." }, @@ -49296,7 +50550,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/identitySettings" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/identitySettings" }, "description": "Optional. Settings for Managed Identities that are assigned to the Container App. If a Managed Identity is not specified here, default settings will be used." }, @@ -49313,7 +50567,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/runtime" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/runtime" }, "description": "Optional. Runtime configuration for the Container App." }, @@ -49323,7 +50577,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/containers" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/containers" }, "description": "Required. List of container definitions for the Container App." } @@ -49339,7 +50593,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/initContainers" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/initContainers" }, "description": "Optional. List of specialized containers that run before app containers." }, @@ -49366,7 +50620,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/volumes" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/volumes" }, "description": "Optional. List of volume definitions for the Container App." }, @@ -49406,7 +50660,7 @@ } ], "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(variables('formattedUserAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(variables('formattedUserAssignedIdentities'))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", "builtInRoleNames": { "ContainerApp Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b')]", "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", @@ -49414,14 +50668,15 @@ "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", "Role Based Access Control Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" - } + }, + "enableReferencedModulesTelemetry": false }, "resources": { "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.app-containerapp.{0}.{1}', replace('0.19.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.app-containerapp.{0}.{1}', replace('0.22.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -49439,7 +50694,7 @@ }, "containerApp": { "type": "Microsoft.App/containerApps", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[parameters('name')]", "tags": "[parameters('tags')]", "kind": "[parameters('kind')]", @@ -49451,22 +50706,22 @@ "template": { "containers": "[parameters('containers')]", "terminationGracePeriodSeconds": "[parameters('terminationGracePeriodSeconds')]", - "initContainers": "[if(not(empty(parameters('initContainersTemplate'))), parameters('initContainersTemplate'), null())]", + "initContainers": "[parameters('initContainersTemplate')]", "revisionSuffix": "[parameters('revisionSuffix')]", "scale": "[parameters('scaleSettings')]", - "serviceBinds": "[if(and(parameters('includeAddOns'), not(empty(parameters('serviceBinds')))), parameters('serviceBinds'), null())]", - "volumes": "[if(not(empty(parameters('volumes'))), parameters('volumes'), null())]" + "serviceBinds": "[if(parameters('includeAddOns'), parameters('serviceBinds'), null())]", + "volumes": "[parameters('volumes')]" }, "configuration": { "activeRevisionsMode": "[parameters('activeRevisionsMode')]", - "dapr": "[if(not(empty(parameters('dapr'))), parameters('dapr'), null())]", - "identitySettings": "[if(not(empty(parameters('identitySettings'))), parameters('identitySettings'), null())]", - "ingress": "[if(parameters('disableIngress'), null(), createObject('additionalPortMappings', parameters('additionalPortMappings'), 'allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', if(not(empty(parameters('customDomains'))), parameters('customDomains'), null()), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', if(not(empty(parameters('ipSecurityRestrictions'))), parameters('ipSecurityRestrictions'), null()), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), createArray(createObject('label', parameters('trafficLabel'), 'latestRevision', parameters('trafficLatestRevision'), 'revisionName', parameters('trafficRevisionName'), 'weight', parameters('trafficWeight'))), null()), 'transport', parameters('ingressTransport')))]", - "service": "[if(and(parameters('includeAddOns'), not(empty(parameters('service')))), parameters('service'), null())]", + "dapr": "[parameters('dapr')]", + "identitySettings": "[parameters('identitySettings')]", + "ingress": "[if(parameters('disableIngress'), null(), createObject('additionalPortMappings', parameters('additionalPortMappings'), 'allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', parameters('customDomains'), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', parameters('ipSecurityRestrictions'), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('traffic'), null()), 'transport', parameters('ingressTransport')))]", + "service": "[if(parameters('includeAddOns'), parameters('service'), null())]", "maxInactiveRevisions": "[parameters('maxInactiveRevisions')]", - "registries": "[if(not(empty(parameters('registries'))), parameters('registries'), null())]", + "registries": "[parameters('registries')]", "secrets": "[parameters('secrets')]", - "runtime": "[if(not(empty(parameters('runtime'))), parameters('runtime'), null())]" + "runtime": "[parameters('runtime')]" } } }, @@ -49474,7 +50729,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -49491,7 +50746,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.App/containerApps', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -49513,7 +50768,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -49552,6 +50807,9 @@ "containerAppName": { "value": "[parameters('name')]" }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + }, "encryptionSettings": { "value": "[tryGet(parameters('authConfig'), 'encryptionSettings')]" }, @@ -49578,8 +50836,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "12480411243596309951" + "version": "0.42.1.51946", + "templateHash": "4649255393182983719" }, "name": "Container App Auth Configs", "description": "This module deploys Container App Auth Configs." @@ -49595,7 +50853,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/encryptionSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/encryptionSettings" }, "description": "Optional. The configuration settings of the secrets references of encryption key and signing key for ContainerApp Service Authentication/Authorization." }, @@ -49605,7 +50863,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/globalValidation" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/globalValidation" }, "description": "Optional. The configuration settings that determines the validation flow of users using Service Authentication and/or Authorization." }, @@ -49615,7 +50873,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/httpSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/httpSettings" }, "description": "Optional. The configuration settings of the HTTP requests for authentication and authorization requests made against ContainerApp Service Authentication/Authorization." }, @@ -49625,7 +50883,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/identityProviders" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/identityProviders" }, "description": "Optional. The configuration settings of each of the identity providers used to configure ContainerApp Service Authentication/Authorization." }, @@ -49635,7 +50893,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/login" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/login" }, "description": "Optional. The configuration settings of the login flow of users using ContainerApp Service Authentication/Authorization." }, @@ -49645,23 +50903,50 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/platform" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/platform" }, "description": "Optional. The configuration settings of the platform of ContainerApp Service Authentication/Authorization." }, "nullable": true + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } } }, "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.app-containerapp-authconfig.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, "containerApp": { "existing": true, "type": "Microsoft.App/containerApps", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[parameters('containerAppName')]" }, "containerAppAuthConfigs": { "type": "Microsoft.App/containerApps/authConfigs", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[format('{0}/{1}', parameters('containerAppName'), 'current')]", "properties": { "encryptionSettings": "[parameters('encryptionSettings')]", @@ -49738,14 +51023,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[tryGet(tryGet(reference('containerApp', '2025-02-02-preview', 'full'), 'identity'), 'principalId')]" + "value": "[tryGet(tryGet(reference('containerApp', '2026-01-01', 'full'), 'identity'), 'principalId')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('containerApp', '2025-02-02-preview', 'full').location]" + "value": "[reference('containerApp', '2026-01-01', 'full').location]" } } } @@ -49877,8 +51162,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "7056981135113238663" + "version": "0.42.1.51946", + "templateHash": "12626366001403616495" }, "name": "Container Apps", "description": "This module deploys a Container App." @@ -50358,7 +51643,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/encryptionSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/encryptionSettings" }, "description": "Optional. The configuration settings of the secrets references of encryption key and signing key for ContainerApp Service Authentication/Authorization." }, @@ -50368,7 +51653,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/globalValidation" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/globalValidation" }, "description": "Optional. The configuration settings that determines the validation flow of users using Service Authentication and/or Authorization." }, @@ -50378,7 +51663,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/httpSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/httpSettings" }, "description": "Optional. The configuration settings of the HTTP requests for authentication and authorization requests made against ContainerApp Service Authentication/Authorization." }, @@ -50388,7 +51673,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/identityProviders" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/identityProviders" }, "description": "Optional. The configuration settings of each of the identity providers used to configure ContainerApp Service Authentication/Authorization." }, @@ -50398,7 +51683,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/login" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/login" }, "description": "Optional. The configuration settings of the login flow of users using ContainerApp Service Authentication/Authorization." }, @@ -50408,7 +51693,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/platform" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/platform" }, "description": "Optional. The configuration settings of the platform of ContainerApp Service Authentication/Authorization." }, @@ -50505,7 +51790,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if only metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -50542,7 +51827,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -50570,7 +51855,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -50645,7 +51930,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } } @@ -50737,7 +52022,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/service" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/service" }, "description": "Optional. Dev ContainerApp service type." }, @@ -50822,7 +52107,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/tags" + "source": "Microsoft.App/containerApps@2026-01-01#properties/tags" }, "description": "Optional. Tags of the resource." }, @@ -50832,7 +52117,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/registries" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/registries" }, "description": "Optional. Collection of private container registry credentials for containers used by the Container app." }, @@ -50866,7 +52151,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/ingress/properties/customDomains" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/customDomains" }, "description": "Optional. Custom domain bindings for Container App hostnames." }, @@ -50883,45 +52168,27 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/ingress/properties/ipSecurityRestrictions" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/ipSecurityRestrictions" }, "description": "Optional. Rules to restrict incoming IP address." }, "nullable": true }, - "trafficLabel": { - "type": "string", - "defaultValue": "label-1", - "metadata": { - "description": "Optional. Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes." - } - }, - "trafficLatestRevision": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Indicates that the traffic weight belongs to a latest stable revision." - } - }, - "trafficRevisionName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of a revision." - } - }, - "trafficWeight": { - "type": "int", - "defaultValue": 100, + "traffic": { + "type": "array", "metadata": { - "description": "Optional. Traffic weight assigned to a revision." - } + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/traffic" + }, + "description": "Optional. Traffic weight configuration for routing traffic across revisions. Each entry specifies a revision (or latest) and its traffic percentage. Supports blue-green and canary deployment patterns." + }, + "nullable": true }, "dapr": { "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/dapr" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/dapr" }, "description": "Optional. Dapr configuration for the Container App." }, @@ -50931,7 +52198,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/identitySettings" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/identitySettings" }, "description": "Optional. Settings for Managed Identities that are assigned to the Container App. If a Managed Identity is not specified here, default settings will be used." }, @@ -50948,7 +52215,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/runtime" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/runtime" }, "description": "Optional. Runtime configuration for the Container App." }, @@ -50958,7 +52225,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/containers" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/containers" }, "description": "Required. List of container definitions for the Container App." } @@ -50974,7 +52241,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/initContainers" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/initContainers" }, "description": "Optional. List of specialized containers that run before app containers." }, @@ -51001,7 +52268,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/volumes" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/volumes" }, "description": "Optional. List of volume definitions for the Container App." }, @@ -51041,7 +52308,7 @@ } ], "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(variables('formattedUserAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(variables('formattedUserAssignedIdentities'))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", "builtInRoleNames": { "ContainerApp Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b')]", "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", @@ -51049,14 +52316,15 @@ "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", "Role Based Access Control Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" - } + }, + "enableReferencedModulesTelemetry": false }, "resources": { "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.app-containerapp.{0}.{1}', replace('0.19.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.app-containerapp.{0}.{1}', replace('0.22.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -51074,7 +52342,7 @@ }, "containerApp": { "type": "Microsoft.App/containerApps", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[parameters('name')]", "tags": "[parameters('tags')]", "kind": "[parameters('kind')]", @@ -51086,22 +52354,22 @@ "template": { "containers": "[parameters('containers')]", "terminationGracePeriodSeconds": "[parameters('terminationGracePeriodSeconds')]", - "initContainers": "[if(not(empty(parameters('initContainersTemplate'))), parameters('initContainersTemplate'), null())]", + "initContainers": "[parameters('initContainersTemplate')]", "revisionSuffix": "[parameters('revisionSuffix')]", "scale": "[parameters('scaleSettings')]", - "serviceBinds": "[if(and(parameters('includeAddOns'), not(empty(parameters('serviceBinds')))), parameters('serviceBinds'), null())]", - "volumes": "[if(not(empty(parameters('volumes'))), parameters('volumes'), null())]" + "serviceBinds": "[if(parameters('includeAddOns'), parameters('serviceBinds'), null())]", + "volumes": "[parameters('volumes')]" }, "configuration": { "activeRevisionsMode": "[parameters('activeRevisionsMode')]", - "dapr": "[if(not(empty(parameters('dapr'))), parameters('dapr'), null())]", - "identitySettings": "[if(not(empty(parameters('identitySettings'))), parameters('identitySettings'), null())]", - "ingress": "[if(parameters('disableIngress'), null(), createObject('additionalPortMappings', parameters('additionalPortMappings'), 'allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', if(not(empty(parameters('customDomains'))), parameters('customDomains'), null()), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', if(not(empty(parameters('ipSecurityRestrictions'))), parameters('ipSecurityRestrictions'), null()), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), createArray(createObject('label', parameters('trafficLabel'), 'latestRevision', parameters('trafficLatestRevision'), 'revisionName', parameters('trafficRevisionName'), 'weight', parameters('trafficWeight'))), null()), 'transport', parameters('ingressTransport')))]", - "service": "[if(and(parameters('includeAddOns'), not(empty(parameters('service')))), parameters('service'), null())]", + "dapr": "[parameters('dapr')]", + "identitySettings": "[parameters('identitySettings')]", + "ingress": "[if(parameters('disableIngress'), null(), createObject('additionalPortMappings', parameters('additionalPortMappings'), 'allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', parameters('customDomains'), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', parameters('ipSecurityRestrictions'), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('traffic'), null()), 'transport', parameters('ingressTransport')))]", + "service": "[if(parameters('includeAddOns'), parameters('service'), null())]", "maxInactiveRevisions": "[parameters('maxInactiveRevisions')]", - "registries": "[if(not(empty(parameters('registries'))), parameters('registries'), null())]", + "registries": "[parameters('registries')]", "secrets": "[parameters('secrets')]", - "runtime": "[if(not(empty(parameters('runtime'))), parameters('runtime'), null())]" + "runtime": "[parameters('runtime')]" } } }, @@ -51109,7 +52377,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -51126,7 +52394,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.App/containerApps', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -51148,7 +52416,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -51187,6 +52455,9 @@ "containerAppName": { "value": "[parameters('name')]" }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + }, "encryptionSettings": { "value": "[tryGet(parameters('authConfig'), 'encryptionSettings')]" }, @@ -51213,8 +52484,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "12480411243596309951" + "version": "0.42.1.51946", + "templateHash": "4649255393182983719" }, "name": "Container App Auth Configs", "description": "This module deploys Container App Auth Configs." @@ -51230,7 +52501,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/encryptionSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/encryptionSettings" }, "description": "Optional. The configuration settings of the secrets references of encryption key and signing key for ContainerApp Service Authentication/Authorization." }, @@ -51240,7 +52511,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/globalValidation" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/globalValidation" }, "description": "Optional. The configuration settings that determines the validation flow of users using Service Authentication and/or Authorization." }, @@ -51250,7 +52521,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/httpSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/httpSettings" }, "description": "Optional. The configuration settings of the HTTP requests for authentication and authorization requests made against ContainerApp Service Authentication/Authorization." }, @@ -51260,7 +52531,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/identityProviders" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/identityProviders" }, "description": "Optional. The configuration settings of each of the identity providers used to configure ContainerApp Service Authentication/Authorization." }, @@ -51270,7 +52541,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/login" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/login" }, "description": "Optional. The configuration settings of the login flow of users using ContainerApp Service Authentication/Authorization." }, @@ -51280,23 +52551,50 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/platform" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/platform" }, "description": "Optional. The configuration settings of the platform of ContainerApp Service Authentication/Authorization." }, "nullable": true + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } } }, "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.app-containerapp-authconfig.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, "containerApp": { "existing": true, "type": "Microsoft.App/containerApps", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[parameters('containerAppName')]" }, "containerAppAuthConfigs": { "type": "Microsoft.App/containerApps/authConfigs", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[format('{0}/{1}', parameters('containerAppName'), 'current')]", "properties": { "encryptionSettings": "[parameters('encryptionSettings')]", @@ -51373,14 +52671,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[tryGet(tryGet(reference('containerApp', '2025-02-02-preview', 'full'), 'identity'), 'principalId')]" + "value": "[tryGet(tryGet(reference('containerApp', '2026-01-01', 'full'), 'identity'), 'principalId')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('containerApp', '2025-02-02-preview', 'full').location]" + "value": "[reference('containerApp', '2026-01-01', 'full').location]" } } } @@ -51495,8 +52793,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "7056981135113238663" + "version": "0.42.1.51946", + "templateHash": "12626366001403616495" }, "name": "Container Apps", "description": "This module deploys a Container App." @@ -51976,7 +53274,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/encryptionSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/encryptionSettings" }, "description": "Optional. The configuration settings of the secrets references of encryption key and signing key for ContainerApp Service Authentication/Authorization." }, @@ -51986,7 +53284,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/globalValidation" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/globalValidation" }, "description": "Optional. The configuration settings that determines the validation flow of users using Service Authentication and/or Authorization." }, @@ -51996,7 +53294,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/httpSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/httpSettings" }, "description": "Optional. The configuration settings of the HTTP requests for authentication and authorization requests made against ContainerApp Service Authentication/Authorization." }, @@ -52006,7 +53304,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/identityProviders" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/identityProviders" }, "description": "Optional. The configuration settings of each of the identity providers used to configure ContainerApp Service Authentication/Authorization." }, @@ -52016,7 +53314,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/login" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/login" }, "description": "Optional. The configuration settings of the login flow of users using ContainerApp Service Authentication/Authorization." }, @@ -52026,7 +53324,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/platform" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/platform" }, "description": "Optional. The configuration settings of the platform of ContainerApp Service Authentication/Authorization." }, @@ -52123,7 +53421,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if only metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -52160,7 +53458,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -52188,7 +53486,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -52263,7 +53561,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } } @@ -52355,7 +53653,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/service" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/service" }, "description": "Optional. Dev ContainerApp service type." }, @@ -52440,7 +53738,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/tags" + "source": "Microsoft.App/containerApps@2026-01-01#properties/tags" }, "description": "Optional. Tags of the resource." }, @@ -52450,7 +53748,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/registries" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/registries" }, "description": "Optional. Collection of private container registry credentials for containers used by the Container app." }, @@ -52484,7 +53782,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/ingress/properties/customDomains" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/customDomains" }, "description": "Optional. Custom domain bindings for Container App hostnames." }, @@ -52501,45 +53799,27 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/ingress/properties/ipSecurityRestrictions" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/ipSecurityRestrictions" }, "description": "Optional. Rules to restrict incoming IP address." }, "nullable": true }, - "trafficLabel": { - "type": "string", - "defaultValue": "label-1", - "metadata": { - "description": "Optional. Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes." - } - }, - "trafficLatestRevision": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Indicates that the traffic weight belongs to a latest stable revision." - } - }, - "trafficRevisionName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of a revision." - } - }, - "trafficWeight": { - "type": "int", - "defaultValue": 100, + "traffic": { + "type": "array", "metadata": { - "description": "Optional. Traffic weight assigned to a revision." - } + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/traffic" + }, + "description": "Optional. Traffic weight configuration for routing traffic across revisions. Each entry specifies a revision (or latest) and its traffic percentage. Supports blue-green and canary deployment patterns." + }, + "nullable": true }, "dapr": { "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/dapr" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/dapr" }, "description": "Optional. Dapr configuration for the Container App." }, @@ -52549,7 +53829,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/identitySettings" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/identitySettings" }, "description": "Optional. Settings for Managed Identities that are assigned to the Container App. If a Managed Identity is not specified here, default settings will be used." }, @@ -52566,7 +53846,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/runtime" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/runtime" }, "description": "Optional. Runtime configuration for the Container App." }, @@ -52576,7 +53856,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/containers" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/containers" }, "description": "Required. List of container definitions for the Container App." } @@ -52592,7 +53872,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/initContainers" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/initContainers" }, "description": "Optional. List of specialized containers that run before app containers." }, @@ -52619,7 +53899,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/volumes" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/volumes" }, "description": "Optional. List of volume definitions for the Container App." }, @@ -52659,7 +53939,7 @@ } ], "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(variables('formattedUserAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(variables('formattedUserAssignedIdentities'))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", "builtInRoleNames": { "ContainerApp Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b')]", "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", @@ -52667,14 +53947,15 @@ "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", "Role Based Access Control Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" - } + }, + "enableReferencedModulesTelemetry": false }, "resources": { "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.app-containerapp.{0}.{1}', replace('0.19.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.app-containerapp.{0}.{1}', replace('0.22.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -52692,7 +53973,7 @@ }, "containerApp": { "type": "Microsoft.App/containerApps", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[parameters('name')]", "tags": "[parameters('tags')]", "kind": "[parameters('kind')]", @@ -52704,22 +53985,22 @@ "template": { "containers": "[parameters('containers')]", "terminationGracePeriodSeconds": "[parameters('terminationGracePeriodSeconds')]", - "initContainers": "[if(not(empty(parameters('initContainersTemplate'))), parameters('initContainersTemplate'), null())]", + "initContainers": "[parameters('initContainersTemplate')]", "revisionSuffix": "[parameters('revisionSuffix')]", "scale": "[parameters('scaleSettings')]", - "serviceBinds": "[if(and(parameters('includeAddOns'), not(empty(parameters('serviceBinds')))), parameters('serviceBinds'), null())]", - "volumes": "[if(not(empty(parameters('volumes'))), parameters('volumes'), null())]" + "serviceBinds": "[if(parameters('includeAddOns'), parameters('serviceBinds'), null())]", + "volumes": "[parameters('volumes')]" }, "configuration": { "activeRevisionsMode": "[parameters('activeRevisionsMode')]", - "dapr": "[if(not(empty(parameters('dapr'))), parameters('dapr'), null())]", - "identitySettings": "[if(not(empty(parameters('identitySettings'))), parameters('identitySettings'), null())]", - "ingress": "[if(parameters('disableIngress'), null(), createObject('additionalPortMappings', parameters('additionalPortMappings'), 'allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', if(not(empty(parameters('customDomains'))), parameters('customDomains'), null()), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', if(not(empty(parameters('ipSecurityRestrictions'))), parameters('ipSecurityRestrictions'), null()), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), createArray(createObject('label', parameters('trafficLabel'), 'latestRevision', parameters('trafficLatestRevision'), 'revisionName', parameters('trafficRevisionName'), 'weight', parameters('trafficWeight'))), null()), 'transport', parameters('ingressTransport')))]", - "service": "[if(and(parameters('includeAddOns'), not(empty(parameters('service')))), parameters('service'), null())]", + "dapr": "[parameters('dapr')]", + "identitySettings": "[parameters('identitySettings')]", + "ingress": "[if(parameters('disableIngress'), null(), createObject('additionalPortMappings', parameters('additionalPortMappings'), 'allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', parameters('customDomains'), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', parameters('ipSecurityRestrictions'), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('traffic'), null()), 'transport', parameters('ingressTransport')))]", + "service": "[if(parameters('includeAddOns'), parameters('service'), null())]", "maxInactiveRevisions": "[parameters('maxInactiveRevisions')]", - "registries": "[if(not(empty(parameters('registries'))), parameters('registries'), null())]", + "registries": "[parameters('registries')]", "secrets": "[parameters('secrets')]", - "runtime": "[if(not(empty(parameters('runtime'))), parameters('runtime'), null())]" + "runtime": "[parameters('runtime')]" } } }, @@ -52727,7 +54008,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -52744,7 +54025,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.App/containerApps', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -52766,7 +54047,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -52805,6 +54086,9 @@ "containerAppName": { "value": "[parameters('name')]" }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + }, "encryptionSettings": { "value": "[tryGet(parameters('authConfig'), 'encryptionSettings')]" }, @@ -52831,8 +54115,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "12480411243596309951" + "version": "0.42.1.51946", + "templateHash": "4649255393182983719" }, "name": "Container App Auth Configs", "description": "This module deploys Container App Auth Configs." @@ -52848,7 +54132,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/encryptionSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/encryptionSettings" }, "description": "Optional. The configuration settings of the secrets references of encryption key and signing key for ContainerApp Service Authentication/Authorization." }, @@ -52858,7 +54142,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/globalValidation" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/globalValidation" }, "description": "Optional. The configuration settings that determines the validation flow of users using Service Authentication and/or Authorization." }, @@ -52868,7 +54152,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/httpSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/httpSettings" }, "description": "Optional. The configuration settings of the HTTP requests for authentication and authorization requests made against ContainerApp Service Authentication/Authorization." }, @@ -52878,7 +54162,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/identityProviders" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/identityProviders" }, "description": "Optional. The configuration settings of each of the identity providers used to configure ContainerApp Service Authentication/Authorization." }, @@ -52888,7 +54172,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/login" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/login" }, "description": "Optional. The configuration settings of the login flow of users using ContainerApp Service Authentication/Authorization." }, @@ -52898,23 +54182,50 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/platform" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/platform" }, "description": "Optional. The configuration settings of the platform of ContainerApp Service Authentication/Authorization." }, "nullable": true + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } } }, "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.app-containerapp-authconfig.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, "containerApp": { "existing": true, "type": "Microsoft.App/containerApps", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[parameters('containerAppName')]" }, "containerAppAuthConfigs": { "type": "Microsoft.App/containerApps/authConfigs", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[format('{0}/{1}', parameters('containerAppName'), 'current')]", "properties": { "encryptionSettings": "[parameters('encryptionSettings')]", @@ -52991,14 +54302,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[tryGet(tryGet(reference('containerApp', '2025-02-02-preview', 'full'), 'identity'), 'principalId')]" + "value": "[tryGet(tryGet(reference('containerApp', '2026-01-01', 'full'), 'identity'), 'principalId')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('containerApp', '2025-02-02-preview', 'full').location]" + "value": "[reference('containerApp', '2026-01-01', 'full').location]" } } } @@ -53084,8 +54395,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "11889744396543212232" + "version": "0.40.2.10011", + "templateHash": "1772014800591596213" }, "name": "Azure Cosmos DB account", "description": "This module deploys an Azure Cosmos DB account. The API used for the account is determined by the child resources that are deployed." @@ -53775,7 +55086,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -53817,7 +55128,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -53858,7 +55169,7 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -54168,6 +55479,29 @@ } } }, + "customerManagedKeyAndVaultOnlyType": { + "type": "object", + "properties": { + "keyVaultResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of a key vault to reference a customer managed key for encryption from." + } + }, + "keyName": { + "type": "string", + "metadata": { + "description": "Required. The name of the customer managed key to use for encryption." + } + } + }, + "metadata": { + "description": "An AVM-aligned type for a customer-managed key. To be used if only the key vault & key may be specified.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" + } + } + }, "diagnosticSettingFullType": { "type": "object", "properties": { @@ -54286,7 +55620,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if both logs & metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -54370,7 +55704,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -54398,7 +55732,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -54574,7 +55908,7 @@ "metadata": { "description": "An AVM-aligned type for a private endpoint. To be used if the private endpoint's default service / groupId can NOT be assumed (i.e., for services that have more than one subresource, like Storage Account with Blob (blob, table, queue, file, ...).", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } }, @@ -54649,7 +55983,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.7.0" } } } @@ -55094,6 +56428,13 @@ "metadata": { "description": "Optional. The default identity for accessing key vault used in features like customer managed keys. Use `FirstPartyIdentity` to use the tenant-level CosmosDB enterprise application. The default identity needs to be explicitly set by the users." } + }, + "customerManagedKey": { + "$ref": "#/definitions/customerManagedKeyAndVaultOnlyType", + "nullable": true, + "metadata": { + "description": "Optional. The customer managed key definition. If specified, the parameter `defaultIdentity` must be configured as well." + } } }, "variables": { @@ -55106,7 +56447,7 @@ ], "enableReferencedModulesTelemetry": false, "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(variables('formattedUserAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(variables('formattedUserAssignedIdentities'))), 'UserAssigned', null())), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", "builtInControlPlaneRoleNames": { "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", "Cosmos DB Account Reader Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fbdf93bf-df7d-467e-a4d2-9458aa1360c8')]", @@ -55118,14 +56459,24 @@ "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", "Role Based Access Control Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" - } + }, + "isHSMManagedCMK": "[equals(tryGet(split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), ''), '/'), 7), 'managedHSMs')]" }, "resources": { + "cMKKeyVault::cMKKey": { + "condition": "[and(and(not(empty(parameters('customerManagedKey'))), not(variables('isHSMManagedCMK'))), and(not(empty(parameters('customerManagedKey'))), not(variables('isHSMManagedCMK'))))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults/keys", + "apiVersion": "2024-11-01", + "subscriptionId": "[split(parameters('customerManagedKey').keyVaultResourceId, '/')[2]]", + "resourceGroup": "[split(parameters('customerManagedKey').keyVaultResourceId, '/')[4]]", + "name": "[format('{0}/{1}', last(split(parameters('customerManagedKey').keyVaultResourceId, '/')), parameters('customerManagedKey').keyName)]" + }, "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-07-01", - "name": "[format('46d3xbcp.res.documentdb-databaseaccount.{0}.{1}', replace('0.18.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.documentdb-databaseaccount.{0}.{1}', replace('0.19.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -55141,6 +56492,15 @@ } } }, + "cMKKeyVault": { + "condition": "[and(not(empty(parameters('customerManagedKey'))), not(variables('isHSMManagedCMK')))]", + "existing": true, + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2024-11-01", + "subscriptionId": "[split(parameters('customerManagedKey').keyVaultResourceId, '/')[2]]", + "resourceGroup": "[split(parameters('customerManagedKey').keyVaultResourceId, '/')[4]]", + "name": "[last(split(parameters('customerManagedKey').keyVaultResourceId, '/'))]" + }, "databaseAccount": { "type": "Microsoft.DocumentDB/databaseAccounts", "apiVersion": "2025-04-15", @@ -55149,13 +56509,16 @@ "tags": "[parameters('tags')]", "identity": "[variables('identity')]", "kind": "[if(not(empty(parameters('mongodbDatabases'))), 'MongoDB', 'GlobalDocumentDB')]", - "properties": "[shallowMerge(createArray(createObject('enableBurstCapacity', if(not(contains(coalesce(parameters('capabilitiesToAdd'), createArray()), 'EnableServerless')), parameters('enableBurstCapacity'), false()), 'analyticalStorageConfiguration', parameters('analyticalStorageConfiguration'), 'defaultIdentity', if(and(not(empty(parameters('defaultIdentity'))), not(equals(tryGet(parameters('defaultIdentity'), 'name'), 'UserAssignedIdentity'))), parameters('defaultIdentity').name, format('UserAssignedIdentity={0}', tryGet(parameters('defaultIdentity'), 'resourceId'))), 'enablePartitionMerge', parameters('enablePartitionMerge'), 'enablePerRegionPerPartitionAutoscale', parameters('enablePerRegionPerPartitionAutoscale'), 'databaseAccountOfferType', parameters('databaseAccountOfferType'), 'backupPolicy', shallowMerge(createArray(createObject('type', parameters('backupPolicyType')), if(equals(parameters('backupPolicyType'), 'Continuous'), createObject('continuousModeProperties', createObject('tier', parameters('backupPolicyContinuousTier'))), createObject()), if(equals(parameters('backupPolicyType'), 'Periodic'), createObject('periodicModeProperties', createObject('backupIntervalInMinutes', parameters('backupIntervalInMinutes'), 'backupRetentionIntervalInHours', parameters('backupRetentionIntervalInHours'), 'backupStorageRedundancy', parameters('backupStorageRedundancy'))), createObject()))), 'capabilities', map(coalesce(parameters('capabilitiesToAdd'), createArray()), lambda('capability', createObject('name', lambdaVariables('capability'))))), if(not(empty(parameters('cors'))), createObject('cors', parameters('cors')), createObject()), if(contains(coalesce(parameters('capabilitiesToAdd'), createArray()), 'EnableCassandra'), createObject('connectorOffer', if(parameters('enableCassandraConnector'), 'Small', null()), 'enableCassandraConnector', parameters('enableCassandraConnector')), createObject()), createObject('minimalTlsVersion', parameters('minimumTlsVersion'), 'capacity', createObject('totalThroughputLimit', parameters('totalThroughputLimit')), 'publicNetworkAccess', coalesce(tryGet(parameters('networkRestrictions'), 'publicNetworkAccess'), 'Disabled')), if(or(or(or(or(not(empty(parameters('sqlDatabases'))), not(empty(parameters('mongodbDatabases')))), not(empty(parameters('gremlinDatabases')))), not(empty(parameters('tables')))), not(empty(parameters('cassandraKeyspaces')))), createObject('consistencyPolicy', shallowMerge(createArray(createObject('defaultConsistencyLevel', parameters('defaultConsistencyLevel')), if(equals(parameters('defaultConsistencyLevel'), 'BoundedStaleness'), createObject('maxStalenessPrefix', parameters('maxStalenessPrefix'), 'maxIntervalInSeconds', parameters('maxIntervalInSeconds')), createObject()))), 'enableMultipleWriteLocations', parameters('enableMultipleWriteLocations'), 'locations', if(not(empty(parameters('failoverLocations'))), map(parameters('failoverLocations'), lambda('failoverLocation', createObject('failoverPriority', lambdaVariables('failoverLocation').failoverPriority, 'locationName', lambdaVariables('failoverLocation').locationName, 'isZoneRedundant', coalesce(tryGet(lambdaVariables('failoverLocation'), 'isZoneRedundant'), true())))), createArray(createObject('failoverPriority', 0, 'locationName', parameters('location'), 'isZoneRedundant', parameters('zoneRedundant')))), 'ipRules', map(coalesce(tryGet(parameters('networkRestrictions'), 'ipRules'), createArray()), lambda('ipRule', createObject('ipAddressOrRange', lambdaVariables('ipRule')))), 'virtualNetworkRules', map(coalesce(tryGet(parameters('networkRestrictions'), 'virtualNetworkRules'), createArray()), lambda('rule', createObject('id', lambdaVariables('rule').subnetResourceId, 'ignoreMissingVNetServiceEndpoint', false()))), 'networkAclBypass', coalesce(tryGet(parameters('networkRestrictions'), 'networkAclBypass'), 'None'), 'networkAclBypassResourceIds', tryGet(parameters('networkRestrictions'), 'networkAclBypassResourceIds'), 'isVirtualNetworkFilterEnabled', or(not(empty(tryGet(parameters('networkRestrictions'), 'ipRules'))), not(empty(tryGet(parameters('networkRestrictions'), 'virtualNetworkRules')))), 'enableFreeTier', parameters('enableFreeTier'), 'enableAutomaticFailover', parameters('enableAutomaticFailover'), 'enableAnalyticalStorage', parameters('enableAnalyticalStorage')), createObject()), if(or(or(not(empty(parameters('mongodbDatabases'))), not(empty(parameters('gremlinDatabases')))), not(empty(parameters('cassandraKeyspaces')))), createObject('disableLocalAuth', false(), 'disableKeyBasedMetadataWriteAccess', false()), createObject('disableLocalAuth', parameters('disableLocalAuthentication'), 'disableKeyBasedMetadataWriteAccess', parameters('disableKeyBasedMetadataWriteAccess'))), if(not(empty(parameters('mongodbDatabases'))), createObject('apiProperties', createObject('serverVersion', parameters('serverVersion'))), createObject())))]" + "properties": "[shallowMerge(createArray(createObject('enableBurstCapacity', if(not(contains(coalesce(parameters('capabilitiesToAdd'), createArray()), 'EnableServerless')), parameters('enableBurstCapacity'), false()), 'databaseAccountOfferType', parameters('databaseAccountOfferType'), 'analyticalStorageConfiguration', parameters('analyticalStorageConfiguration'), 'defaultIdentity', if(and(not(empty(parameters('defaultIdentity'))), not(equals(tryGet(parameters('defaultIdentity'), 'name'), 'UserAssignedIdentity'))), parameters('defaultIdentity').name, format('UserAssignedIdentity={0}', tryGet(parameters('defaultIdentity'), 'resourceId'))), 'keyVaultKeyUri', if(not(empty(parameters('customerManagedKey'))), if(not(variables('isHSMManagedCMK')), format('{0}', reference('cMKKeyVault::cMKKey').keyUri), format('https://{0}.managedhsm.azure.net/keys/{1}', last(split(parameters('customerManagedKey').keyVaultResourceId, '/')), parameters('customerManagedKey').keyName)), null()), 'enablePartitionMerge', parameters('enablePartitionMerge'), 'enablePerRegionPerPartitionAutoscale', parameters('enablePerRegionPerPartitionAutoscale'), 'backupPolicy', shallowMerge(createArray(createObject('type', parameters('backupPolicyType')), if(equals(parameters('backupPolicyType'), 'Continuous'), createObject('continuousModeProperties', createObject('tier', parameters('backupPolicyContinuousTier'))), createObject()), if(equals(parameters('backupPolicyType'), 'Periodic'), createObject('periodicModeProperties', createObject('backupIntervalInMinutes', parameters('backupIntervalInMinutes'), 'backupRetentionIntervalInHours', parameters('backupRetentionIntervalInHours'), 'backupStorageRedundancy', parameters('backupStorageRedundancy'))), createObject()))), 'capabilities', map(coalesce(parameters('capabilitiesToAdd'), createArray()), lambda('capability', createObject('name', lambdaVariables('capability'))))), if(not(empty(parameters('cors'))), createObject('cors', parameters('cors')), createObject()), if(contains(coalesce(parameters('capabilitiesToAdd'), createArray()), 'EnableCassandra'), createObject('connectorOffer', if(parameters('enableCassandraConnector'), 'Small', null()), 'enableCassandraConnector', parameters('enableCassandraConnector')), createObject()), createObject('minimalTlsVersion', parameters('minimumTlsVersion'), 'capacity', createObject('totalThroughputLimit', parameters('totalThroughputLimit')), 'publicNetworkAccess', coalesce(tryGet(parameters('networkRestrictions'), 'publicNetworkAccess'), 'Disabled'), 'locations', if(not(empty(parameters('failoverLocations'))), map(parameters('failoverLocations'), lambda('failoverLocation', createObject('failoverPriority', lambdaVariables('failoverLocation').failoverPriority, 'locationName', lambdaVariables('failoverLocation').locationName, 'isZoneRedundant', coalesce(tryGet(lambdaVariables('failoverLocation'), 'isZoneRedundant'), true())))), createArray(createObject('failoverPriority', 0, 'locationName', parameters('location'), 'isZoneRedundant', parameters('zoneRedundant'))))), if(or(or(or(or(not(empty(parameters('sqlDatabases'))), not(empty(parameters('mongodbDatabases')))), not(empty(parameters('gremlinDatabases')))), not(empty(parameters('tables')))), not(empty(parameters('cassandraKeyspaces')))), createObject('consistencyPolicy', shallowMerge(createArray(createObject('defaultConsistencyLevel', parameters('defaultConsistencyLevel')), if(equals(parameters('defaultConsistencyLevel'), 'BoundedStaleness'), createObject('maxStalenessPrefix', parameters('maxStalenessPrefix'), 'maxIntervalInSeconds', parameters('maxIntervalInSeconds')), createObject()))), 'enableMultipleWriteLocations', parameters('enableMultipleWriteLocations'), 'ipRules', map(coalesce(tryGet(parameters('networkRestrictions'), 'ipRules'), createArray()), lambda('ipRule', createObject('ipAddressOrRange', lambdaVariables('ipRule')))), 'virtualNetworkRules', map(coalesce(tryGet(parameters('networkRestrictions'), 'virtualNetworkRules'), createArray()), lambda('rule', createObject('id', lambdaVariables('rule').subnetResourceId, 'ignoreMissingVNetServiceEndpoint', false()))), 'networkAclBypass', coalesce(tryGet(parameters('networkRestrictions'), 'networkAclBypass'), 'None'), 'networkAclBypassResourceIds', tryGet(parameters('networkRestrictions'), 'networkAclBypassResourceIds'), 'isVirtualNetworkFilterEnabled', or(not(empty(tryGet(parameters('networkRestrictions'), 'ipRules'))), not(empty(tryGet(parameters('networkRestrictions'), 'virtualNetworkRules')))), 'enableFreeTier', parameters('enableFreeTier'), 'enableAutomaticFailover', parameters('enableAutomaticFailover'), 'enableAnalyticalStorage', parameters('enableAnalyticalStorage')), createObject()), if(or(or(not(empty(parameters('mongodbDatabases'))), not(empty(parameters('gremlinDatabases')))), not(empty(parameters('cassandraKeyspaces')))), createObject('disableLocalAuth', false(), 'disableKeyBasedMetadataWriteAccess', false()), createObject('disableLocalAuth', parameters('disableLocalAuthentication'), 'disableKeyBasedMetadataWriteAccess', parameters('disableKeyBasedMetadataWriteAccess'))), if(not(empty(parameters('mongodbDatabases'))), createObject('apiProperties', createObject('serverVersion', parameters('serverVersion'))), createObject())))]", + "dependsOn": [ + "cMKKeyVault::cMKKey" + ] }, "databaseAccount_lock": { "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.DocumentDB/databaseAccounts/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -55172,7 +56535,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.DocumentDB/databaseAccounts/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -55213,7 +56576,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.DocumentDB/databaseAccounts/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -55265,8 +56628,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "1549250134356326406" + "version": "0.40.2.10011", + "templateHash": "3972888645334640168" }, "name": "DocumentDB Database Account SQL Databases", "description": "This module deploys a SQL Database in a CosmosDB Account." @@ -55521,8 +56884,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "1005439058963058082" + "version": "0.40.2.10011", + "templateHash": "4781880351108045502" }, "name": "DocumentDB Database Account SQL Database Containers", "description": "This module deploys a SQL Database Container in a CosmosDB Account." @@ -55789,8 +57152,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "8600771348637416058" + "version": "0.40.2.10011", + "templateHash": "8514367433037227852" }, "name": "DocumentDB Database Account SQL Role Definitions.", "description": "This module deploys a SQL Role Definision in a CosmosDB Account." @@ -55966,8 +57329,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "17007224102611744259" + "version": "0.40.2.10011", + "templateHash": "11817543900771838380" }, "name": "DocumentDB Database Account SQL Role Assignments.", "description": "This module deploys a SQL Role Assignment in a CosmosDB Account." @@ -56165,8 +57528,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "17007224102611744259" + "version": "0.40.2.10011", + "templateHash": "11817543900771838380" }, "name": "DocumentDB Database Account SQL Role Assignments.", "description": "This module deploys a SQL Role Assignment in a CosmosDB Account." @@ -56332,8 +57695,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "17859939500809924517" + "version": "0.40.2.10011", + "templateHash": "10787709019875067397" }, "name": "DocumentDB Database Account Cassandra Role Definitions.", "description": "This module deploys a Cassandra Role Definition in a CosmosDB Account." @@ -56489,8 +57852,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "552115240340341941" + "version": "0.40.2.10011", + "templateHash": "14764024820910071147" }, "name": "DocumentDB Database Account Cassandra Role Assignments.", "description": "This module deploys a Cassandra Role Assignment in a CosmosDB Account." @@ -56643,8 +58006,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "552115240340341941" + "version": "0.40.2.10011", + "templateHash": "14764024820910071147" }, "name": "DocumentDB Database Account Cassandra Role Assignments.", "description": "This module deploys a Cassandra Role Assignment in a CosmosDB Account." @@ -56772,8 +58135,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "7289795303297936310" + "version": "0.40.2.10011", + "templateHash": "13897098552792121791" }, "name": "DocumentDB Database Account MongoDB Databases", "description": "This module deploys a MongoDB Database within a CosmosDB Account." @@ -56932,8 +58295,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "4317369978166598876" + "version": "0.40.2.10011", + "templateHash": "16151461445994734468" }, "name": "DocumentDB Database Account MongoDB Database Collections", "description": "This module deploys a MongoDB Database Collection." @@ -57097,8 +58460,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "14708982296215631776" + "version": "0.40.2.10011", + "templateHash": "11959636451300474346" }, "name": "DocumentDB Database Account Gremlin Databases", "description": "This module deploys a Gremlin Database within a CosmosDB Account." @@ -57257,8 +58620,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "15097132107382000570" + "version": "0.40.2.10011", + "templateHash": "10487122333182352122" }, "name": "DocumentDB Database Accounts Gremlin Databases Graphs", "description": "This module deploys a DocumentDB Database Accounts Gremlin Database Graph." @@ -57438,8 +58801,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "11768488776074268398" + "version": "0.40.2.10011", + "templateHash": "1787500858429182824" }, "name": "Azure Cosmos DB account tables", "description": "This module deploys a table within an Azure Cosmos DB Account." @@ -57577,8 +58940,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "63327155428300562" + "version": "0.40.2.10011", + "templateHash": "15257396763463366586" }, "name": "DocumentDB Database Account Cassandra Keyspaces", "description": "This module deploys a Cassandra Keyspace within a CosmosDB Account." @@ -57821,8 +59184,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "785607874724829202" + "version": "0.40.2.10011", + "templateHash": "15998065591386988132" }, "name": "DocumentDB Database Account Cassandra Keyspaces Tables", "description": "This module deploys a Cassandra Table within a Cassandra Keyspace in a CosmosDB Account." @@ -57998,8 +59361,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "14021794949328228224" + "version": "0.40.2.10011", + "templateHash": "6617803098467821091" }, "name": "DocumentDB Database Account Cassandra Keyspaces Views", "description": "This module deploys a Cassandra View (Materialized View) within a Cassandra Keyspace in a CosmosDB Account." @@ -63720,8 +65083,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "7056981135113238663" + "version": "0.42.1.51946", + "templateHash": "12626366001403616495" }, "name": "Container Apps", "description": "This module deploys a Container App." @@ -64201,7 +65564,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/encryptionSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/encryptionSettings" }, "description": "Optional. The configuration settings of the secrets references of encryption key and signing key for ContainerApp Service Authentication/Authorization." }, @@ -64211,7 +65574,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/globalValidation" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/globalValidation" }, "description": "Optional. The configuration settings that determines the validation flow of users using Service Authentication and/or Authorization." }, @@ -64221,7 +65584,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/httpSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/httpSettings" }, "description": "Optional. The configuration settings of the HTTP requests for authentication and authorization requests made against ContainerApp Service Authentication/Authorization." }, @@ -64231,7 +65594,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/identityProviders" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/identityProviders" }, "description": "Optional. The configuration settings of each of the identity providers used to configure ContainerApp Service Authentication/Authorization." }, @@ -64241,7 +65604,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/login" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/login" }, "description": "Optional. The configuration settings of the login flow of users using ContainerApp Service Authentication/Authorization." }, @@ -64251,7 +65614,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/platform" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/platform" }, "description": "Optional. The configuration settings of the platform of ContainerApp Service Authentication/Authorization." }, @@ -64348,7 +65711,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if only metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -64385,7 +65748,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -64413,7 +65776,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -64488,7 +65851,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } } @@ -64580,7 +65943,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/service" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/service" }, "description": "Optional. Dev ContainerApp service type." }, @@ -64665,7 +66028,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/tags" + "source": "Microsoft.App/containerApps@2026-01-01#properties/tags" }, "description": "Optional. Tags of the resource." }, @@ -64675,7 +66038,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/registries" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/registries" }, "description": "Optional. Collection of private container registry credentials for containers used by the Container app." }, @@ -64709,7 +66072,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/ingress/properties/customDomains" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/customDomains" }, "description": "Optional. Custom domain bindings for Container App hostnames." }, @@ -64726,45 +66089,27 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/ingress/properties/ipSecurityRestrictions" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/ipSecurityRestrictions" }, "description": "Optional. Rules to restrict incoming IP address." }, "nullable": true }, - "trafficLabel": { - "type": "string", - "defaultValue": "label-1", - "metadata": { - "description": "Optional. Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes." - } - }, - "trafficLatestRevision": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Indicates that the traffic weight belongs to a latest stable revision." - } - }, - "trafficRevisionName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of a revision." - } - }, - "trafficWeight": { - "type": "int", - "defaultValue": 100, + "traffic": { + "type": "array", "metadata": { - "description": "Optional. Traffic weight assigned to a revision." - } + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/traffic" + }, + "description": "Optional. Traffic weight configuration for routing traffic across revisions. Each entry specifies a revision (or latest) and its traffic percentage. Supports blue-green and canary deployment patterns." + }, + "nullable": true }, "dapr": { "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/dapr" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/dapr" }, "description": "Optional. Dapr configuration for the Container App." }, @@ -64774,7 +66119,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/identitySettings" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/identitySettings" }, "description": "Optional. Settings for Managed Identities that are assigned to the Container App. If a Managed Identity is not specified here, default settings will be used." }, @@ -64791,7 +66136,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/runtime" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/runtime" }, "description": "Optional. Runtime configuration for the Container App." }, @@ -64801,7 +66146,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/containers" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/containers" }, "description": "Required. List of container definitions for the Container App." } @@ -64817,7 +66162,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/initContainers" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/initContainers" }, "description": "Optional. List of specialized containers that run before app containers." }, @@ -64844,7 +66189,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/volumes" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/volumes" }, "description": "Optional. List of volume definitions for the Container App." }, @@ -64884,7 +66229,7 @@ } ], "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(variables('formattedUserAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(variables('formattedUserAssignedIdentities'))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", "builtInRoleNames": { "ContainerApp Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b')]", "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", @@ -64892,14 +66237,15 @@ "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", "Role Based Access Control Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" - } + }, + "enableReferencedModulesTelemetry": false }, "resources": { "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.app-containerapp.{0}.{1}', replace('0.19.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.app-containerapp.{0}.{1}', replace('0.22.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -64917,7 +66263,7 @@ }, "containerApp": { "type": "Microsoft.App/containerApps", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[parameters('name')]", "tags": "[parameters('tags')]", "kind": "[parameters('kind')]", @@ -64929,22 +66275,22 @@ "template": { "containers": "[parameters('containers')]", "terminationGracePeriodSeconds": "[parameters('terminationGracePeriodSeconds')]", - "initContainers": "[if(not(empty(parameters('initContainersTemplate'))), parameters('initContainersTemplate'), null())]", + "initContainers": "[parameters('initContainersTemplate')]", "revisionSuffix": "[parameters('revisionSuffix')]", "scale": "[parameters('scaleSettings')]", - "serviceBinds": "[if(and(parameters('includeAddOns'), not(empty(parameters('serviceBinds')))), parameters('serviceBinds'), null())]", - "volumes": "[if(not(empty(parameters('volumes'))), parameters('volumes'), null())]" + "serviceBinds": "[if(parameters('includeAddOns'), parameters('serviceBinds'), null())]", + "volumes": "[parameters('volumes')]" }, "configuration": { "activeRevisionsMode": "[parameters('activeRevisionsMode')]", - "dapr": "[if(not(empty(parameters('dapr'))), parameters('dapr'), null())]", - "identitySettings": "[if(not(empty(parameters('identitySettings'))), parameters('identitySettings'), null())]", - "ingress": "[if(parameters('disableIngress'), null(), createObject('additionalPortMappings', parameters('additionalPortMappings'), 'allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', if(not(empty(parameters('customDomains'))), parameters('customDomains'), null()), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', if(not(empty(parameters('ipSecurityRestrictions'))), parameters('ipSecurityRestrictions'), null()), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), createArray(createObject('label', parameters('trafficLabel'), 'latestRevision', parameters('trafficLatestRevision'), 'revisionName', parameters('trafficRevisionName'), 'weight', parameters('trafficWeight'))), null()), 'transport', parameters('ingressTransport')))]", - "service": "[if(and(parameters('includeAddOns'), not(empty(parameters('service')))), parameters('service'), null())]", + "dapr": "[parameters('dapr')]", + "identitySettings": "[parameters('identitySettings')]", + "ingress": "[if(parameters('disableIngress'), null(), createObject('additionalPortMappings', parameters('additionalPortMappings'), 'allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', parameters('customDomains'), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', parameters('ipSecurityRestrictions'), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('traffic'), null()), 'transport', parameters('ingressTransport')))]", + "service": "[if(parameters('includeAddOns'), parameters('service'), null())]", "maxInactiveRevisions": "[parameters('maxInactiveRevisions')]", - "registries": "[if(not(empty(parameters('registries'))), parameters('registries'), null())]", + "registries": "[parameters('registries')]", "secrets": "[parameters('secrets')]", - "runtime": "[if(not(empty(parameters('runtime'))), parameters('runtime'), null())]" + "runtime": "[parameters('runtime')]" } } }, @@ -64952,7 +66298,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -64969,7 +66315,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.App/containerApps', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -64991,7 +66337,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -65030,6 +66376,9 @@ "containerAppName": { "value": "[parameters('name')]" }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + }, "encryptionSettings": { "value": "[tryGet(parameters('authConfig'), 'encryptionSettings')]" }, @@ -65056,8 +66405,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "12480411243596309951" + "version": "0.42.1.51946", + "templateHash": "4649255393182983719" }, "name": "Container App Auth Configs", "description": "This module deploys Container App Auth Configs." @@ -65073,7 +66422,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/encryptionSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/encryptionSettings" }, "description": "Optional. The configuration settings of the secrets references of encryption key and signing key for ContainerApp Service Authentication/Authorization." }, @@ -65083,7 +66432,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/globalValidation" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/globalValidation" }, "description": "Optional. The configuration settings that determines the validation flow of users using Service Authentication and/or Authorization." }, @@ -65093,7 +66442,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/httpSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/httpSettings" }, "description": "Optional. The configuration settings of the HTTP requests for authentication and authorization requests made against ContainerApp Service Authentication/Authorization." }, @@ -65103,7 +66452,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/identityProviders" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/identityProviders" }, "description": "Optional. The configuration settings of each of the identity providers used to configure ContainerApp Service Authentication/Authorization." }, @@ -65113,7 +66462,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/login" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/login" }, "description": "Optional. The configuration settings of the login flow of users using ContainerApp Service Authentication/Authorization." }, @@ -65123,23 +66472,50 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/platform" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/platform" }, "description": "Optional. The configuration settings of the platform of ContainerApp Service Authentication/Authorization." }, "nullable": true + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } } }, "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.app-containerapp-authconfig.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, "containerApp": { "existing": true, "type": "Microsoft.App/containerApps", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[parameters('containerAppName')]" }, "containerAppAuthConfigs": { "type": "Microsoft.App/containerApps/authConfigs", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[format('{0}/{1}', parameters('containerAppName'), 'current')]", "properties": { "encryptionSettings": "[parameters('encryptionSettings')]", @@ -65216,14 +66592,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[tryGet(tryGet(reference('containerApp', '2025-02-02-preview', 'full'), 'identity'), 'principalId')]" + "value": "[tryGet(tryGet(reference('containerApp', '2026-01-01', 'full'), 'identity'), 'principalId')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('containerApp', '2025-02-02-preview', 'full').location]" + "value": "[reference('containerApp', '2026-01-01', 'full').location]" } } } @@ -65405,8 +66781,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "7056981135113238663" + "version": "0.42.1.51946", + "templateHash": "12626366001403616495" }, "name": "Container Apps", "description": "This module deploys a Container App." @@ -65886,7 +67262,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/encryptionSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/encryptionSettings" }, "description": "Optional. The configuration settings of the secrets references of encryption key and signing key for ContainerApp Service Authentication/Authorization." }, @@ -65896,7 +67272,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/globalValidation" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/globalValidation" }, "description": "Optional. The configuration settings that determines the validation flow of users using Service Authentication and/or Authorization." }, @@ -65906,7 +67282,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/httpSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/httpSettings" }, "description": "Optional. The configuration settings of the HTTP requests for authentication and authorization requests made against ContainerApp Service Authentication/Authorization." }, @@ -65916,7 +67292,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/identityProviders" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/identityProviders" }, "description": "Optional. The configuration settings of each of the identity providers used to configure ContainerApp Service Authentication/Authorization." }, @@ -65926,7 +67302,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/login" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/login" }, "description": "Optional. The configuration settings of the login flow of users using ContainerApp Service Authentication/Authorization." }, @@ -65936,7 +67312,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/platform" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/platform" }, "description": "Optional. The configuration settings of the platform of ContainerApp Service Authentication/Authorization." }, @@ -66033,7 +67409,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if only metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -66070,7 +67446,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -66098,7 +67474,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -66173,7 +67549,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } } @@ -66265,7 +67641,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/service" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/service" }, "description": "Optional. Dev ContainerApp service type." }, @@ -66350,7 +67726,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/tags" + "source": "Microsoft.App/containerApps@2026-01-01#properties/tags" }, "description": "Optional. Tags of the resource." }, @@ -66360,7 +67736,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/registries" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/registries" }, "description": "Optional. Collection of private container registry credentials for containers used by the Container app." }, @@ -66394,7 +67770,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/ingress/properties/customDomains" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/customDomains" }, "description": "Optional. Custom domain bindings for Container App hostnames." }, @@ -66411,45 +67787,27 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/ingress/properties/ipSecurityRestrictions" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/ipSecurityRestrictions" }, "description": "Optional. Rules to restrict incoming IP address." }, "nullable": true }, - "trafficLabel": { - "type": "string", - "defaultValue": "label-1", - "metadata": { - "description": "Optional. Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes." - } - }, - "trafficLatestRevision": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Indicates that the traffic weight belongs to a latest stable revision." - } - }, - "trafficRevisionName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of a revision." - } - }, - "trafficWeight": { - "type": "int", - "defaultValue": 100, + "traffic": { + "type": "array", "metadata": { - "description": "Optional. Traffic weight assigned to a revision." - } + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/traffic" + }, + "description": "Optional. Traffic weight configuration for routing traffic across revisions. Each entry specifies a revision (or latest) and its traffic percentage. Supports blue-green and canary deployment patterns." + }, + "nullable": true }, "dapr": { "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/dapr" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/dapr" }, "description": "Optional. Dapr configuration for the Container App." }, @@ -66459,7 +67817,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/identitySettings" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/identitySettings" }, "description": "Optional. Settings for Managed Identities that are assigned to the Container App. If a Managed Identity is not specified here, default settings will be used." }, @@ -66476,7 +67834,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/runtime" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/runtime" }, "description": "Optional. Runtime configuration for the Container App." }, @@ -66486,7 +67844,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/containers" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/containers" }, "description": "Required. List of container definitions for the Container App." } @@ -66502,7 +67860,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/initContainers" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/initContainers" }, "description": "Optional. List of specialized containers that run before app containers." }, @@ -66529,7 +67887,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/volumes" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/volumes" }, "description": "Optional. List of volume definitions for the Container App." }, @@ -66569,7 +67927,7 @@ } ], "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(variables('formattedUserAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(variables('formattedUserAssignedIdentities'))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", "builtInRoleNames": { "ContainerApp Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b')]", "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", @@ -66577,14 +67935,15 @@ "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", "Role Based Access Control Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" - } + }, + "enableReferencedModulesTelemetry": false }, "resources": { "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.app-containerapp.{0}.{1}', replace('0.19.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.app-containerapp.{0}.{1}', replace('0.22.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -66602,7 +67961,7 @@ }, "containerApp": { "type": "Microsoft.App/containerApps", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[parameters('name')]", "tags": "[parameters('tags')]", "kind": "[parameters('kind')]", @@ -66614,22 +67973,22 @@ "template": { "containers": "[parameters('containers')]", "terminationGracePeriodSeconds": "[parameters('terminationGracePeriodSeconds')]", - "initContainers": "[if(not(empty(parameters('initContainersTemplate'))), parameters('initContainersTemplate'), null())]", + "initContainers": "[parameters('initContainersTemplate')]", "revisionSuffix": "[parameters('revisionSuffix')]", "scale": "[parameters('scaleSettings')]", - "serviceBinds": "[if(and(parameters('includeAddOns'), not(empty(parameters('serviceBinds')))), parameters('serviceBinds'), null())]", - "volumes": "[if(not(empty(parameters('volumes'))), parameters('volumes'), null())]" + "serviceBinds": "[if(parameters('includeAddOns'), parameters('serviceBinds'), null())]", + "volumes": "[parameters('volumes')]" }, "configuration": { "activeRevisionsMode": "[parameters('activeRevisionsMode')]", - "dapr": "[if(not(empty(parameters('dapr'))), parameters('dapr'), null())]", - "identitySettings": "[if(not(empty(parameters('identitySettings'))), parameters('identitySettings'), null())]", - "ingress": "[if(parameters('disableIngress'), null(), createObject('additionalPortMappings', parameters('additionalPortMappings'), 'allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', if(not(empty(parameters('customDomains'))), parameters('customDomains'), null()), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', if(not(empty(parameters('ipSecurityRestrictions'))), parameters('ipSecurityRestrictions'), null()), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), createArray(createObject('label', parameters('trafficLabel'), 'latestRevision', parameters('trafficLatestRevision'), 'revisionName', parameters('trafficRevisionName'), 'weight', parameters('trafficWeight'))), null()), 'transport', parameters('ingressTransport')))]", - "service": "[if(and(parameters('includeAddOns'), not(empty(parameters('service')))), parameters('service'), null())]", + "dapr": "[parameters('dapr')]", + "identitySettings": "[parameters('identitySettings')]", + "ingress": "[if(parameters('disableIngress'), null(), createObject('additionalPortMappings', parameters('additionalPortMappings'), 'allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', parameters('customDomains'), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', parameters('ipSecurityRestrictions'), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('traffic'), null()), 'transport', parameters('ingressTransport')))]", + "service": "[if(parameters('includeAddOns'), parameters('service'), null())]", "maxInactiveRevisions": "[parameters('maxInactiveRevisions')]", - "registries": "[if(not(empty(parameters('registries'))), parameters('registries'), null())]", + "registries": "[parameters('registries')]", "secrets": "[parameters('secrets')]", - "runtime": "[if(not(empty(parameters('runtime'))), parameters('runtime'), null())]" + "runtime": "[parameters('runtime')]" } } }, @@ -66637,7 +67996,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -66654,7 +68013,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.App/containerApps', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -66676,7 +68035,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -66715,6 +68074,9 @@ "containerAppName": { "value": "[parameters('name')]" }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + }, "encryptionSettings": { "value": "[tryGet(parameters('authConfig'), 'encryptionSettings')]" }, @@ -66741,8 +68103,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "12480411243596309951" + "version": "0.42.1.51946", + "templateHash": "4649255393182983719" }, "name": "Container App Auth Configs", "description": "This module deploys Container App Auth Configs." @@ -66758,7 +68120,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/encryptionSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/encryptionSettings" }, "description": "Optional. The configuration settings of the secrets references of encryption key and signing key for ContainerApp Service Authentication/Authorization." }, @@ -66768,7 +68130,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/globalValidation" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/globalValidation" }, "description": "Optional. The configuration settings that determines the validation flow of users using Service Authentication and/or Authorization." }, @@ -66778,7 +68140,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/httpSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/httpSettings" }, "description": "Optional. The configuration settings of the HTTP requests for authentication and authorization requests made against ContainerApp Service Authentication/Authorization." }, @@ -66788,7 +68150,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/identityProviders" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/identityProviders" }, "description": "Optional. The configuration settings of each of the identity providers used to configure ContainerApp Service Authentication/Authorization." }, @@ -66798,7 +68160,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/login" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/login" }, "description": "Optional. The configuration settings of the login flow of users using ContainerApp Service Authentication/Authorization." }, @@ -66808,23 +68170,50 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/platform" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/platform" }, "description": "Optional. The configuration settings of the platform of ContainerApp Service Authentication/Authorization." }, "nullable": true + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } } }, "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.app-containerapp-authconfig.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, "containerApp": { "existing": true, "type": "Microsoft.App/containerApps", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[parameters('containerAppName')]" }, "containerAppAuthConfigs": { "type": "Microsoft.App/containerApps/authConfigs", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[format('{0}/{1}', parameters('containerAppName'), 'current')]", "properties": { "encryptionSettings": "[parameters('encryptionSettings')]", @@ -66901,14 +68290,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[tryGet(tryGet(reference('containerApp', '2025-02-02-preview', 'full'), 'identity'), 'principalId')]" + "value": "[tryGet(tryGet(reference('containerApp', '2026-01-01', 'full'), 'identity'), 'principalId')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('containerApp', '2025-02-02-preview', 'full').location]" + "value": "[reference('containerApp', '2026-01-01', 'full').location]" } } } @@ -67025,8 +68414,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "7056981135113238663" + "version": "0.42.1.51946", + "templateHash": "12626366001403616495" }, "name": "Container Apps", "description": "This module deploys a Container App." @@ -67506,7 +68895,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/encryptionSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/encryptionSettings" }, "description": "Optional. The configuration settings of the secrets references of encryption key and signing key for ContainerApp Service Authentication/Authorization." }, @@ -67516,7 +68905,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/globalValidation" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/globalValidation" }, "description": "Optional. The configuration settings that determines the validation flow of users using Service Authentication and/or Authorization." }, @@ -67526,7 +68915,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/httpSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/httpSettings" }, "description": "Optional. The configuration settings of the HTTP requests for authentication and authorization requests made against ContainerApp Service Authentication/Authorization." }, @@ -67536,7 +68925,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/identityProviders" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/identityProviders" }, "description": "Optional. The configuration settings of each of the identity providers used to configure ContainerApp Service Authentication/Authorization." }, @@ -67546,7 +68935,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/login" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/login" }, "description": "Optional. The configuration settings of the login flow of users using ContainerApp Service Authentication/Authorization." }, @@ -67556,7 +68945,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/platform" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/platform" }, "description": "Optional. The configuration settings of the platform of ContainerApp Service Authentication/Authorization." }, @@ -67653,7 +69042,7 @@ "metadata": { "description": "An AVM-aligned type for a diagnostic setting. To be used if only metrics are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -67690,7 +69079,7 @@ "metadata": { "description": "An AVM-aligned type for a lock.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.0" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -67718,7 +69107,7 @@ "metadata": { "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } }, @@ -67793,7 +69182,7 @@ "metadata": { "description": "An AVM-aligned type for a role assignment.", "__bicep_imported_from!": { - "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.6.1" } } } @@ -67885,7 +69274,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/service" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/service" }, "description": "Optional. Dev ContainerApp service type." }, @@ -67970,7 +69359,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/tags" + "source": "Microsoft.App/containerApps@2026-01-01#properties/tags" }, "description": "Optional. Tags of the resource." }, @@ -67980,7 +69369,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/registries" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/registries" }, "description": "Optional. Collection of private container registry credentials for containers used by the Container app." }, @@ -68014,7 +69403,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/ingress/properties/customDomains" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/customDomains" }, "description": "Optional. Custom domain bindings for Container App hostnames." }, @@ -68031,45 +69420,27 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/ingress/properties/ipSecurityRestrictions" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/ipSecurityRestrictions" }, "description": "Optional. Rules to restrict incoming IP address." }, "nullable": true }, - "trafficLabel": { - "type": "string", - "defaultValue": "label-1", - "metadata": { - "description": "Optional. Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes." - } - }, - "trafficLatestRevision": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Indicates that the traffic weight belongs to a latest stable revision." - } - }, - "trafficRevisionName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of a revision." - } - }, - "trafficWeight": { - "type": "int", - "defaultValue": 100, + "traffic": { + "type": "array", "metadata": { - "description": "Optional. Traffic weight assigned to a revision." - } + "__bicep_resource_derived_type!": { + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/ingress/properties/traffic" + }, + "description": "Optional. Traffic weight configuration for routing traffic across revisions. Each entry specifies a revision (or latest) and its traffic percentage. Supports blue-green and canary deployment patterns." + }, + "nullable": true }, "dapr": { "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/dapr" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/dapr" }, "description": "Optional. Dapr configuration for the Container App." }, @@ -68079,7 +69450,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/identitySettings" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/identitySettings" }, "description": "Optional. Settings for Managed Identities that are assigned to the Container App. If a Managed Identity is not specified here, default settings will be used." }, @@ -68096,7 +69467,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/configuration/properties/runtime" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/configuration/properties/runtime" }, "description": "Optional. Runtime configuration for the Container App." }, @@ -68106,7 +69477,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/containers" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/containers" }, "description": "Required. List of container definitions for the Container App." } @@ -68122,7 +69493,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/initContainers" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/initContainers" }, "description": "Optional. List of specialized containers that run before app containers." }, @@ -68149,7 +69520,7 @@ "type": "array", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps@2025-02-02-preview#properties/properties/properties/template/properties/volumes" + "source": "Microsoft.App/containerApps@2026-01-01#properties/properties/properties/template/properties/volumes" }, "description": "Optional. List of volume definitions for the Container App." }, @@ -68189,7 +69560,7 @@ } ], "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", + "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(variables('formattedUserAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(variables('formattedUserAssignedIdentities'))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", "builtInRoleNames": { "ContainerApp Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b')]", "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", @@ -68197,14 +69568,15 @@ "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", "Role Based Access Control Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" - } + }, + "enableReferencedModulesTelemetry": false }, "resources": { "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.app-containerapp.{0}.{1}', replace('0.19.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.app-containerapp.{0}.{1}', replace('0.22.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -68222,7 +69594,7 @@ }, "containerApp": { "type": "Microsoft.App/containerApps", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[parameters('name')]", "tags": "[parameters('tags')]", "kind": "[parameters('kind')]", @@ -68234,22 +69606,22 @@ "template": { "containers": "[parameters('containers')]", "terminationGracePeriodSeconds": "[parameters('terminationGracePeriodSeconds')]", - "initContainers": "[if(not(empty(parameters('initContainersTemplate'))), parameters('initContainersTemplate'), null())]", + "initContainers": "[parameters('initContainersTemplate')]", "revisionSuffix": "[parameters('revisionSuffix')]", "scale": "[parameters('scaleSettings')]", - "serviceBinds": "[if(and(parameters('includeAddOns'), not(empty(parameters('serviceBinds')))), parameters('serviceBinds'), null())]", - "volumes": "[if(not(empty(parameters('volumes'))), parameters('volumes'), null())]" + "serviceBinds": "[if(parameters('includeAddOns'), parameters('serviceBinds'), null())]", + "volumes": "[parameters('volumes')]" }, "configuration": { "activeRevisionsMode": "[parameters('activeRevisionsMode')]", - "dapr": "[if(not(empty(parameters('dapr'))), parameters('dapr'), null())]", - "identitySettings": "[if(not(empty(parameters('identitySettings'))), parameters('identitySettings'), null())]", - "ingress": "[if(parameters('disableIngress'), null(), createObject('additionalPortMappings', parameters('additionalPortMappings'), 'allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', if(not(empty(parameters('customDomains'))), parameters('customDomains'), null()), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', if(not(empty(parameters('ipSecurityRestrictions'))), parameters('ipSecurityRestrictions'), null()), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), createArray(createObject('label', parameters('trafficLabel'), 'latestRevision', parameters('trafficLatestRevision'), 'revisionName', parameters('trafficRevisionName'), 'weight', parameters('trafficWeight'))), null()), 'transport', parameters('ingressTransport')))]", - "service": "[if(and(parameters('includeAddOns'), not(empty(parameters('service')))), parameters('service'), null())]", + "dapr": "[parameters('dapr')]", + "identitySettings": "[parameters('identitySettings')]", + "ingress": "[if(parameters('disableIngress'), null(), createObject('additionalPortMappings', parameters('additionalPortMappings'), 'allowInsecure', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('ingressAllowInsecure'), false()), 'customDomains', parameters('customDomains'), 'corsPolicy', if(and(not(equals(parameters('corsPolicy'), null())), not(equals(parameters('ingressTransport'), 'tcp'))), createObject('allowCredentials', coalesce(tryGet(parameters('corsPolicy'), 'allowCredentials'), false()), 'allowedHeaders', coalesce(tryGet(parameters('corsPolicy'), 'allowedHeaders'), createArray()), 'allowedMethods', coalesce(tryGet(parameters('corsPolicy'), 'allowedMethods'), createArray()), 'allowedOrigins', coalesce(tryGet(parameters('corsPolicy'), 'allowedOrigins'), createArray()), 'exposeHeaders', coalesce(tryGet(parameters('corsPolicy'), 'exposeHeaders'), createArray()), 'maxAge', tryGet(parameters('corsPolicy'), 'maxAge')), null()), 'clientCertificateMode', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('clientCertificateMode'), null()), 'exposedPort', parameters('exposedPort'), 'external', parameters('ingressExternal'), 'ipSecurityRestrictions', parameters('ipSecurityRestrictions'), 'targetPort', parameters('ingressTargetPort'), 'stickySessions', createObject('affinity', parameters('stickySessionsAffinity')), 'traffic', if(not(equals(parameters('ingressTransport'), 'tcp')), parameters('traffic'), null()), 'transport', parameters('ingressTransport')))]", + "service": "[if(parameters('includeAddOns'), parameters('service'), null())]", "maxInactiveRevisions": "[parameters('maxInactiveRevisions')]", - "registries": "[if(not(empty(parameters('registries'))), parameters('registries'), null())]", + "registries": "[parameters('registries')]", "secrets": "[parameters('secrets')]", - "runtime": "[if(not(empty(parameters('runtime'))), parameters('runtime'), null())]" + "runtime": "[parameters('runtime')]" } } }, @@ -68257,7 +69629,7 @@ "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", "type": "Microsoft.Authorization/locks", "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", "properties": { "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", @@ -68274,7 +69646,7 @@ }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.App/containerApps', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", @@ -68296,7 +69668,7 @@ }, "type": "Microsoft.Insights/diagnosticSettings", "apiVersion": "2021-05-01-preview", - "scope": "[format('Microsoft.App/containerApps/{0}', parameters('name'))]", + "scope": "[resourceId('Microsoft.App/containerApps', parameters('name'))]", "name": "[coalesce(tryGet(coalesce(parameters('diagnosticSettings'), createArray())[copyIndex()], 'name'), format('{0}-diagnosticSettings', parameters('name')))]", "properties": { "copy": [ @@ -68335,6 +69707,9 @@ "containerAppName": { "value": "[parameters('name')]" }, + "enableTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + }, "encryptionSettings": { "value": "[tryGet(parameters('authConfig'), 'encryptionSettings')]" }, @@ -68361,8 +69736,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.38.33.27573", - "templateHash": "12480411243596309951" + "version": "0.42.1.51946", + "templateHash": "4649255393182983719" }, "name": "Container App Auth Configs", "description": "This module deploys Container App Auth Configs." @@ -68378,7 +69753,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/encryptionSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/encryptionSettings" }, "description": "Optional. The configuration settings of the secrets references of encryption key and signing key for ContainerApp Service Authentication/Authorization." }, @@ -68388,7 +69763,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/globalValidation" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/globalValidation" }, "description": "Optional. The configuration settings that determines the validation flow of users using Service Authentication and/or Authorization." }, @@ -68398,7 +69773,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/httpSettings" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/httpSettings" }, "description": "Optional. The configuration settings of the HTTP requests for authentication and authorization requests made against ContainerApp Service Authentication/Authorization." }, @@ -68408,7 +69783,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/identityProviders" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/identityProviders" }, "description": "Optional. The configuration settings of each of the identity providers used to configure ContainerApp Service Authentication/Authorization." }, @@ -68418,7 +69793,7 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/login" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/login" }, "description": "Optional. The configuration settings of the login flow of users using ContainerApp Service Authentication/Authorization." }, @@ -68428,23 +69803,50 @@ "type": "object", "metadata": { "__bicep_resource_derived_type!": { - "source": "Microsoft.App/containerApps/authConfigs@2025-02-02-preview#properties/properties/properties/platform" + "source": "Microsoft.App/containerApps/authConfigs@2026-01-01#properties/properties/properties/platform" }, "description": "Optional. The configuration settings of the platform of ContainerApp Service Authentication/Authorization." }, "nullable": true + }, + "enableTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } } }, "resources": { + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2025-04-01", + "name": "[format('46d3xbcp.res.app-containerapp-authconfig.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name), 0, 4))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } + } + } + }, "containerApp": { "existing": true, "type": "Microsoft.App/containerApps", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[parameters('containerAppName')]" }, "containerAppAuthConfigs": { "type": "Microsoft.App/containerApps/authConfigs", - "apiVersion": "2025-02-02-preview", + "apiVersion": "2026-01-01", "name": "[format('{0}/{1}', parameters('containerAppName'), 'current')]", "properties": { "encryptionSettings": "[parameters('encryptionSettings')]", @@ -68521,14 +69923,14 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[tryGet(tryGet(reference('containerApp', '2025-02-02-preview', 'full'), 'identity'), 'principalId')]" + "value": "[tryGet(tryGet(reference('containerApp', '2026-01-01', 'full'), 'identity'), 'principalId')]" }, "location": { "type": "string", "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('containerApp', '2025-02-02-preview', 'full').location]" + "value": "[reference('containerApp', '2026-01-01', 'full').location]" } } } diff --git a/infra/main_custom.bicep b/infra/main_custom.bicep index c620dcb7..7696c022 100644 --- a/infra/main_custom.bicep +++ b/infra/main_custom.bicep @@ -148,7 +148,7 @@ var existingProjectResourceId = trim(existingFoundryProjectResourceId) // ========== AVM Telemetry ========== // #disable-next-line no-deployments-resources -resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableTelemetry) { +resource avmTelemetry 'Microsoft.Resources/deployments@2025-04-01' = if (enableTelemetry) { name: take( '46d3xbcp.ptn.sa-contentprocessing.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}', 64 @@ -200,7 +200,7 @@ module virtualNetwork './modules/virtualNetwork.bicep' = if (enablePrivateNetwor // Azure Bastion Host var bastionHostName = 'bas-${solutionSuffix}' -module bastionHost 'br/public:avm/res/network/bastion-host:0.8.0' = if (enablePrivateNetworking) { +module bastionHost 'br/public:avm/res/network/bastion-host:0.8.2' = if (enablePrivateNetworking) { name: take('avm.res.network.bastion-host.${bastionHostName}', 64) params: { name: bastionHostName @@ -233,7 +233,7 @@ module bastionHost 'br/public:avm/res/network/bastion-host:0.8.0' = if (enablePr // Jumpbox Virtual Machine var jumpboxVmName = take('vm-${solutionSuffix}', 15) -module jumpboxVM 'br/public:avm/res/compute/virtual-machine:0.20.0' = if (enablePrivateNetworking) { +module jumpboxVM 'br/public:avm/res/compute/virtual-machine:0.22.0' = if (enablePrivateNetworking) { name: take('avm.res.compute.virtual-machine.${jumpboxVmName}', 64) params: { name: jumpboxVmName @@ -334,7 +334,7 @@ module jumpboxVM 'br/public:avm/res/compute/virtual-machine:0.20.0' = if (enable } } -module maintenanceConfiguration 'br/public:avm/res/maintenance/maintenance-configuration:0.3.2' = if (enablePrivateNetworking) { +module maintenanceConfiguration 'br/public:avm/res/maintenance/maintenance-configuration:0.4.0' = if (enablePrivateNetworking) { name: take('avm.res.maintenance-configuration.${jumpboxVmName}', 64) params: { name: 'mc-${jumpboxVmName}' @@ -372,7 +372,7 @@ module maintenanceConfiguration 'br/public:avm/res/maintenance/maintenance-confi var dataCollectionRulesResourceName = 'dcr-${solutionSuffix}' var dataCollectionRulesLocation = logAnalyticsWorkspace!.outputs.location -module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-rule:0.8.0' = if (enablePrivateNetworking && enableMonitoring) { +module windowsVmDataCollectionRules 'br/public:avm/res/insights/data-collection-rule:0.11.0' = if (enablePrivateNetworking && enableMonitoring) { name: take('avm.res.insights.data-collection-rule.${dataCollectionRulesResourceName}', 64) params: { name: dataCollectionRulesResourceName @@ -523,7 +523,7 @@ var dnsZoneIndex = { } @batchSize(5) -module avmPrivateDnsZones 'br/public:avm/res/network/private-dns-zone:0.8.0' = [ +module avmPrivateDnsZones 'br/public:avm/res/network/private-dns-zone:0.8.1' = [ for (zone, i) in privateDnsZones: if (enablePrivateNetworking) { name: take('avm.res.network.private-dns-zone.${split(zone, '.')[1]}', 64) params: { @@ -550,7 +550,7 @@ module logAnalyticsWorkspace 'modules/log-analytics-workspace.bicep' = if (enabl } } -module applicationInsights 'br/public:avm/res/insights/component:0.7.0' = if (enableMonitoring) { +module applicationInsights 'br/public:avm/res/insights/component:0.7.1' = if (enableMonitoring) { name: take('avm.res.insights.component.${solutionSuffix}', 64) params: { name: 'appi-${solutionSuffix}' @@ -626,7 +626,7 @@ module avmContainerRegistry 'modules/container-registry.bicep' = { } // // ========== Storage Account ========== // -module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.28.0' = { +module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.32.0' = { name: take('module.storage-account.${solutionSuffix}', 64) params: { name: 'st${replace(solutionSuffix, '-', '')}' @@ -792,7 +792,7 @@ module avmAiServices 'modules/account/aifoundry.bicep' = { } } -module cognitiveServicePrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.8.1' = if (enablePrivateNetworking && empty(existingProjectResourceId)) { +module cognitiveServicePrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.12.0' = if (enablePrivateNetworking && empty(existingProjectResourceId)) { name: take('avm.res.network.private-endpoint.${solutionSuffix}', 64) params: { name: 'pep-aiservices-${solutionSuffix}' @@ -832,7 +832,7 @@ module cognitiveServicePrivateEndpoint 'br/public:avm/res/network/private-endpoi } } -module avmAiServices_cu 'br/public:avm/res/cognitive-services/account:0.14.1' = { +module avmAiServices_cu 'br/public:avm/res/cognitive-services/account:0.14.2' = { name: take('avm.res.cognitive-services.account.content-understanding.${solutionSuffix}', 64) params: { @@ -874,7 +874,7 @@ module avmAiServices_cu 'br/public:avm/res/cognitive-services/account:0.14.1' = } } -module contentUnderstandingPrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.8.1' = if (enablePrivateNetworking) { +module contentUnderstandingPrivateEndpoint 'br/public:avm/res/network/private-endpoint:0.12.0' = if (enablePrivateNetworking) { name: take('avm.res.network.private-endpoint.aicu-${solutionSuffix}', 64) params: { name: 'pep-aicu-${solutionSuffix}' @@ -911,7 +911,7 @@ module contentUnderstandingPrivateEndpoint 'br/public:avm/res/network/private-en } // ========== Container App Environment ========== // -module avmContainerAppEnv 'br/public:avm/res/app/managed-environment:0.11.3' = { +module avmContainerAppEnv 'br/public:avm/res/app/managed-environment:0.13.2' = { name: take('avm.res.app.managed-environment.${solutionSuffix}', 64) params: { name: 'cae-${solutionSuffix}' @@ -924,10 +924,7 @@ module avmContainerAppEnv 'br/public:avm/res/app/managed-environment:0.11.3' = { appLogsConfiguration: enableMonitoring ? { destination: 'log-analytics' - logAnalyticsConfiguration: { - customerId: logAnalyticsWorkspace!.outputs.logAnalyticsWorkspaceId - sharedKey: logAnalyticsWorkspace.outputs.primarySharedKey - } + logAnalyticsWorkspaceResourceId: logAnalyticsWorkspace!.outputs.resourceId } : null workloadProfiles: [ @@ -951,7 +948,7 @@ module avmContainerAppEnv 'br/public:avm/res/app/managed-environment:0.11.3' = { } // //=========== Managed Identity for Container Registry ========== // -module avmContainerRegistryReader 'br/public:avm/res/managed-identity/user-assigned-identity:0.4.2' = { +module avmContainerRegistryReader 'br/public:avm/res/managed-identity/user-assigned-identity:0.5.0' = { name: take('avm.res.managed-identity.user-assigned-identity.${solutionSuffix}', 64) params: { name: 'id-acr-${solutionSuffix}' @@ -962,7 +959,7 @@ module avmContainerRegistryReader 'br/public:avm/res/managed-identity/user-assig } // ========== Container App ========== // -module avmContainerApp 'br/public:avm/res/app/container-app:0.19.0' = { +module avmContainerApp 'br/public:avm/res/app/container-app:0.22.1' = { name: take('avm.res.app.container-app.${solutionSuffix}', 64) params: { name: 'ca-${solutionSuffix}-app' @@ -1036,7 +1033,7 @@ module avmContainerApp 'br/public:avm/res/app/container-app:0.19.0' = { } // ========== Container App API ========== // -module avmContainerApp_API 'br/public:avm/res/app/container-app:0.19.0' = { +module avmContainerApp_API 'br/public:avm/res/app/container-app:0.22.1' = { name: take('avm.res.app.container-app-api.${solutionSuffix}', 64) params: { name: 'ca-${solutionSuffix}-api' @@ -1172,7 +1169,7 @@ module avmContainerApp_API 'br/public:avm/res/app/container-app:0.19.0' = { } //========== Container App Web ========== // -module avmContainerApp_Web 'br/public:avm/res/app/container-app:0.19.0' = { +module avmContainerApp_Web 'br/public:avm/res/app/container-app:0.22.1' = { name: take('avm.res.app.container-app-web.${solutionSuffix}', 64) params: { name: 'ca-${solutionSuffix}-web' @@ -1259,7 +1256,7 @@ module avmContainerApp_Web 'br/public:avm/res/app/container-app:0.19.0' = { } // ========== Container App Workflow ========== // -module avmContainerApp_Workflow 'br/public:avm/res/app/container-app:0.19.0' = { +module avmContainerApp_Workflow 'br/public:avm/res/app/container-app:0.22.1' = { name: take('avm.res.app.container-app-wkfl.${solutionSuffix}', 64) params: { name: 'ca-${solutionSuffix}-wkfl' @@ -1331,7 +1328,7 @@ module avmContainerApp_Workflow 'br/public:avm/res/app/container-app:0.19.0' = { } // ========== Cosmos Database for Mongo DB ========== // -module avmCosmosDB 'br/public:avm/res/document-db/database-account:0.18.0' = { +module avmCosmosDB 'br/public:avm/res/document-db/database-account:0.19.0' = { name: take('avm.res.document-db.database-account.${solutionSuffix}', 64) params: { name: 'cosmos-${solutionSuffix}' @@ -1643,7 +1640,7 @@ module avmAppConfig_update 'br/public:avm/res/app-configuration/configuration-st } // ========== Container App Update Modules ========== // -module avmContainerApp_update 'br/public:avm/res/app/container-app:0.19.0' = { +module avmContainerApp_update 'br/public:avm/res/app/container-app:0.22.1' = { name: take('avm.res.app.container-app-update.${solutionSuffix}', 64) params: { name: 'ca-${solutionSuffix}-app' @@ -1731,7 +1728,7 @@ module avmContainerApp_update 'br/public:avm/res/app/container-app:0.19.0' = { ] } -module avmContainerApp_API_update 'br/public:avm/res/app/container-app:0.19.0' = { +module avmContainerApp_API_update 'br/public:avm/res/app/container-app:0.22.1' = { name: take('avm.res.app.container-app-api.update.${solutionSuffix}', 64) params: { name: 'ca-${solutionSuffix}-api' @@ -1871,7 +1868,7 @@ module avmContainerApp_API_update 'br/public:avm/res/app/container-app:0.19.0' = } // ========== Container App Workflow Update ========== // -module avmContainerApp_Workflow_update 'br/public:avm/res/app/container-app:0.19.0' = { +module avmContainerApp_Workflow_update 'br/public:avm/res/app/container-app:0.22.1' = { name: take('avm.res.app.container-app-wkfl.update.${solutionSuffix}', 64) params: { name: 'ca-${solutionSuffix}-wkfl' diff --git a/infra/modules/account/aifoundry.bicep b/infra/modules/account/aifoundry.bicep index 6bfce48e..4342f5f9 100644 --- a/infra/modules/account/aifoundry.bicep +++ b/infra/modules/account/aifoundry.bicep @@ -66,7 +66,7 @@ param sku string = 'S0' @description('Optional. Location for all Resources.') param location string = resourceGroup().location -import { diagnosticSettingFullType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { diagnosticSettingFullType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. The diagnostic settings of the service.') param diagnosticSettings diagnosticSettingFullType[]? @@ -83,15 +83,15 @@ param customSubDomainName string? @description('Optional. A collection of rules governing the accessibility from specific network locations.') param networkAcls object? -import { privateEndpointSingleServiceType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { privateEndpointSingleServiceType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints privateEndpointSingleServiceType[]? -import { lockType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { lockType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. The lock settings of the service.') param lock lockType? -import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. Array of role assignments to create.') param roleAssignments roleAssignmentType[]? @@ -107,7 +107,7 @@ param apiProperties object? @description('Optional. Allow only Azure AD authentication. Should be enabled for security reasons.') param disableLocalAuth bool = true -import { customerManagedKeyType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { customerManagedKeyType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. The customer managed key definition.') param customerManagedKey customerManagedKeyType? @@ -127,7 +127,7 @@ param restrictOutboundNetworkAccess bool = true @description('Optional. The storage accounts for this resource.') param userOwnedStorage array? -import { managedIdentityAllType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { managedIdentityAllType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. The managed identity definition for this resource.') param managedIdentities managedIdentityAllType? @@ -159,7 +159,7 @@ var identity = !empty(managedIdentities) : null #disable-next-line no-deployments-resources -resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableTelemetry) { +resource avmTelemetry 'Microsoft.Resources/deployments@2025-04-01' = if (enableTelemetry) { name: '46d3xbcp.res.cognitiveservices-account.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}' properties: { mode: 'Incremental' @@ -177,14 +177,14 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableT } } -resource cMKKeyVault 'Microsoft.KeyVault/vaults@2025-05-01' existing = if (!empty(customerManagedKey.?keyVaultResourceId)) { +resource cMKKeyVault 'Microsoft.KeyVault/vaults@2026-02-01' existing = if (!empty(customerManagedKey.?keyVaultResourceId)) { name: last(split(customerManagedKey.?keyVaultResourceId!, '/')) scope: resourceGroup( split(customerManagedKey.?keyVaultResourceId!, '/')[2], split(customerManagedKey.?keyVaultResourceId!, '/')[4] ) - resource cMKKey 'keys@2025-05-01' existing = if (!empty(customerManagedKey.?keyVaultResourceId) && !empty(customerManagedKey.?keyName)) { + resource cMKKey 'keys@2026-02-01' existing = if (!empty(customerManagedKey.?keyVaultResourceId) && !empty(customerManagedKey.?keyName)) { name: customerManagedKey.?keyName! } } @@ -199,7 +199,7 @@ resource cMKUserAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentiti var useExistingService = !empty(existingFoundryProjectResourceId) -resource cognitiveServiceNew 'Microsoft.CognitiveServices/accounts@2025-07-01-preview' = if(!useExistingService) { +resource cognitiveServiceNew 'Microsoft.CognitiveServices/accounts@2025-12-01' = if(!useExistingService) { name: name kind: kind identity: identity @@ -249,7 +249,7 @@ resource cognitiveServiceNew 'Microsoft.CognitiveServices/accounts@2025-07-01-pr var existingCognitiveServiceDetails = split(existingFoundryProjectResourceId, '/') -resource cognitiveServiceExisting 'Microsoft.CognitiveServices/accounts@2025-07-01-preview' existing = if(useExistingService) { +resource cognitiveServiceExisting 'Microsoft.CognitiveServices/accounts@2025-12-01' existing = if(useExistingService) { name: existingCognitiveServiceDetails[8] scope: resourceGroup(existingCognitiveServiceDetails[2], existingCognitiveServiceDetails[4]) } @@ -316,7 +316,7 @@ output systemAssignedMIPrincipalId string? = useExistingService ? cognitiveServi @description('The location the resource was deployed into.') output location string = useExistingService ? cognitiveServiceExisting.location : cognitiveService.location -import { secretsOutputType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { secretsOutputType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('A hashtable of references to the secrets exported to the provided Key Vault. The key of each reference is each secret\'s name.') output exportedSecrets secretsOutputType = useExistingService ? existing_cognitive_service_dependencies.outputs.exportedSecrets : cognitive_service_dependencies.outputs.exportedSecrets diff --git a/infra/modules/account/modules/dependencies.bicep b/infra/modules/account/modules/dependencies.bicep index 9ee06674..55bb9ff7 100644 --- a/infra/modules/account/modules/dependencies.bicep +++ b/infra/modules/account/modules/dependencies.bicep @@ -35,19 +35,19 @@ param deployments deploymentType[]? @description('Optional. Key vault reference and secret settings for the module\'s secrets export.') param secretsExportConfiguration secretsExportConfigurationType? -import { privateEndpointSingleServiceType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { privateEndpointSingleServiceType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') param privateEndpoints privateEndpointSingleServiceType[]? -import { lockType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { lockType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. The lock settings of the service.') param lock lockType? -import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. Array of role assignments to create.') param roleAssignments roleAssignmentType[]? -import { diagnosticSettingFullType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { diagnosticSettingFullType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. The diagnostic settings of the service.') param diagnosticSettings diagnosticSettingFullType[]? @@ -187,12 +187,12 @@ var formattedRoleAssignments = [ var enableReferencedModulesTelemetry = false -resource cognitiveService 'Microsoft.CognitiveServices/accounts@2025-07-01-preview' existing = { +resource cognitiveService 'Microsoft.CognitiveServices/accounts@2025-12-01' existing = { name: name } @batchSize(1) -resource cognitiveService_deployments 'Microsoft.CognitiveServices/accounts/deployments@2025-07-01-preview' = [ +resource cognitiveService_deployments 'Microsoft.CognitiveServices/accounts/deployments@2025-12-01' = [ for (deployment, index) in (deployments ?? []): { parent: cognitiveService name: deployment.?name ?? '${name}-deployments' @@ -251,7 +251,7 @@ resource cognitiveService_diagnosticSettings 'Microsoft.Insights/diagnosticSetti } ] -module cognitiveService_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.11.0' = [ +module cognitiveService_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.12.0' = [ for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-cognitiveService-PrivateEndpoint-${index}' scope: resourceGroup( @@ -364,7 +364,7 @@ module aiProject 'project.bicep' = if(!empty(projectName) || !empty(azureExistin } } -import { secretsOutputType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { secretsOutputType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('A hashtable of references to the secrets exported to the provided Key Vault. The key of each reference is each secret\'s name.') output exportedSecrets secretsOutputType = (secretsExportConfiguration != null) ? toObject(secretsExport.outputs.secretsSet, secret => last(split(secret.secretResourceId, '/')), secret => secret) diff --git a/infra/modules/account/modules/keyVaultExport.bicep b/infra/modules/account/modules/keyVaultExport.bicep index 44597e56..ccbcf14b 100644 --- a/infra/modules/account/modules/keyVaultExport.bicep +++ b/infra/modules/account/modules/keyVaultExport.bicep @@ -2,10 +2,10 @@ // Parameters // // ============== // -@description('Required. The name of the Key Vault to set the ecrets in.') +@description('Required. The name of the Key Vault to set the secrets in.') param keyVaultName string -import { secretToSetType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { secretToSetType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Required. The secrets to set in the Key Vault.') param secretsToSet secretToSetType[] @@ -13,11 +13,11 @@ param secretsToSet secretToSetType[] // Resources // // ============= // -resource keyVault 'Microsoft.KeyVault/vaults@2025-05-01' existing = { +resource keyVault 'Microsoft.KeyVault/vaults@2026-02-01' existing = { name: keyVaultName } -resource secrets 'Microsoft.KeyVault/vaults/secrets@2025-05-01' = [ +resource secrets 'Microsoft.KeyVault/vaults/secrets@2026-02-01' = [ for secret in secretsToSet: { name: secret.name parent: keyVault @@ -31,7 +31,7 @@ resource secrets 'Microsoft.KeyVault/vaults/secrets@2025-05-01' = [ // Outputs // // =========== // -import { secretSetOutputType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { secretSetOutputType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('The references to the secrets exported to the provided Key Vault.') output secretsSet secretSetOutputType[] = [ #disable-next-line outputs-should-not-contain-secrets // Only returning the references, not a secret value diff --git a/infra/modules/account/modules/project.bicep b/infra/modules/account/modules/project.bicep index b4e9e4c3..3a1620d2 100644 --- a/infra/modules/account/modules/project.bicep +++ b/infra/modules/account/modules/project.bicep @@ -22,12 +22,12 @@ var existingProjName = useExistingProject ? last(split(azureExistingAIProjectRes var existingProjEndpoint = useExistingProject ? format('https://{0}.services.ai.azure.com/api/projects/{1}', aiServicesName, existingProjName) : '' // Reference to cognitive service in current resource group for new projects -resource cogServiceReference 'Microsoft.CognitiveServices/accounts@2024-10-01' existing = { +resource cogServiceReference 'Microsoft.CognitiveServices/accounts@2025-12-01' existing = { name: aiServicesName } // Create new AI project only if not reusing existing one -resource aiProject 'Microsoft.CognitiveServices/accounts/projects@2025-07-01-preview' = if(!useExistingProject) { +resource aiProject 'Microsoft.CognitiveServices/accounts/projects@2025-12-01' = if(!useExistingProject) { parent: cogServiceReference name: name tags: tags diff --git a/infra/modules/container-registry.bicep b/infra/modules/container-registry.bicep index c4a244c9..52ee5c2b 100644 --- a/infra/modules/container-registry.bicep +++ b/infra/modules/container-registry.bicep @@ -16,7 +16,7 @@ param publicNetworkAccess string = 'Enabled' @description('Optional. Zone redundancy setting for the Azure Container Registry.') param zoneRedundancy string = 'Disabled' -import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.5.1' +import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.7.0' @description('Optional. Array of role assignments to create.') param roleAssignments roleAssignmentType[]? @@ -41,7 +41,7 @@ param backendSubnetResourceId string = '' @description('Optional. Private DNS zone resource ID for Container Registry.') param privateDnsZoneResourceId string = '' -module avmContainerRegistry 'br/public:avm/res/container-registry/registry:0.9.3' = { +module avmContainerRegistry 'br/public:avm/res/container-registry/registry:0.12.1' = { name: acrName params: { name: acrName @@ -61,9 +61,10 @@ module avmContainerRegistry 'br/public:avm/res/container-registry/registry:0.9.3 ] : null // WAF aligned configuration for Private Networking - Network access restrictions + // Network rule set features require Premium SKU; default action is always set ('Deny' for private networking, otherwise 'Allow'), while additional restrictions are only set when private networking is enabled networkRuleSetDefaultAction: enablePrivateNetworking ? 'Deny' : 'Allow' - networkRuleSetIpRules: enablePrivateNetworking ? [] : [] - exportPolicyStatus: enablePrivateNetworking ? 'disabled' : 'enabled' + networkRuleSetIpRules: enablePrivateNetworking ? [] : null + exportPolicyStatus: enablePrivateNetworking ? 'disabled' : null privateEndpoints: enablePrivateNetworking ? [ { diff --git a/infra/modules/key-vault.bicep b/infra/modules/key-vault.bicep index b262f677..dc61b127 100644 --- a/infra/modules/key-vault.bicep +++ b/infra/modules/key-vault.bicep @@ -72,7 +72,7 @@ param networkAcls object = { @secure() param logAnalyticsWorkspaceResourceId string = '' -module avmKeyVault 'br/public:avm/res/key-vault/vault:0.13.0' = { +module avmKeyVault 'br/public:avm/res/key-vault/vault:0.13.3' = { name: take('avm.res.key-vault.vault-${keyvaultName}', 64) params: { name: keyvaultName diff --git a/infra/modules/log-analytics-workspace.bicep b/infra/modules/log-analytics-workspace.bicep index 649c3825..6b1c51e9 100644 --- a/infra/modules/log-analytics-workspace.bicep +++ b/infra/modules/log-analytics-workspace.bicep @@ -31,7 +31,7 @@ var existingLawSubscription = useExistingWorkspace ? split(existingLogAnalyticsW var existingLawResourceGroup = useExistingWorkspace ? split(existingLogAnalyticsWorkspaceId, '/')[4] : '' var existingLawName = useExistingWorkspace ? split(existingLogAnalyticsWorkspaceId, '/')[8] : '' -module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0.12.0' = if (!useExistingWorkspace) { +module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0.15.0' = if (!useExistingWorkspace) { name: take('avm.res.operational-insights.workspace.${name}', 64) params: { name: name @@ -43,7 +43,7 @@ module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0 features: { enableLogAccessUsingOnlyResourcePermissions: true } diagnosticSettings: [{ useThisWorkspace: true }] // WAF aligned configuration for Redundancy - dailyQuotaGb: enableRedundancy ? 150 : null //WAF recommendation: 150 GB per day is a good starting point for most workloads + dailyQuotaGb: enableRedundancy ? '150' : null //WAF recommendation: 150 GB per day is a good starting point for most workloads replication: enableRedundancy ? { enabled: true @@ -90,7 +90,7 @@ module logAnalyticsWorkspace 'br/public:avm/res/operational-insights/workspace:0 } } -resource existingLogAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2023-09-01' existing = if (useExistingWorkspace) { +resource existingLogAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2025-07-01' existing = if (useExistingWorkspace) { name: existingLawName scope: resourceGroup(existingLawSubscription, existingLawResourceGroup) } diff --git a/infra/modules/managed-identity.bicep b/infra/modules/managed-identity.bicep index a808560f..aa6e4915 100644 --- a/infra/modules/managed-identity.bicep +++ b/infra/modules/managed-identity.bicep @@ -11,7 +11,7 @@ param tags object @description('Required. Enable telemetry for the AVM deployment.') param enableTelemetry bool -module avmManagedIdentity 'br/public:avm/res/managed-identity/user-assigned-identity:0.4.2' = { +module avmManagedIdentity 'br/public:avm/res/managed-identity/user-assigned-identity:0.5.0' = { name: name params: { name: name diff --git a/infra/modules/virtualNetwork.bicep b/infra/modules/virtualNetwork.bicep index 2e83b6ee..a15a385a 100644 --- a/infra/modules/virtualNetwork.bicep +++ b/infra/modules/virtualNetwork.bicep @@ -253,7 +253,7 @@ param resourceSuffix string // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/network-security-group @batchSize(1) -module nsgs 'br/public:avm/res/network/network-security-group:0.5.2' = [ +module nsgs 'br/public:avm/res/network/network-security-group:0.5.3' = [ for (subnet, i) in subnets: if (!empty(subnet.?networkSecurityGroup)) { name: take('avm.res.network.network-security-group.${subnet.?networkSecurityGroup.name}.${resourceSuffix}', 64) params: { @@ -270,7 +270,7 @@ module nsgs 'br/public:avm/res/network/network-security-group:0.5.2' = [ // using AVM Virtual Network module // https://github.com/Azure/bicep-registry-modules/tree/main/avm/res/network/virtual-network -module virtualNetwork 'br/public:avm/res/network/virtual-network:0.7.1' = { +module virtualNetwork 'br/public:avm/res/network/virtual-network:0.8.1' = { name: take('avm.res.network.virtual-network.${name}', 64) params: { name: name