From 878cf65b9c2adfe74be33ee25fb9a023ac0f03ed Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 4 Jan 2025 14:53:14 +0100 Subject: [PATCH 01/36] Update to latest --- .../digital-twins-instance/README.md | 627 ++-- .../endpoint--event-grid/main.bicep | 49 - .../endpoint--event-grid/main.json | 94 - .../endpoint--event-hub/README.md | 152 - .../endpoint--event-hub/main.bicep | 94 - .../endpoint--event-hub/main.json | 168 -- .../endpoint--service-bus/README.md | 152 - .../endpoint--service-bus/main.bicep | 94 - .../endpoint--service-bus/main.json | 168 -- .../README.md | 59 +- .../endpoint/main.bicep | 250 ++ .../digital-twins-instance/endpoint/main.json | 440 +++ .../digital-twins-instance/main.bicep | 306 +- .../digital-twins-instance/main.json | 2670 ++++++++++------- .../tests/e2e/max/dependencies.bicep | 75 +- .../tests/e2e/max/main.test.bicep | 107 +- .../tests/e2e/pe/main.test.bicep | 24 +- .../tests/e2e/waf-aligned/dependencies.bicep | 68 + .../tests/e2e/waf-aligned/main.test.bicep | 35 +- 19 files changed, 3087 insertions(+), 2545 deletions(-) delete mode 100644 avm/res/digital-twins/digital-twins-instance/endpoint--event-grid/main.bicep delete mode 100644 avm/res/digital-twins/digital-twins-instance/endpoint--event-grid/main.json delete mode 100644 avm/res/digital-twins/digital-twins-instance/endpoint--event-hub/README.md delete mode 100644 avm/res/digital-twins/digital-twins-instance/endpoint--event-hub/main.bicep delete mode 100644 avm/res/digital-twins/digital-twins-instance/endpoint--event-hub/main.json delete mode 100644 avm/res/digital-twins/digital-twins-instance/endpoint--service-bus/README.md delete mode 100644 avm/res/digital-twins/digital-twins-instance/endpoint--service-bus/main.bicep delete mode 100644 avm/res/digital-twins/digital-twins-instance/endpoint--service-bus/main.json rename avm/res/digital-twins/digital-twins-instance/{endpoint--event-grid => endpoint}/README.md (51%) create mode 100644 avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep create mode 100644 avm/res/digital-twins/digital-twins-instance/endpoint/main.json create mode 100644 avm/res/digital-twins/digital-twins-instance/tests/e2e/waf-aligned/dependencies.bicep diff --git a/avm/res/digital-twins/digital-twins-instance/README.md b/avm/res/digital-twins/digital-twins-instance/README.md index ac4beeb9a4..5a67a66605 100644 --- a/avm/res/digital-twins/digital-twins-instance/README.md +++ b/avm/res/digital-twins/digital-twins-instance/README.md @@ -20,8 +20,8 @@ This module deploys an Azure Digital Twins Instance. | `Microsoft.DigitalTwins/digitalTwinsInstances` | [2023-01-31](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DigitalTwins/2023-01-31/digitalTwinsInstances) | | `Microsoft.DigitalTwins/digitalTwinsInstances/endpoints` | [2023-01-31](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DigitalTwins/2023-01-31/digitalTwinsInstances/endpoints) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | -| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | +| `Microsoft.Network/privateEndpoints` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-11-01/privateEndpoints) | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-11-01/privateEndpoints/privateDnsZoneGroups) | ## Usage examples @@ -119,19 +119,76 @@ module digitalTwinsInstance 'br/public:avm/res/digital-twins/digital-twins-insta workspaceResourceId: '' } ] - eventGridEndpoints: [ + endpoints: [ { - eventGridDomainId: '' - topicEndpoint: '' + name: 'EventGridPrimary' + properties: { + endpointType: 'EventGrid' + eventGridTopicResourceId: '' + } + } + { + name: 'IdentityBasedEndpoint' + properties: { + authentication: { + eventHubResourceId: '' + type: 'IdentityBased' + } + endpointType: 'EventHub' + managedIdentities: { + userAssignedResourceIds: [ + '' + ] + } + } + } + { + name: 'KeyBasedEndpoint' + properties: { + authentication: { + eventHubAuthorizationRuleName: '' + eventHubResourceId: '' + type: 'KeyBased' + } + endpointType: 'EventHub' + managedIdentities: { + userAssignedResourceIds: [ + '' + ] + } + } } - ] - eventHubEndpoints: [ { - authenticationType: 'IdentityBased' - endpointUri: '' - entityPath: '' - managedIdentities: { - userAssignedResourceId: '' + name: 'IdentityBasedServiceBusPrimaryEndpoint' + properties: { + authentication: { + serviceBusNamespaceTopicResourceId: '' + type: 'IdentityBased' + } + endpointType: 'ServiceBus' + } + } + { + name: 'IdentityBasedServiceBusSecondaryEndpoint' + properties: { + authentication: { + serviceBusNamespaceTopicResourceId: '' + type: 'IdentityBased' + } + endpointType: 'ServiceBus' + managedIdentities: { + systemAssigned: true + } + } + } + { + name: 'KeyBasedServiceBusEndpoint' + properties: { + authentication: { + serviceBusNamespaceAuthorizationRuleResourceId: '' + type: 'KeyBased' + } + endpointType: 'ServiceBus' } } ] @@ -148,9 +205,13 @@ module digitalTwinsInstance 'br/public:avm/res/digital-twins/digital-twins-insta } privateEndpoints: [ { - privateDnsZoneResourceIds: [ - '' - ] + privateDnsZoneGroup: { + privateDnsZoneGroupConfigs: [ + { + privateDnsZoneResourceId: '' + } + ] + } subnetResourceId: '' } ] @@ -171,26 +232,6 @@ module digitalTwinsInstance 'br/public:avm/res/digital-twins/digital-twins-insta roleDefinitionIdOrName: '' } ] - serviceBusEndpoints: [ - { - authenticationType: 'IdentityBased' - endpointUri: '' - entityPath: '' - managedIdentities: { - userAssignedResourceId: '' - } - name: 'ServiceBusPrimary' - } - { - authenticationType: 'IdentityBased' - endpointUri: '' - entityPath: '' - managedIdentities: { - systemAssigned: true - } - name: 'ServiceBusSeconday' - } - ] tags: { Environment: 'Non-Prod' 'hidden-title': 'This is visible in the resource name' @@ -233,22 +274,77 @@ module digitalTwinsInstance 'br/public:avm/res/digital-twins/digital-twins-insta } ] }, - "eventGridEndpoints": { + "endpoints": { "value": [ { - "eventGridDomainId": "", - "topicEndpoint": "" - } - ] - }, - "eventHubEndpoints": { - "value": [ + "name": "EventGridPrimary", + "properties": { + "endpointType": "EventGrid", + "eventGridTopicResourceId": "" + } + }, + { + "name": "IdentityBasedEndpoint", + "properties": { + "authentication": { + "eventHubResourceId": "", + "type": "IdentityBased" + }, + "endpointType": "EventHub", + "managedIdentities": { + "userAssignedResourceIds": [ + "" + ] + } + } + }, + { + "name": "KeyBasedEndpoint", + "properties": { + "authentication": { + "eventHubAuthorizationRuleName": "", + "eventHubResourceId": "", + "type": "KeyBased" + }, + "endpointType": "EventHub", + "managedIdentities": { + "userAssignedResourceIds": [ + "" + ] + } + } + }, { - "authenticationType": "IdentityBased", - "endpointUri": "", - "entityPath": "", - "managedIdentities": { - "userAssignedResourceId": "" + "name": "IdentityBasedServiceBusPrimaryEndpoint", + "properties": { + "authentication": { + "serviceBusNamespaceTopicResourceId": "", + "type": "IdentityBased" + }, + "endpointType": "ServiceBus" + } + }, + { + "name": "IdentityBasedServiceBusSecondaryEndpoint", + "properties": { + "authentication": { + "serviceBusNamespaceTopicResourceId": "", + "type": "IdentityBased" + }, + "endpointType": "ServiceBus", + "managedIdentities": { + "systemAssigned": true + } + } + }, + { + "name": "KeyBasedServiceBusEndpoint", + "properties": { + "authentication": { + "serviceBusNamespaceAuthorizationRuleResourceId": "", + "type": "KeyBased" + }, + "endpointType": "ServiceBus" } } ] @@ -273,9 +369,13 @@ module digitalTwinsInstance 'br/public:avm/res/digital-twins/digital-twins-insta "privateEndpoints": { "value": [ { - "privateDnsZoneResourceIds": [ - "" - ], + "privateDnsZoneGroup": { + "privateDnsZoneGroupConfigs": [ + { + "privateDnsZoneResourceId": "" + } + ] + }, "subnetResourceId": "" } ] @@ -299,28 +399,6 @@ module digitalTwinsInstance 'br/public:avm/res/digital-twins/digital-twins-insta } ] }, - "serviceBusEndpoints": { - "value": [ - { - "authenticationType": "IdentityBased", - "endpointUri": "", - "entityPath": "", - "managedIdentities": { - "userAssignedResourceId": "" - }, - "name": "ServiceBusPrimary" - }, - { - "authenticationType": "IdentityBased", - "endpointUri": "", - "entityPath": "", - "managedIdentities": { - "systemAssigned": true - }, - "name": "ServiceBusSeconday" - } - ] - }, "tags": { "value": { "Environment": "Non-Prod", @@ -359,19 +437,76 @@ param diagnosticSettings = [ workspaceResourceId: '' } ] -param eventGridEndpoints = [ +param endpoints = [ { - eventGridDomainId: '' - topicEndpoint: '' + name: 'EventGridPrimary' + properties: { + endpointType: 'EventGrid' + eventGridTopicResourceId: '' + } } -] -param eventHubEndpoints = [ { - authenticationType: 'IdentityBased' - endpointUri: '' - entityPath: '' - managedIdentities: { - userAssignedResourceId: '' + name: 'IdentityBasedEndpoint' + properties: { + authentication: { + eventHubResourceId: '' + type: 'IdentityBased' + } + endpointType: 'EventHub' + managedIdentities: { + userAssignedResourceIds: [ + '' + ] + } + } + } + { + name: 'KeyBasedEndpoint' + properties: { + authentication: { + eventHubAuthorizationRuleName: '' + eventHubResourceId: '' + type: 'KeyBased' + } + endpointType: 'EventHub' + managedIdentities: { + userAssignedResourceIds: [ + '' + ] + } + } + } + { + name: 'IdentityBasedServiceBusPrimaryEndpoint' + properties: { + authentication: { + serviceBusNamespaceTopicResourceId: '' + type: 'IdentityBased' + } + endpointType: 'ServiceBus' + } + } + { + name: 'IdentityBasedServiceBusSecondaryEndpoint' + properties: { + authentication: { + serviceBusNamespaceTopicResourceId: '' + type: 'IdentityBased' + } + endpointType: 'ServiceBus' + managedIdentities: { + systemAssigned: true + } + } + } + { + name: 'KeyBasedServiceBusEndpoint' + properties: { + authentication: { + serviceBusNamespaceAuthorizationRuleResourceId: '' + type: 'KeyBased' + } + endpointType: 'ServiceBus' } } ] @@ -388,9 +523,13 @@ param managedIdentities = { } param privateEndpoints = [ { - privateDnsZoneResourceIds: [ - '' - ] + privateDnsZoneGroup: { + privateDnsZoneGroupConfigs: [ + { + privateDnsZoneResourceId: '' + } + ] + } subnetResourceId: '' } ] @@ -411,26 +550,6 @@ param roleAssignments = [ roleDefinitionIdOrName: '' } ] -param serviceBusEndpoints = [ - { - authenticationType: 'IdentityBased' - endpointUri: '' - entityPath: '' - managedIdentities: { - userAssignedResourceId: '' - } - name: 'ServiceBusPrimary' - } - { - authenticationType: 'IdentityBased' - endpointUri: '' - entityPath: '' - managedIdentities: { - systemAssigned: true - } - name: 'ServiceBusSeconday' - } -] param tags = { Environment: 'Non-Prod' 'hidden-title': 'This is visible in the resource name' @@ -457,18 +576,25 @@ module digitalTwinsInstance 'br/public:avm/res/digital-twins/digital-twins-insta // Required parameters name: 'dtdpep001' // Non-required parameters - location: '' privateEndpoints: [ { - privateDnsZoneResourceIds: [ - '' - ] + privateDnsZoneGroup: { + privateDnsZoneGroupConfigs: [ + { + privateDnsZoneResourceId: '' + } + ] + } subnetResourceId: '' } { - privateDnsZoneResourceIds: [ - '' - ] + privateDnsZoneGroup: { + privateDnsZoneGroupConfigs: [ + { + privateDnsZoneResourceId: '' + } + ] + } subnetResourceId: '' } ] @@ -493,21 +619,26 @@ module digitalTwinsInstance 'br/public:avm/res/digital-twins/digital-twins-insta "value": "dtdpep001" }, // Non-required parameters - "location": { - "value": "" - }, "privateEndpoints": { "value": [ { - "privateDnsZoneResourceIds": [ - "" - ], + "privateDnsZoneGroup": { + "privateDnsZoneGroupConfigs": [ + { + "privateDnsZoneResourceId": "" + } + ] + }, "subnetResourceId": "" }, { - "privateDnsZoneResourceIds": [ - "" - ], + "privateDnsZoneGroup": { + "privateDnsZoneGroupConfigs": [ + { + "privateDnsZoneResourceId": "" + } + ] + }, "subnetResourceId": "" } ] @@ -529,18 +660,25 @@ using 'br/public:avm/res/digital-twins/digital-twins-instance:' // Required parameters param name = 'dtdpep001' // Non-required parameters -param location = '' param privateEndpoints = [ { - privateDnsZoneResourceIds: [ - '' - ] + privateDnsZoneGroup: { + privateDnsZoneGroupConfigs: [ + { + privateDnsZoneResourceId: '' + } + ] + } subnetResourceId: '' } { - privateDnsZoneResourceIds: [ - '' - ] + privateDnsZoneGroup: { + privateDnsZoneGroupConfigs: [ + { + privateDnsZoneResourceId: '' + } + ] + } subnetResourceId: '' } ] @@ -573,7 +711,28 @@ module digitalTwinsInstance 'br/public:avm/res/digital-twins/digital-twins-insta workspaceResourceId: '' } ] - location: '' + privateEndpoints: [ + { + privateDnsZoneGroup: { + privateDnsZoneGroupConfigs: [ + { + privateDnsZoneResourceId: '' + } + ] + } + subnetResourceId: '' + } + { + privateDnsZoneGroup: { + privateDnsZoneGroupConfigs: [ + { + privateDnsZoneResourceId: '' + } + ] + } + subnetResourceId: '' + } + ] tags: { Environment: 'Non-Prod' 'hidden-title': 'This is visible in the resource name' @@ -610,8 +769,29 @@ module digitalTwinsInstance 'br/public:avm/res/digital-twins/digital-twins-insta } ] }, - "location": { - "value": "" + "privateEndpoints": { + "value": [ + { + "privateDnsZoneGroup": { + "privateDnsZoneGroupConfigs": [ + { + "privateDnsZoneResourceId": "" + } + ] + }, + "subnetResourceId": "" + }, + { + "privateDnsZoneGroup": { + "privateDnsZoneGroupConfigs": [ + { + "privateDnsZoneResourceId": "" + } + ] + }, + "subnetResourceId": "" + } + ] }, "tags": { "value": { @@ -645,7 +825,28 @@ param diagnosticSettings = [ workspaceResourceId: '' } ] -param location = '' +param privateEndpoints = [ + { + privateDnsZoneGroup: { + privateDnsZoneGroupConfigs: [ + { + privateDnsZoneResourceId: '' + } + ] + } + subnetResourceId: '' + } + { + privateDnsZoneGroup: { + privateDnsZoneGroupConfigs: [ + { + privateDnsZoneResourceId: '' + } + ] + } + subnetResourceId: '' + } +] param tags = { Environment: 'Non-Prod' 'hidden-title': 'This is visible in the resource name' @@ -670,15 +871,13 @@ param tags = { | :-- | :-- | :-- | | [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. | | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | -| [`eventGridEndpoints`](#parameter-eventgridendpoints) | array | Event Grid Endpoint. | -| [`eventHubEndpoints`](#parameter-eventhubendpoints) | array | Event Hub Endpoint. | +| [`endpoints`](#parameter-endpoints) | array | The endpoints of the service. | | [`location`](#parameter-location) | string | Location for all resources. | | [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| [`serviceBusEndpoints`](#parameter-servicebusendpoints) | array | Service Bus Endpoint. | | [`tags`](#parameter-tags) | object | Resource tags. | ### Parameter: `name` @@ -705,7 +904,7 @@ The diagnostic settings of the service. | [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to `[]` to disable log collection. | | [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | | [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of metrics that will be streamed. "allMetrics" includes all possible metrics for the resource. Set to `[]` to disable metric collection. | -| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting. | | [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | | [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | @@ -815,7 +1014,7 @@ Enable or disable the category explicitly. Default is `true`. ### Parameter: `diagnosticSettings.name` -The name of diagnostic setting. +The name of the diagnostic setting. - Required: No - Type: string @@ -842,19 +1041,38 @@ Enable/Disable usage telemetry for module. - Type: bool - Default: `True` -### Parameter: `eventGridEndpoints` +### Parameter: `endpoints` -Event Grid Endpoint. +The endpoints of the service. - Required: No - Type: array -### Parameter: `eventHubEndpoints` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`properties`](#parameter-endpointsproperties) | object | The properties of the endpoint. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-endpointsname) | string | The name of the Digital Twin Endpoint. | -Event Hub Endpoint. +### Parameter: `endpoints.properties` + +The properties of the endpoint. + +- Required: Yes +- Type: object + +### Parameter: `endpoints.name` + +The name of the Digital Twin Endpoint. - Required: No -- Type: array +- Type: string ### Parameter: `location` @@ -912,7 +1130,7 @@ The managed identity definition for this resource. | Parameter | Type | Description | | :-- | :-- | :-- | | [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. | ### Parameter: `managedIdentities.systemAssigned` @@ -923,7 +1141,7 @@ Enables system assigned managed identity on the resource. ### Parameter: `managedIdentities.userAssignedResourceIds` -The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. - Required: No - Type: array @@ -945,23 +1163,22 @@ Configuration details for private endpoints. For security reasons, it is recomme | Parameter | Type | Description | | :-- | :-- | :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the Private Endpoint IP configuration is included. | | [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the Private Endpoint. | | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the Private Endpoint. This will be used to map to the first-party Service endpoints. | | [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. | -| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the Private Endpoint to. | | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | | [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | -| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`name`](#parameter-privateendpointsname) | string | The name of the Private Endpoint. | +| [`privateDnsZoneGroup`](#parameter-privateendpointsprivatednszonegroup) | object | The private DNS Zone Group to configure for the Private Endpoint. | | [`privateLinkServiceConnectionName`](#parameter-privateendpointsprivatelinkserviceconnectionname) | string | The name of the private link connection to create. | -| [`resourceGroupName`](#parameter-privateendpointsresourcegroupname) | string | Specify if you want to deploy the Privte Endpoint into a different resource group than the main resource. | +| [`resourceGroupName`](#parameter-privateendpointsresourcegroupname) | string | Specify if you want to deploy the Private Endpoint into a different Resource Group than the main resource. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". | -| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | +| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the Private Endpoint for. For example "vault" for a Key Vault Private Endpoint. | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/Resource Groups in this deployment. | ### Parameter: `privateEndpoints.subnetResourceId` @@ -972,7 +1189,7 @@ Resource ID of the subnet where the endpoint needs to be created. ### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Application security groups in which the private endpoint IP configuration is included. +Application security groups in which the Private Endpoint IP configuration is included. - Required: No - Type: array @@ -1012,7 +1229,7 @@ FQDN that resolves to private endpoint IP address. ### Parameter: `privateEndpoints.customNetworkInterfaceName` -The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the Private Endpoint. - Required: No - Type: string @@ -1026,7 +1243,7 @@ Enable/Disable usage telemetry for module. ### Parameter: `privateEndpoints.ipConfigurations` -A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the Private Endpoint. This will be used to map to the first-party Service endpoints. - Required: No - Type: array @@ -1090,7 +1307,7 @@ If Manual Private Link Connection is required. ### Parameter: `privateEndpoints.location` -The location to deploy the private endpoint to. +The location to deploy the Private Endpoint to. - Required: No - Type: string @@ -1140,24 +1357,69 @@ A message passed to the owner of the remote resource with the manual connection ### Parameter: `privateEndpoints.name` -The name of the private endpoint. +The name of the Private Endpoint. - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.privateDnsZoneGroup` -The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. +The private DNS Zone Group to configure for the Private Endpoint. - Required: No +- Type: object + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`privateDnsZoneGroupConfigs`](#parameter-privateendpointsprivatednszonegroupprivatednszonegroupconfigs) | array | The private DNS Zone Groups to associate the Private Endpoint. A DNS Zone Group can support up to 5 DNS zones. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the Private DNS Zone Group. | + +### Parameter: `privateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs` + +The private DNS Zone Groups to associate the Private Endpoint. A DNS Zone Group can support up to 5 DNS zones. + +- Required: Yes +- Type: array + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`privateDnsZoneResourceId`](#parameter-privateendpointsprivatednszonegroupprivatednszonegroupconfigsprivatednszoneresourceid) | string | The resource id of the private DNS zone. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-privateendpointsprivatednszonegroupprivatednszonegroupconfigsname) | string | The name of the private DNS Zone Group config. | + +### Parameter: `privateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs.privateDnsZoneResourceId` + +The resource id of the private DNS zone. + +- Required: Yes - Type: string -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs.name` -The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The name of the private DNS Zone Group config. - Required: No -- Type: array +- Type: string + +### Parameter: `privateEndpoints.privateDnsZoneGroup.name` + +The name of the Private DNS Zone Group. + +- Required: No +- Type: string ### Parameter: `privateEndpoints.privateLinkServiceConnectionName` @@ -1168,7 +1430,7 @@ The name of the private link connection to create. ### Parameter: `privateEndpoints.resourceGroupName` -Specify if you want to deploy the Privte Endpoint into a different resource group than the main resource. +Specify if you want to deploy the Private Endpoint into a different Resource Group than the main resource. - Required: No - Type: string @@ -1189,7 +1451,7 @@ Array of role assignments to create. - `'Owner'` - `'Private DNS Zone Contributor'` - `'Reader'` - - `'Role Based Access Control Administrator (Preview)'` + - `'Role Based Access Control Administrator'` **Required parameters** @@ -1206,6 +1468,7 @@ Array of role assignments to create. | [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | | [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | | [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`name`](#parameter-privateendpointsroleassignmentsname) | string | The name (as GUID) of the role assignment. If not provided, a GUID will be generated. | | [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | ### Parameter: `privateEndpoints.roleAssignments.principalId` @@ -1256,6 +1519,13 @@ The description of the role assignment. - Required: No - Type: string +### Parameter: `privateEndpoints.roleAssignments.name` + +The name (as GUID) of the role assignment. If not provided, a GUID will be generated. + +- Required: No +- Type: string + ### Parameter: `privateEndpoints.roleAssignments.principalType` The principal type of the assigned principal ID. @@ -1275,14 +1545,14 @@ The principal type of the assigned principal ID. ### Parameter: `privateEndpoints.service` -The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". +The subresource to deploy the Private Endpoint for. For example "vault" for a Key Vault Private Endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/Resource Groups in this deployment. - Required: No - Type: object @@ -1333,6 +1603,7 @@ Array of role assignment objects that contain the 'roleDefinitionIdOrName' and ' | [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | | [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | | [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`name`](#parameter-roleassignmentsname) | string | The name (as GUID) of the role assignment. If not provided, a GUID will be generated. | | [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | ### Parameter: `roleAssignments.principalId` @@ -1383,6 +1654,13 @@ The description of the role assignment. - Required: No - Type: string +### Parameter: `roleAssignments.name` + +The name (as GUID) of the role assignment. If not provided, a GUID will be generated. + +- Required: No +- Type: string + ### Parameter: `roleAssignments.principalType` The principal type of the assigned principal ID. @@ -1400,13 +1678,6 @@ The principal type of the assigned principal ID. ] ``` -### Parameter: `serviceBusEndpoints` - -Service Bus Endpoint. - -- Required: No -- Type: array - ### Parameter: `tags` Resource tags. @@ -1421,6 +1692,7 @@ Resource tags. | `hostname` | string | The hostname of the Digital Twins Instance. | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the Digital Twins Instance. | +| `privateEndpoints` | array | The private endpoints of the key vault. | | `resourceGroupName` | string | The name of the resource group the resource was created in. | | `resourceId` | string | The resource ID of the Digital Twins Instance. | | `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. | @@ -1431,7 +1703,8 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.4.1` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.9.0` | Remote reference | +| `br/public:avm/utl/types/avm-common-types:0.4.1` | Remote reference | ## Data Collection diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint--event-grid/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint--event-grid/main.bicep deleted file mode 100644 index 5b975da92c..0000000000 --- a/avm/res/digital-twins/digital-twins-instance/endpoint--event-grid/main.bicep +++ /dev/null @@ -1,49 +0,0 @@ -metadata name = 'Digital Twins Instance Event Grid Endpoints' -metadata description = 'This module deploys a Digital Twins Instance Event Grid Endpoint.' -metadata owner = 'Azure/module-maintainers' - -@description('Optional. The name of the Digital Twin Endpoint.') -param name string = 'EventGridEndpoint' - -@description('Conditional. The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment.') -param digitalTwinInstanceName string - -@description('Required. EventGrid Topic Endpoint.') -param topicEndpoint string - -@description('Required. The resource ID of the Event Grid to get access keys from.') -param eventGridDomainResourceId string - -@description('Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read.') -@secure() -param deadLetterSecret string = '' - -@description('Optional. Dead letter storage URL for identity-based authentication.') -param deadLetterUri string = '' - -resource digitalTwinsInstance 'Microsoft.DigitalTwins/digitalTwinsInstances@2023-01-31' existing = { - name: digitalTwinInstanceName -} - -resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-01-31' = { - name: name - parent: digitalTwinsInstance - properties: { - endpointType: 'EventGrid' - authenticationType: 'KeyBased' - TopicEndpoint: topicEndpoint - accessKey1: listkeys(eventGridDomainResourceId, '2022-06-15').key1 - accessKey2: listkeys(eventGridDomainResourceId, '2022-06-15').key2 - deadLetterSecret: deadLetterSecret - deadLetterUri: deadLetterUri - } -} - -@description('The resource ID of the Endpoint.') -output resourceId string = endpoint.id - -@description('The name of the resource group the resource was created in.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the Endpoint.') -output name string = endpoint.name diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint--event-grid/main.json b/avm/res/digital-twins/digital-twins-instance/endpoint--event-grid/main.json deleted file mode 100644 index 3cc9c4dc57..0000000000 --- a/avm/res/digital-twins/digital-twins-instance/endpoint--event-grid/main.json +++ /dev/null @@ -1,94 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "14357918051528584394" - }, - "name": "Digital Twins Instance Event Grid Endpoints", - "description": "This module deploys a Digital Twins Instance Event Grid Endpoint.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "name": { - "type": "string", - "defaultValue": "EventGridEndpoint", - "metadata": { - "description": "Optional. The name of the Digital Twin Endpoint." - } - }, - "digitalTwinInstanceName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment." - } - }, - "topicEndpoint": { - "type": "string", - "metadata": { - "description": "Required. EventGrid Topic Endpoint." - } - }, - "eventGridDomainResourceId": { - "type": "string", - "metadata": { - "description": "Required. The resource ID of the Event Grid to get access keys from." - } - }, - "deadLetterSecret": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read." - } - }, - "deadLetterUri": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Dead letter storage URL for identity-based authentication." - } - } - }, - "resources": [ - { - "type": "Microsoft.DigitalTwins/digitalTwinsInstances/endpoints", - "apiVersion": "2023-01-31", - "name": "[format('{0}/{1}', parameters('digitalTwinInstanceName'), parameters('name'))]", - "properties": { - "endpointType": "EventGrid", - "authenticationType": "KeyBased", - "TopicEndpoint": "[parameters('topicEndpoint')]", - "accessKey1": "[listkeys(parameters('eventGridDomainResourceId'), '2022-06-15').key1]", - "accessKey2": "[listkeys(parameters('eventGridDomainResourceId'), '2022-06-15').key2]", - "deadLetterSecret": "[parameters('deadLetterSecret')]", - "deadLetterUri": "[parameters('deadLetterUri')]" - } - } - ], - "outputs": { - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the Endpoint." - }, - "value": "[resourceId('Microsoft.DigitalTwins/digitalTwinsInstances/endpoints', parameters('digitalTwinInstanceName'), parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The name of the resource group the resource was created in." - }, - "value": "[resourceGroup().name]" - }, - "name": { - "type": "string", - "metadata": { - "description": "The name of the Endpoint." - }, - "value": "[parameters('name')]" - } - } -} \ No newline at end of file diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint--event-hub/README.md b/avm/res/digital-twins/digital-twins-instance/endpoint--event-hub/README.md deleted file mode 100644 index 991679f17e..0000000000 --- a/avm/res/digital-twins/digital-twins-instance/endpoint--event-hub/README.md +++ /dev/null @@ -1,152 +0,0 @@ -# Digital Twins Instance EventHub Endpoint `[Microsoft.DigitalTwins/digitalTwinsInstances/endpoints]` - -This module deploys a Digital Twins Instance EventHub Endpoint. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.DigitalTwins/digitalTwinsInstances/endpoints` | [2023-01-31](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DigitalTwins/2023-01-31/digitalTwinsInstances/endpoints) | - -## Parameters - -**Conditional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`connectionStringPrimaryKey`](#parameter-connectionstringprimarykey) | securestring | PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased". | -| [`digitalTwinInstanceName`](#parameter-digitaltwininstancename) | string | The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. | - -**Optional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`authenticationType`](#parameter-authenticationtype) | string | Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified. | -| [`connectionStringSecondaryKey`](#parameter-connectionstringsecondarykey) | securestring | SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased". | -| [`deadLetterSecret`](#parameter-deadlettersecret) | securestring | Dead letter storage secret for key-based authentication. Will be obfuscated during read. | -| [`deadLetterUri`](#parameter-deadletteruri) | string | Dead letter storage URL for identity-based authentication. | -| [`endpointUri`](#parameter-endpointuri) | string | The URL of the EventHub namespace for identity-based authentication. It must include the protocol 'sb://' (i.e. sb://xyz.servicebus.windows.net). | -| [`entityPath`](#parameter-entitypath) | string | The EventHub name in the EventHub namespace for identity-based authentication. | -| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both. | -| [`name`](#parameter-name) | string | The name of the Digital Twin Endpoint. | - -### Parameter: `connectionStringPrimaryKey` - -PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased". - -- Required: No -- Type: securestring -- Default: `''` - -### Parameter: `digitalTwinInstanceName` - -The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. - -- Required: Yes -- Type: string - -### Parameter: `authenticationType` - -Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified. - -- Required: No -- Type: string -- Default: `'IdentityBased'` -- Allowed: - ```Bicep - [ - 'IdentityBased' - 'KeyBased' - ] - ``` - -### Parameter: `connectionStringSecondaryKey` - -SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased". - -- Required: No -- Type: securestring -- Default: `''` - -### Parameter: `deadLetterSecret` - -Dead letter storage secret for key-based authentication. Will be obfuscated during read. - -- Required: No -- Type: securestring -- Default: `''` - -### Parameter: `deadLetterUri` - -Dead letter storage URL for identity-based authentication. - -- Required: No -- Type: string -- Default: `''` - -### Parameter: `endpointUri` - -The URL of the EventHub namespace for identity-based authentication. It must include the protocol 'sb://' (i.e. sb://xyz.servicebus.windows.net). - -- Required: No -- Type: string -- Default: `''` - -### Parameter: `entityPath` - -The EventHub name in the EventHub namespace for identity-based authentication. - -- Required: No -- Type: string -- Default: `''` - -### Parameter: `managedIdentities` - -The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both. - -- Required: No -- Type: object - -**Optional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | -| [`userAssignedResourceId`](#parameter-managedidentitiesuserassignedresourceid) | string | The resource ID(s) to assign to the resource. | - -### Parameter: `managedIdentities.systemAssigned` - -Enables system assigned managed identity on the resource. - -- Required: No -- Type: bool - -### Parameter: `managedIdentities.userAssignedResourceId` - -The resource ID(s) to assign to the resource. - -- Required: No -- Type: string - -### Parameter: `name` - -The name of the Digital Twin Endpoint. - -- Required: No -- Type: string -- Default: `'EventHubEndpoint'` - -## Outputs - -| Output | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Endpoint. | -| `resourceGroupName` | string | The name of the resource group the resource was created in. | -| `resourceId` | string | The resource ID of the Endpoint. | -| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. Note: As of 2024-03 is not exported by API. | diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint--event-hub/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint--event-hub/main.bicep deleted file mode 100644 index dedec8cd2a..0000000000 --- a/avm/res/digital-twins/digital-twins-instance/endpoint--event-hub/main.bicep +++ /dev/null @@ -1,94 +0,0 @@ -metadata name = 'Digital Twins Instance EventHub Endpoint' -metadata description = 'This module deploys a Digital Twins Instance EventHub Endpoint.' -metadata owner = 'Azure/module-maintainers' - -@description('Optional. The name of the Digital Twin Endpoint.') -param name string = 'EventHubEndpoint' - -@description('Conditional. The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment.') -param digitalTwinInstanceName string - -@allowed([ - 'IdentityBased' - 'KeyBased' -]) -@description('Optional. Specifies the authentication type being used for connecting to the endpoint. If \'KeyBased\' is selected, a connection string must be specified (at least the primary connection string). If \'IdentityBased\' is selected, the endpointUri and entityPath properties must be specified.') -param authenticationType string = 'IdentityBased' - -@description('Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read.') -@secure() -param deadLetterSecret string = '' - -@description('Optional. Dead letter storage URL for identity-based authentication.') -param deadLetterUri string = '' - -@description('Conditional. PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased".') -@secure() -param connectionStringPrimaryKey string = '' - -@description('Optional. SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased".') -@secure() -param connectionStringSecondaryKey string = '' - -@description('Optional. The EventHub name in the EventHub namespace for identity-based authentication.') -param entityPath string = '' - -@description('Optional. The URL of the EventHub namespace for identity-based authentication. It must include the protocol \'sb://\' (i.e. sb://xyz.servicebus.windows.net).') -param endpointUri string = '' - -@description('Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both.') -param managedIdentities managedIdentitiesType - -var identity = !empty(managedIdentities) - ? { - type: (managedIdentities.?systemAssigned ?? false) - ? 'SystemAssigned' - : (!empty(managedIdentities.?userAssignedResourceId ?? '') ? 'UserAssigned' : null) - userAssignedIdentity: managedIdentities.?userAssignedResourceId - } - : null - -resource digitalTwinsInstance 'Microsoft.DigitalTwins/digitalTwinsInstances@2023-01-31' existing = { - name: digitalTwinInstanceName -} - -resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-01-31' = { - name: name - parent: digitalTwinsInstance - properties: { - endpointType: 'EventHub' - authenticationType: authenticationType - connectionStringPrimaryKey: connectionStringPrimaryKey - connectionStringSecondaryKey: connectionStringSecondaryKey - deadLetterSecret: deadLetterSecret - deadLetterUri: deadLetterUri - endpointUri: endpointUri - entityPath: entityPath - identity: identity - } -} - -@description('The resource ID of the Endpoint.') -output resourceId string = endpoint.id - -@description('The name of the resource group the resource was created in.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the Endpoint.') -output name string = endpoint.name - -@description('The principal ID of the system assigned identity. Note: As of 2024-03 is not exported by API.') -#disable-next-line BCP187 -output systemAssignedMIPrincipalId string = endpoint.?identity.?principalId ?? '' - -// =============== // -// Definitions // -// =============== // - -type managedIdentitiesType = { - @description('Optional. Enables system assigned managed identity on the resource.') - systemAssigned: bool? - - @description('Optional. The resource ID(s) to assign to the resource.') - userAssignedResourceId: string? -}? diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint--event-hub/main.json b/avm/res/digital-twins/digital-twins-instance/endpoint--event-hub/main.json deleted file mode 100644 index 881940b38a..0000000000 --- a/avm/res/digital-twins/digital-twins-instance/endpoint--event-hub/main.json +++ /dev/null @@ -1,168 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "languageVersion": "2.0", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "13923156882372448729" - }, - "name": "Digital Twins Instance EventHub Endpoint", - "description": "This module deploys a Digital Twins Instance EventHub Endpoint.", - "owner": "Azure/module-maintainers" - }, - "definitions": { - "managedIdentitiesType": { - "type": "object", - "properties": { - "systemAssigned": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Enables system assigned managed identity on the resource." - } - }, - "userAssignedResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The resource ID(s) to assign to the resource." - } - } - }, - "nullable": true - } - }, - "parameters": { - "name": { - "type": "string", - "defaultValue": "EventHubEndpoint", - "metadata": { - "description": "Optional. The name of the Digital Twin Endpoint." - } - }, - "digitalTwinInstanceName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment." - } - }, - "authenticationType": { - "type": "string", - "defaultValue": "IdentityBased", - "allowedValues": [ - "IdentityBased", - "KeyBased" - ], - "metadata": { - "description": "Optional. Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified." - } - }, - "deadLetterSecret": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read." - } - }, - "deadLetterUri": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Dead letter storage URL for identity-based authentication." - } - }, - "connectionStringPrimaryKey": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "Conditional. PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is \"KeyBased\"." - } - }, - "connectionStringSecondaryKey": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "Optional. SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is \"KeyBased\"." - } - }, - "entityPath": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The EventHub name in the EventHub namespace for identity-based authentication." - } - }, - "endpointUri": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The URL of the EventHub namespace for identity-based authentication. It must include the protocol 'sb://' (i.e. sb://xyz.servicebus.windows.net)." - } - }, - "managedIdentities": { - "$ref": "#/definitions/managedIdentitiesType", - "metadata": { - "description": "Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both." - } - } - }, - "variables": { - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), 'SystemAssigned', if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceId'), ''))), 'UserAssigned', null())), 'userAssignedIdentity', tryGet(parameters('managedIdentities'), 'userAssignedResourceId')), null())]" - }, - "resources": { - "digitalTwinsInstance": { - "existing": true, - "type": "Microsoft.DigitalTwins/digitalTwinsInstances", - "apiVersion": "2023-01-31", - "name": "[parameters('digitalTwinInstanceName')]" - }, - "endpoint": { - "type": "Microsoft.DigitalTwins/digitalTwinsInstances/endpoints", - "apiVersion": "2023-01-31", - "name": "[format('{0}/{1}', parameters('digitalTwinInstanceName'), parameters('name'))]", - "properties": { - "endpointType": "EventHub", - "authenticationType": "[parameters('authenticationType')]", - "connectionStringPrimaryKey": "[parameters('connectionStringPrimaryKey')]", - "connectionStringSecondaryKey": "[parameters('connectionStringSecondaryKey')]", - "deadLetterSecret": "[parameters('deadLetterSecret')]", - "deadLetterUri": "[parameters('deadLetterUri')]", - "endpointUri": "[parameters('endpointUri')]", - "entityPath": "[parameters('entityPath')]", - "identity": "[variables('identity')]" - } - } - }, - "outputs": { - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the Endpoint." - }, - "value": "[resourceId('Microsoft.DigitalTwins/digitalTwinsInstances/endpoints', parameters('digitalTwinInstanceName'), parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The name of the resource group the resource was created in." - }, - "value": "[resourceGroup().name]" - }, - "name": { - "type": "string", - "metadata": { - "description": "The name of the Endpoint." - }, - "value": "[parameters('name')]" - }, - "systemAssignedMIPrincipalId": { - "type": "string", - "metadata": { - "description": "The principal ID of the system assigned identity. Note: As of 2024-03 is not exported by API." - }, - "value": "[coalesce(tryGet(tryGet(reference('endpoint', '2023-01-31', 'full'), 'identity'), 'principalId'), '')]" - } - } -} \ No newline at end of file diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint--service-bus/README.md b/avm/res/digital-twins/digital-twins-instance/endpoint--service-bus/README.md deleted file mode 100644 index 308a5bdb75..0000000000 --- a/avm/res/digital-twins/digital-twins-instance/endpoint--service-bus/README.md +++ /dev/null @@ -1,152 +0,0 @@ -# Digital Twins Instance ServiceBus Endpoint `[Microsoft.DigitalTwins/digitalTwinsInstances/endpoints]` - -This module deploys a Digital Twins Instance ServiceBus Endpoint. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.DigitalTwins/digitalTwinsInstances/endpoints` | [2023-01-31](https://learn.microsoft.com/en-us/azure/templates/Microsoft.DigitalTwins/2023-01-31/digitalTwinsInstances/endpoints) | - -## Parameters - -**Conditional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`digitalTwinInstanceName`](#parameter-digitaltwininstancename) | string | The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. | -| [`primaryConnectionString`](#parameter-primaryconnectionstring) | securestring | PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased". | - -**Optional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`authenticationType`](#parameter-authenticationtype) | string | Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified. | -| [`deadLetterSecret`](#parameter-deadlettersecret) | securestring | Dead letter storage secret for key-based authentication. Will be obfuscated during read. | -| [`deadLetterUri`](#parameter-deadletteruri) | string | Dead letter storage URL for identity-based authentication. | -| [`endpointUri`](#parameter-endpointuri) | string | The URL of the ServiceBus namespace for identity-based authentication. It must include the protocol 'sb://' (e.g. sb://xyz.servicebus.windows.net). | -| [`entityPath`](#parameter-entitypath) | string | The ServiceBus Topic name for identity-based authentication. | -| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both. | -| [`name`](#parameter-name) | string | The name of the Digital Twin Endpoint. | -| [`secondaryConnectionString`](#parameter-secondaryconnectionstring) | securestring | SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased". | - -### Parameter: `digitalTwinInstanceName` - -The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. - -- Required: Yes -- Type: string - -### Parameter: `primaryConnectionString` - -PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased". - -- Required: No -- Type: securestring -- Default: `''` - -### Parameter: `authenticationType` - -Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified. - -- Required: No -- Type: string -- Default: `'IdentityBased'` -- Allowed: - ```Bicep - [ - 'IdentityBased' - 'KeyBased' - ] - ``` - -### Parameter: `deadLetterSecret` - -Dead letter storage secret for key-based authentication. Will be obfuscated during read. - -- Required: No -- Type: securestring -- Default: `''` - -### Parameter: `deadLetterUri` - -Dead letter storage URL for identity-based authentication. - -- Required: No -- Type: string -- Default: `''` - -### Parameter: `endpointUri` - -The URL of the ServiceBus namespace for identity-based authentication. It must include the protocol 'sb://' (e.g. sb://xyz.servicebus.windows.net). - -- Required: No -- Type: string -- Default: `''` - -### Parameter: `entityPath` - -The ServiceBus Topic name for identity-based authentication. - -- Required: No -- Type: string -- Default: `''` - -### Parameter: `managedIdentities` - -The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both. - -- Required: No -- Type: object - -**Optional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | -| [`userAssignedResourceId`](#parameter-managedidentitiesuserassignedresourceid) | string | The resource ID(s) to assign to the resource. | - -### Parameter: `managedIdentities.systemAssigned` - -Enables system assigned managed identity on the resource. - -- Required: No -- Type: bool - -### Parameter: `managedIdentities.userAssignedResourceId` - -The resource ID(s) to assign to the resource. - -- Required: No -- Type: string - -### Parameter: `name` - -The name of the Digital Twin Endpoint. - -- Required: No -- Type: string -- Default: `'ServiceBusEndpoint'` - -### Parameter: `secondaryConnectionString` - -SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased". - -- Required: No -- Type: securestring -- Default: `''` - -## Outputs - -| Output | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Endpoint. | -| `resourceGroupName` | string | The name of the resource group the resource was created in. | -| `resourceId` | string | The resource ID of the Endpoint. | -| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. Note: As of 2024-03 is not exported by API. | diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint--service-bus/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint--service-bus/main.bicep deleted file mode 100644 index a28adf1ab5..0000000000 --- a/avm/res/digital-twins/digital-twins-instance/endpoint--service-bus/main.bicep +++ /dev/null @@ -1,94 +0,0 @@ -metadata name = 'Digital Twins Instance ServiceBus Endpoint' -metadata description = 'This module deploys a Digital Twins Instance ServiceBus Endpoint.' -metadata owner = 'Azure/module-maintainers' - -@description('Optional. The name of the Digital Twin Endpoint.') -param name string = 'ServiceBusEndpoint' - -@description('Conditional. The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment.') -param digitalTwinInstanceName string - -@allowed([ - 'IdentityBased' - 'KeyBased' -]) -@description('Optional. Specifies the authentication type being used for connecting to the endpoint. If \'KeyBased\' is selected, a connection string must be specified (at least the primary connection string). If \'IdentityBased\' is selected, the endpointUri and entityPath properties must be specified.') -param authenticationType string = 'IdentityBased' - -@description('Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read.') -@secure() -param deadLetterSecret string = '' - -@description('Optional. Dead letter storage URL for identity-based authentication.') -param deadLetterUri string = '' - -@description('Optional. The URL of the ServiceBus namespace for identity-based authentication. It must include the protocol \'sb://\' (e.g. sb://xyz.servicebus.windows.net).') -param endpointUri string = '' - -@description('Optional. The ServiceBus Topic name for identity-based authentication.') -param entityPath string = '' - -@description('Conditional. PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased".') -@secure() -param primaryConnectionString string = '' - -@description('Optional. SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased".') -@secure() -param secondaryConnectionString string = '' - -@description('Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both.') -param managedIdentities managedIdentitiesType - -var identity = !empty(managedIdentities) - ? { - type: (managedIdentities.?systemAssigned ?? false) - ? 'SystemAssigned' - : (!empty(managedIdentities.?userAssignedResourceId ?? '') ? 'UserAssigned' : null) - userAssignedIdentity: managedIdentities.?userAssignedResourceId - } - : null - -resource digitalTwinsInstance 'Microsoft.DigitalTwins/digitalTwinsInstances@2023-01-31' existing = { - name: digitalTwinInstanceName -} - -resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-01-31' = { - name: name - parent: digitalTwinsInstance - properties: { - endpointType: 'ServiceBus' - authenticationType: authenticationType - deadLetterSecret: deadLetterSecret - deadLetterUri: deadLetterUri - endpointUri: endpointUri - entityPath: entityPath - primaryConnectionString: primaryConnectionString - secondaryConnectionString: secondaryConnectionString - identity: identity - } -} - -@description('The resource ID of the Endpoint.') -output resourceId string = endpoint.id - -@description('The name of the resource group the resource was created in.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the Endpoint.') -output name string = endpoint.name - -@description('The principal ID of the system assigned identity. Note: As of 2024-03 is not exported by API.') -#disable-next-line BCP187 -output systemAssignedMIPrincipalId string = endpoint.?identity.?principalId ?? '' - -// =============== // -// Definitions // -// =============== // - -type managedIdentitiesType = { - @description('Optional. Enables system assigned managed identity on the resource.') - systemAssigned: bool? - - @description('Optional. The resource ID(s) to assign to the resource.') - userAssignedResourceId: string? -}? diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint--service-bus/main.json b/avm/res/digital-twins/digital-twins-instance/endpoint--service-bus/main.json deleted file mode 100644 index 6abe3328fe..0000000000 --- a/avm/res/digital-twins/digital-twins-instance/endpoint--service-bus/main.json +++ /dev/null @@ -1,168 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "languageVersion": "2.0", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "9917080858184002423" - }, - "name": "Digital Twins Instance ServiceBus Endpoint", - "description": "This module deploys a Digital Twins Instance ServiceBus Endpoint.", - "owner": "Azure/module-maintainers" - }, - "definitions": { - "managedIdentitiesType": { - "type": "object", - "properties": { - "systemAssigned": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Enables system assigned managed identity on the resource." - } - }, - "userAssignedResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The resource ID(s) to assign to the resource." - } - } - }, - "nullable": true - } - }, - "parameters": { - "name": { - "type": "string", - "defaultValue": "ServiceBusEndpoint", - "metadata": { - "description": "Optional. The name of the Digital Twin Endpoint." - } - }, - "digitalTwinInstanceName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment." - } - }, - "authenticationType": { - "type": "string", - "defaultValue": "IdentityBased", - "allowedValues": [ - "IdentityBased", - "KeyBased" - ], - "metadata": { - "description": "Optional. Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified." - } - }, - "deadLetterSecret": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read." - } - }, - "deadLetterUri": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Dead letter storage URL for identity-based authentication." - } - }, - "endpointUri": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The URL of the ServiceBus namespace for identity-based authentication. It must include the protocol 'sb://' (e.g. sb://xyz.servicebus.windows.net)." - } - }, - "entityPath": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The ServiceBus Topic name for identity-based authentication." - } - }, - "primaryConnectionString": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "Conditional. PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is \"KeyBased\"." - } - }, - "secondaryConnectionString": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "Optional. SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is \"KeyBased\"." - } - }, - "managedIdentities": { - "$ref": "#/definitions/managedIdentitiesType", - "metadata": { - "description": "Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both." - } - } - }, - "variables": { - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), 'SystemAssigned', if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceId'), ''))), 'UserAssigned', null())), 'userAssignedIdentity', tryGet(parameters('managedIdentities'), 'userAssignedResourceId')), null())]" - }, - "resources": { - "digitalTwinsInstance": { - "existing": true, - "type": "Microsoft.DigitalTwins/digitalTwinsInstances", - "apiVersion": "2023-01-31", - "name": "[parameters('digitalTwinInstanceName')]" - }, - "endpoint": { - "type": "Microsoft.DigitalTwins/digitalTwinsInstances/endpoints", - "apiVersion": "2023-01-31", - "name": "[format('{0}/{1}', parameters('digitalTwinInstanceName'), parameters('name'))]", - "properties": { - "endpointType": "ServiceBus", - "authenticationType": "[parameters('authenticationType')]", - "deadLetterSecret": "[parameters('deadLetterSecret')]", - "deadLetterUri": "[parameters('deadLetterUri')]", - "endpointUri": "[parameters('endpointUri')]", - "entityPath": "[parameters('entityPath')]", - "primaryConnectionString": "[parameters('primaryConnectionString')]", - "secondaryConnectionString": "[parameters('secondaryConnectionString')]", - "identity": "[variables('identity')]" - } - } - }, - "outputs": { - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the Endpoint." - }, - "value": "[resourceId('Microsoft.DigitalTwins/digitalTwinsInstances/endpoints', parameters('digitalTwinInstanceName'), parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The name of the resource group the resource was created in." - }, - "value": "[resourceGroup().name]" - }, - "name": { - "type": "string", - "metadata": { - "description": "The name of the Endpoint." - }, - "value": "[parameters('name')]" - }, - "systemAssignedMIPrincipalId": { - "type": "string", - "metadata": { - "description": "The principal ID of the system assigned identity. Note: As of 2024-03 is not exported by API." - }, - "value": "[coalesce(tryGet(tryGet(reference('endpoint', '2023-01-31', 'full'), 'identity'), 'principalId'), '')]" - } - } -} \ No newline at end of file diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint--event-grid/README.md b/avm/res/digital-twins/digital-twins-instance/endpoint/README.md similarity index 51% rename from avm/res/digital-twins/digital-twins-instance/endpoint--event-grid/README.md rename to avm/res/digital-twins/digital-twins-instance/endpoint/README.md index d4147f7508..85d8f9c1d2 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint--event-grid/README.md +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/README.md @@ -1,12 +1,13 @@ -# Digital Twins Instance Event Grid Endpoints `[Microsoft.DigitalTwins/digitalTwinsInstances/endpoints]` +# Digital Twins Instance Endpoint `[Microsoft.DigitalTwins/digitalTwinsInstances/endpoints]` -This module deploys a Digital Twins Instance Event Grid Endpoint. +This module deploys a Digital Twins Instance Endpoint. ## Navigation - [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) ## Resource Types @@ -20,8 +21,8 @@ This module deploys a Digital Twins Instance Event Grid Endpoint. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`eventGridDomainResourceId`](#parameter-eventgriddomainresourceid) | string | The resource ID of the Event Grid to get access keys from. | -| [`topicEndpoint`](#parameter-topicendpoint) | string | EventGrid Topic Endpoint. | +| [`name`](#parameter-name) | string | The name of the Digital Twin Endpoint. | +| [`properties`](#parameter-properties) | object | The properties of the endpoint. | **Conditional parameters** @@ -29,27 +30,19 @@ This module deploys a Digital Twins Instance Event Grid Endpoint. | :-- | :-- | :-- | | [`digitalTwinInstanceName`](#parameter-digitaltwininstancename) | string | The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. | -**Optional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`deadLetterSecret`](#parameter-deadlettersecret) | securestring | Dead letter storage secret for key-based authentication. Will be obfuscated during read. | -| [`deadLetterUri`](#parameter-deadletteruri) | string | Dead letter storage URL for identity-based authentication. | -| [`name`](#parameter-name) | string | The name of the Digital Twin Endpoint. | - -### Parameter: `eventGridDomainResourceId` +### Parameter: `name` -The resource ID of the Event Grid to get access keys from. +The name of the Digital Twin Endpoint. - Required: Yes - Type: string -### Parameter: `topicEndpoint` +### Parameter: `properties` -EventGrid Topic Endpoint. +The properties of the endpoint. - Required: Yes -- Type: string +- Type: object ### Parameter: `digitalTwinInstanceName` @@ -58,30 +51,6 @@ The name of the parent Digital Twin Instance resource. Required if the template - Required: Yes - Type: string -### Parameter: `deadLetterSecret` - -Dead letter storage secret for key-based authentication. Will be obfuscated during read. - -- Required: No -- Type: securestring -- Default: `''` - -### Parameter: `deadLetterUri` - -Dead letter storage URL for identity-based authentication. - -- Required: No -- Type: string -- Default: `''` - -### Parameter: `name` - -The name of the Digital Twin Endpoint. - -- Required: No -- Type: string -- Default: `'EventGridEndpoint'` - ## Outputs | Output | Type | Description | @@ -89,3 +58,11 @@ The name of the Digital Twin Endpoint. | `name` | string | The name of the Endpoint. | | `resourceGroupName` | string | The name of the resource group the resource was created in. | | `resourceId` | string | The resource ID of the Endpoint. | + +## Cross-referenced modules + +This section gives you an overview of all local-referenced module files (i.e., other modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `br/public:avm/utl/types/avm-common-types:0.4.1` | Remote reference | diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep new file mode 100644 index 0000000000..11a0a367a7 --- /dev/null +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -0,0 +1,250 @@ +metadata name = 'Digital Twins Instance Endpoint' +metadata description = 'This module deploys a Digital Twins Instance Endpoint.' + +@description('Required. The name of the Digital Twin Endpoint.') +param name string + +@description('Conditional. The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment.') +param digitalTwinInstanceName string + +@description('Required. The properties of the endpoint.') +param properties propertiesType + +var identity = !empty(properties.?managedIdentities) + ? { + type: (properties.?managedIdentities.?systemAssigned ?? false) + ? 'SystemAssigned' + : (!empty(properties.?managedIdentities.?userAssignedResourceId ?? '') ? 'UserAssigned' : null) + userAssignedIdentity: properties.?managedIdentities.?userAssignedResourceId + } + : null + +resource eventGridTopic 'Microsoft.EventGrid/topics@2022-06-15' existing = if (properties.endpointType == 'EventGrid') { + name: split(properties.?eventGridTopicResourceId, '/')[1] + scope: resourceGroup( + split((properties.?eventGridTopicResourceId ?? '//'), '/')[2], + split((properties.?eventGridTopicResourceId ?? '////'), '/')[4] + ) +} + +resource eventHubNamespace 'Microsoft.EventHub/namespaces@2024-01-01' existing = if (properties.endpointType == 'EventHub') { + name: split((properties.authentication.eventHubResourceId ?? '////'), '/')[8] + scope: resourceGroup( + split((properties.authentication.eventHubResourceId ?? '//'), '/')[2], + split((properties.authentication.eventHubResourceId ?? '////'), '/')[4] + ) + + resource eventHub 'eventhubs@2024-01-01' existing = if (properties.endpointType == 'EventHub') { + name: last(split((properties.authentication.eventHubResourceId ?? '////'), '/')) + + resource authorizationRule 'authorizationRules@2024-01-01' existing = if (!empty(properties.authentication.?eventHubAuthorizationRuleName)) { + name: properties.authentication.?eventHubAuthorizationRuleName + } + } +} + +resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces@2024-01-01' existing = if (properties.endpointType == 'ServiceBus') { + name: properties.authentication.type == 'IdentityBased' + ? split(properties.authentication.?serviceBusNamespaceTopicResourceId, '/')[8] + : split(properties.authentication.?serviceBusNamespaceAuthorizationRuleResourceId, '/')[8] + scope: properties.authentication.type == 'IdentityBased' + ? resourceGroup( + split((properties.authentication.?serviceBusNamespaceTopicResourceId ?? '//'), '/')[2], + split((properties.authentication.?serviceBusNamespaceTopicResourceId ?? '////'), '/')[4] + ) + : resourceGroup( + split((properties.authentication.?serviceBusNamespaceAuthorizationRuleResourceId ?? '//'), '/')[2], + split((properties.authentication.?serviceBusNamespaceAuthorizationRuleResourceId ?? '////'), '/')[4] + ) + + resource topic 'topics@2024-01-01' existing = if (!empty(properties.authentication.?serviceBusNamespaceTopicResourceId)) { + name: properties.authentication.?serviceBusNamespaceTopicResourceId + } + + resource authorizationRule 'AuthorizationRules@2024-01-01' existing = if (!empty(properties.authentication.?serviceBusNamespaceAuthorizationRuleResourceId)) { + name: properties.authentication.?serviceBusNamespaceAuthorizationRuleResourceId + } +} + +resource digitalTwinsInstance 'Microsoft.DigitalTwins/digitalTwinsInstances@2023-01-31' existing = { + name: digitalTwinInstanceName +} + +resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-01-31' = { + name: name + parent: digitalTwinsInstance + properties: { + endpointType: properties.endpointType + identity: identity + deadLetterSecret: properties.?deadLetterSecret + deadLetterUri: properties.?deadLetterUri + // Event Grid Event Hub + ...(properties.endpointType == 'EventGrid' + ? { + authenticationType: 'KeyBased' + TopicEndpoint: eventGridTopic.properties.endpoint + accessKey1: eventGridTopic.listkeys().key1 + accessKey2: eventGridTopic.listkeys().key2 + } + : {}) + + // EventHub Event Hub + ...(properties.endpointType == 'EventHub' + ? { + authenticationType: properties.authenticationType + ...(properties.authentication.type == 'IdentityBased' + ? { + endpointUri: 'sb://${eventHubNamespace.name}.servicebus.windows.net/' + entityPath: eventHubNamespace::eventHub.name + } + : { + connectionStringPrimaryKey: eventHubNamespace::eventHub::authorizationRule.listKeys().primaryConnectionString + connectionStringSecondaryKey: eventHubNamespace::eventHub::authorizationRule.listKeys().secondaryConnectionString + }) + } + : {}) + + // Service Bus Event Hub + ...(properties.endpointType == 'ServiceBus' + ? { + authenticationType: properties.authentication.type + ...(properties.authentication.type == 'IdentityBased' + ? { + endpointUri: 'sb://${serviceBusNamespace.name}.servicebus.windows.net/' + entityPath: serviceBusNamespace::topic.name + } + : { + primaryConnectionString: serviceBusNamespace::authorizationRule.listKeys().primaryConnectionString + secondaryConnectionString: serviceBusNamespace::authorizationRule.listKeys().secondaryConnectionString + }) + } + : {}) + } +} + +@description('The resource ID of the Endpoint.') +output resourceId string = endpoint.id + +@description('The name of the resource group the resource was created in.') +output resourceGroupName string = resourceGroup().name + +@description('The name of the Endpoint.') +output name string = endpoint.name + +// =============== // +// Definitions // +// =============== // + +import { managedIdentityAllType } from 'br/public:avm/utl/types/avm-common-types:0.4.1' + +@description('The type for the Digital Twin Endpoint.') +@discriminator('endpointType') +@export() +type propertiesType = eventGridPropertiesType | eventHubPropertiesType | serviceBusPropertiesType + +@export() +@description('The type for an event grid endpoint.') +type eventGridPropertiesType = { + @description('Required. The type of endpoint to create.') + endpointType: 'EventGrid' + + @description('Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read.') + @secure() + deadLetterSecret: string? + + @description('Optional. Dead letter storage URL for identity-based authentication.') + deadLetterUri: string? + + @description('Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both.') + managedIdentities: managedIdentityAllType? + + @description('Required. The resource ID of the Event Grid Topic to get access keys from.') + eventGridTopicResourceId: string +} + +@export() +@description('The type for an event hub endpoint.') +type eventHubPropertiesType = { + @description('Required. The type of endpoint to create.') + endpointType: 'EventHub' + + @description('Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read.') + @secure() + deadLetterSecret: string? + + @description('Optional. Dead letter storage URL for identity-based authentication.') + deadLetterUri: string? + + @description('Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both.') + managedIdentities: managedIdentityAllType? + + @description('Required. Specifies the authentication type being used for connecting to the endpoint.') + authentication: eventHubAuthorizationPropertiesType +} + +@discriminator('type') +@export() +type eventHubAuthorizationPropertiesType = + | eventHubIdentityBasedAuthenticationPropertiesType + | eventHubKeyBasedAuthenticationPropertiesType + +type eventHubIdentityBasedAuthenticationPropertiesType = { + @description('Required. Specifies the authentication type being used for connecting to the endpoint. If \'KeyBased\' is selected, a connection string must be specified (at least the primary connection string). If \'IdentityBased\' is select, the endpointUri and entityPath properties must be specified.') + type: 'IdentityBased' + + @description('Required. The resource ID of the Event Hub Namespace Event Hub.') + eventHubResourceId: string +} + +type eventHubKeyBasedAuthenticationPropertiesType = { + @description('Required. Specifies the authentication type being used for connecting to the endpoint. If \'KeyBased\' is selected, a connection string must be specified (at least the primary connection string). If \'IdentityBased\' is select, the endpointUri and entityPath properties must be specified.') + type: 'KeyBased' + + @description('Required. The resource ID of the Event Hub Namespace Event Hub.') + eventHubResourceId: string + + @description('Required. The name of the Event Hub Namespace Event Hub Authorization Rule.') + eventHubAuthorizationRuleName: string +} + +@export() +@description('The type for a service bus endpoint.') +type serviceBusPropertiesType = { + @description('Required. The type of endpoint to create.') + endpointType: 'ServiceBus' + + @description('Required. Specifies the authentication type being used for connecting to the endpoint.') + authentication: serviceBusNamespaceAuthorizationPropertiesType + + @description('Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read.') + @secure() + deadLetterSecret: string? + + @description('Optional. Dead letter storage URL for identity-based authentication.') + deadLetterUri: string? + + @description('Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both.') + managedIdentities: managedIdentityAllType? +} + +@discriminator('type') +@export() +type serviceBusNamespaceAuthorizationPropertiesType = + | serviceBusNamespaceIdentityBasedAuthenticationPropertiesType + | serviceBusNamespaceKeyBasedAuthenticationPropertiesType + +type serviceBusNamespaceIdentityBasedAuthenticationPropertiesType = { + @description('Required. Specifies the authentication type being used for connecting to the endpoint. If \'KeyBased\' is selected, a connection string must be specified (at least the primary connection string). If \'IdentityBased\' is select, the endpointUri and entityPath properties must be specified.') + type: 'IdentityBased' + + @description('Required. The ServiceBus Namespace Topic resource ID.') + serviceBusNamespaceTopicResourceId: string +} + +type serviceBusNamespaceKeyBasedAuthenticationPropertiesType = { + @description('Required. Specifies the authentication type being used for connecting to the endpoint. If \'KeyBased\' is selected, a connection string must be specified (at least the primary connection string). If \'IdentityBased\' is select, the endpointUri and entityPath properties must be specified.') + type: 'KeyBased' + + @description('Required. The ServiceBus Namespace Authorization Rule resource ID.') + serviceBusNamespaceAuthorizationRuleResourceId: string +} diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.json b/avm/res/digital-twins/digital-twins-instance/endpoint/main.json new file mode 100644 index 0000000000..6169c95b61 --- /dev/null +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.json @@ -0,0 +1,440 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.32.4.45862", + "templateHash": "325523584095849913" + }, + "name": "Digital Twins Instance Endpoint", + "description": "This module deploys a Digital Twins Instance Endpoint." + }, + "definitions": { + "propertiesType": { + "type": "object", + "discriminator": { + "propertyName": "endpointType", + "mapping": { + "EventGrid": { + "$ref": "#/definitions/eventGridPropertiesType" + }, + "EventHub": { + "$ref": "#/definitions/eventHubPropertiesType" + }, + "ServiceBus": { + "$ref": "#/definitions/serviceBusPropertiesType" + } + } + }, + "metadata": { + "__bicep_export!": true, + "description": "The type for the Digital Twin Endpoint." + } + }, + "eventGridPropertiesType": { + "type": "object", + "properties": { + "endpointType": { + "type": "string", + "allowedValues": [ + "EventGrid" + ], + "metadata": { + "description": "Required. The type of endpoint to create." + } + }, + "deadLetterSecret": { + "type": "securestring", + "nullable": true, + "metadata": { + "description": "Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read." + } + }, + "deadLetterUri": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Dead letter storage URL for identity-based authentication." + } + }, + "managedIdentities": { + "$ref": "#/definitions/managedIdentityAllType", + "nullable": true, + "metadata": { + "description": "Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both." + } + }, + "eventGridTopicResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the Event Grid Topic to get access keys from." + } + } + }, + "metadata": { + "__bicep_export!": true, + "description": "The type for an event grid endpoint." + } + }, + "eventHubPropertiesType": { + "type": "object", + "properties": { + "endpointType": { + "type": "string", + "allowedValues": [ + "EventHub" + ], + "metadata": { + "description": "Required. The type of endpoint to create." + } + }, + "deadLetterSecret": { + "type": "securestring", + "nullable": true, + "metadata": { + "description": "Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read." + } + }, + "deadLetterUri": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Dead letter storage URL for identity-based authentication." + } + }, + "managedIdentities": { + "$ref": "#/definitions/managedIdentityAllType", + "nullable": true, + "metadata": { + "description": "Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both." + } + }, + "authentication": { + "$ref": "#/definitions/eventHubAuthorizationPropertiesType", + "metadata": { + "description": "Required. Specifies the authentication type being used for connecting to the endpoint." + } + } + }, + "metadata": { + "__bicep_export!": true, + "description": "The type for an event hub endpoint." + } + }, + "eventHubAuthorizationPropertiesType": { + "type": "object", + "discriminator": { + "propertyName": "type", + "mapping": { + "IdentityBased": { + "$ref": "#/definitions/eventHubIdentityBasedAuthenticationPropertiesType" + }, + "KeyBased": { + "$ref": "#/definitions/eventHubKeyBasedAuthenticationPropertiesType" + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "eventHubIdentityBasedAuthenticationPropertiesType": { + "type": "object", + "properties": { + "type": { + "type": "string", + "allowedValues": [ + "IdentityBased" + ], + "metadata": { + "description": "Required. Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is select, the endpointUri and entityPath properties must be specified." + } + }, + "eventHubResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the Event Hub Namespace Event Hub." + } + } + } + }, + "eventHubKeyBasedAuthenticationPropertiesType": { + "type": "object", + "properties": { + "type": { + "type": "string", + "allowedValues": [ + "KeyBased" + ], + "metadata": { + "description": "Required. Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is select, the endpointUri and entityPath properties must be specified." + } + }, + "eventHubResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the Event Hub Namespace Event Hub." + } + }, + "eventHubAuthorizationRuleName": { + "type": "string", + "metadata": { + "description": "Required. The name of the Event Hub Namespace Event Hub Authorization Rule." + } + } + } + }, + "serviceBusPropertiesType": { + "type": "object", + "properties": { + "endpointType": { + "type": "string", + "allowedValues": [ + "ServiceBus" + ], + "metadata": { + "description": "Required. The type of endpoint to create." + } + }, + "authentication": { + "$ref": "#/definitions/serviceBusNamespaceAuthorizationPropertiesType", + "metadata": { + "description": "Required. Specifies the authentication type being used for connecting to the endpoint." + } + }, + "deadLetterSecret": { + "type": "securestring", + "nullable": true, + "metadata": { + "description": "Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read." + } + }, + "deadLetterUri": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Dead letter storage URL for identity-based authentication." + } + }, + "managedIdentities": { + "$ref": "#/definitions/managedIdentityAllType", + "nullable": true, + "metadata": { + "description": "Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both." + } + } + }, + "metadata": { + "__bicep_export!": true, + "description": "The type for a service bus endpoint." + } + }, + "serviceBusNamespaceAuthorizationPropertiesType": { + "type": "object", + "discriminator": { + "propertyName": "type", + "mapping": { + "IdentityBased": { + "$ref": "#/definitions/serviceBusNamespaceIdentityBasedAuthenticationPropertiesType" + }, + "KeyBased": { + "$ref": "#/definitions/serviceBusNamespaceKeyBasedAuthenticationPropertiesType" + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "serviceBusNamespaceIdentityBasedAuthenticationPropertiesType": { + "type": "object", + "properties": { + "type": { + "type": "string", + "allowedValues": [ + "IdentityBased" + ], + "metadata": { + "description": "Required. Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is select, the endpointUri and entityPath properties must be specified." + } + }, + "serviceBusNamespaceTopicResourceId": { + "type": "string", + "metadata": { + "description": "Required. The ServiceBus Namespace Topic resource ID." + } + } + } + }, + "serviceBusNamespaceKeyBasedAuthenticationPropertiesType": { + "type": "object", + "properties": { + "type": { + "type": "string", + "allowedValues": [ + "KeyBased" + ], + "metadata": { + "description": "Required. Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is select, the endpointUri and entityPath properties must be specified." + } + }, + "serviceBusNamespaceAuthorizationRuleResourceId": { + "type": "string", + "metadata": { + "description": "Required. The ServiceBus Namespace Authorization Rule resource ID." + } + } + } + }, + "managedIdentityAllType": { + "type": "object", + "properties": { + "systemAssigned": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enables system assigned managed identity on the resource." + } + }, + "userAssignedResourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption." + } + } + }, + "metadata": { + "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + } + } + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the Digital Twin Endpoint." + } + }, + "digitalTwinInstanceName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment." + } + }, + "properties": { + "$ref": "#/definitions/propertiesType", + "metadata": { + "description": "Required. The properties of the endpoint." + } + } + }, + "variables": { + "identity": "[if(not(empty(tryGet(parameters('properties'), 'managedIdentities'))), createObject('type', if(coalesce(tryGet(tryGet(parameters('properties'), 'managedIdentities'), 'systemAssigned'), false()), 'SystemAssigned', if(not(empty(coalesce(tryGet(tryGet(parameters('properties'), 'managedIdentities'), 'userAssignedResourceId'), ''))), 'UserAssigned', null())), 'userAssignedIdentity', tryGet(tryGet(parameters('properties'), 'managedIdentities'), 'userAssignedResourceId')), null())]" + }, + "resources": { + "eventHubNamespace::eventHub::authorizationRule": { + "condition": "[and(and(equals(parameters('properties').endpointType, 'EventHub'), equals(parameters('properties').endpointType, 'EventHub')), not(empty(tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName'))))]", + "existing": true, + "type": "Microsoft.EventHub/namespaces/eventhubs/authorizationRules", + "apiVersion": "2024-01-01", + "subscriptionId": "[split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2]]", + "resourceGroup": "[split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]]", + "name": "[format('{0}/{1}/{2}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName'))]" + }, + "eventHubNamespace::eventHub": { + "condition": "[and(equals(parameters('properties').endpointType, 'EventHub'), equals(parameters('properties').endpointType, 'EventHub'))]", + "existing": true, + "type": "Microsoft.EventHub/namespaces/eventhubs", + "apiVersion": "2024-01-01", + "subscriptionId": "[split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2]]", + "resourceGroup": "[split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]]", + "name": "[format('{0}/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')))]" + }, + "serviceBusNamespace::topic": { + "condition": "[and(equals(parameters('properties').endpointType, 'ServiceBus'), not(empty(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'))))]", + "existing": true, + "type": "Microsoft.ServiceBus/namespaces/topics", + "apiVersion": "2024-01-01", + "name": "[format('{0}/{1}', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'))]" + }, + "serviceBusNamespace::authorizationRule": { + "condition": "[and(equals(parameters('properties').endpointType, 'ServiceBus'), not(empty(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'))))]", + "existing": true, + "type": "Microsoft.ServiceBus/namespaces/AuthorizationRules", + "apiVersion": "2024-01-01", + "name": "[format('{0}/{1}', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'))]" + }, + "eventGridTopic": { + "condition": "[equals(parameters('properties').endpointType, 'EventGrid')]", + "existing": true, + "type": "Microsoft.EventGrid/topics", + "apiVersion": "2022-06-15", + "subscriptionId": "[split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]]", + "name": "[split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/')[1]]" + }, + "eventHubNamespace": { + "condition": "[equals(parameters('properties').endpointType, 'EventHub')]", + "existing": true, + "type": "Microsoft.EventHub/namespaces", + "apiVersion": "2024-01-01", + "subscriptionId": "[split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2]]", + "resourceGroup": "[split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]]", + "name": "[split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8]]" + }, + "serviceBusNamespace": { + "condition": "[equals(parameters('properties').endpointType, 'ServiceBus')]", + "existing": true, + "type": "Microsoft.ServiceBus/namespaces", + "apiVersion": "2024-01-01", + "name": "[if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8])]" + }, + "digitalTwinsInstance": { + "existing": true, + "type": "Microsoft.DigitalTwins/digitalTwinsInstances", + "apiVersion": "2023-01-31", + "name": "[parameters('digitalTwinInstanceName')]" + }, + "endpoint": { + "type": "Microsoft.DigitalTwins/digitalTwinsInstances/endpoints", + "apiVersion": "2023-01-31", + "name": "[format('{0}/{1}', parameters('digitalTwinInstanceName'), parameters('name'))]", + "properties": "[shallowMerge(createArray(createObject('endpointType', parameters('properties').endpointType, 'identity', variables('identity'), 'deadLetterSecret', tryGet(parameters('properties'), 'deadLetterSecret'), 'deadLetterUri', tryGet(parameters('properties'), 'deadLetterUri')), if(equals(parameters('properties').endpointType, 'EventGrid'), createObject('authenticationType', 'KeyBased', 'TopicEndpoint', reference('eventGridTopic').endpoint, 'accessKey1', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/')[1]), '2022-06-15').key1, 'accessKey2', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/')[1]), '2022-06-15').key2), createObject()), if(equals(parameters('properties').endpointType, 'EventHub'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authenticationType), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8]), 'entityPath', last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/'))), createObject('connectionStringPrimaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').primaryConnectionString, 'connectionStringSecondaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').secondaryConnectionString)))), createObject()), if(equals(parameters('properties').endpointType, 'ServiceBus'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authentication.type), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8])), 'entityPath', tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId')), createObject('primaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId')), '2024-01-01').primaryConnectionString, 'secondaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId')), '2024-01-01').secondaryConnectionString)))), createObject())))]", + "dependsOn": [ + "eventGridTopic" + ] + } + }, + "outputs": { + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the Endpoint." + }, + "value": "[resourceId('Microsoft.DigitalTwins/digitalTwinsInstances/endpoints', parameters('digitalTwinInstanceName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the resource was created in." + }, + "value": "[resourceGroup().name]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the Endpoint." + }, + "value": "[parameters('name')]" + } + } +} \ No newline at end of file diff --git a/avm/res/digital-twins/digital-twins-instance/main.bicep b/avm/res/digital-twins/digital-twins-instance/main.bicep index 6ebafb65f6..759722f99b 100644 --- a/avm/res/digital-twins/digital-twins-instance/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/main.bicep @@ -13,23 +13,20 @@ param location string = resourceGroup().location @description('Optional. Resource tags.') param tags object? +import { lockType } from 'br/public:avm/utl/types/avm-common-types:0.4.1' @description('Optional. The lock settings of the service.') -param lock lockType +param lock lockType? +import { managedIdentityAllType } from 'br/public:avm/utl/types/avm-common-types:0.4.1' @description('Optional. The managed identity definition for this resource.') -param managedIdentities managedIdentitiesType +param managedIdentities managedIdentityAllType? -@description('Optional. Event Hub Endpoint.') -param eventHubEndpoints array? - -@description('Optional. Event Grid Endpoint.') -param eventGridEndpoints array? - -@description('Optional. Service Bus Endpoint.') -param serviceBusEndpoints array? +@description('Optional. The endpoints of the service.') +param endpoints endpointType[]? +import { privateEndpointSingleServiceType } from 'br/public:avm/utl/types/avm-common-types:0.4.1' @description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.') -param privateEndpoints privateEndpointType +param privateEndpoints privateEndpointSingleServiceType[]? @description('Optional. Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set.') @allowed([ @@ -39,14 +36,16 @@ param privateEndpoints privateEndpointType ]) param publicNetworkAccess string = '' +import { diagnosticSettingFullType } from 'br/public:avm/utl/types/avm-common-types:0.4.1' @description('Optional. The diagnostic settings of the service.') -param diagnosticSettings diagnosticSettingType +param diagnosticSettings diagnosticSettingFullType[]? @description('Optional. Enable/Disable usage telemetry for module.') param enableTelemetry bool = true +import { roleAssignmentType } from 'br/public:avm/utl/types/avm-common-types:0.4.1' @description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalIds\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments roleAssignmentType +param roleAssignments roleAssignmentType[]? var formattedUserAssignedIdentities = reduce( map((managedIdentities.?userAssignedResourceIds ?? []), (id) => { '${id}': {} }), @@ -85,6 +84,17 @@ var builtInRoleNames = { ) } +var formattedRoleAssignments = [ + for (roleAssignment, index) in (roleAssignments ?? []): union(roleAssignment, { + roleDefinitionId: builtInRoleNames[?roleAssignment.roleDefinitionIdOrName] ?? (contains( + roleAssignment.roleDefinitionIdOrName, + '/providers/Microsoft.Authorization/roleDefinitions/' + ) + ? roleAssignment.roleDefinitionIdOrName + : subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleAssignment.roleDefinitionIdOrName)) + }) +] + #disable-next-line no-deployments-resources resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableTelemetry) { name: '46d3xbcp.res.digitaltwins-digitaltwinsinstance.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}' @@ -116,71 +126,20 @@ resource digitalTwinsInstance 'Microsoft.DigitalTwins/digitalTwinsInstances@2023 } } -module digitalTwinsInstance_eventHubEndpoints 'endpoint--event-hub/main.bicep' = [ - for (eventHubEndpoint, index) in (eventHubEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-DigitalTwinsInstance-Endpoints-EventHub-${index}' - params: { - digitalTwinInstanceName: digitalTwinsInstance.name - name: contains(eventHubEndpoint, 'name') ? eventHubEndpoint.name : 'EventHubEndpoint' - authenticationType: contains(eventHubEndpoint, 'authenticationType') - ? eventHubEndpoint.authenticationType - : 'KeyBased' - connectionStringPrimaryKey: contains(eventHubEndpoint, 'connectionStringPrimaryKey') - ? eventHubEndpoint.connectionStringPrimaryKey - : '' - connectionStringSecondaryKey: contains(eventHubEndpoint, 'connectionStringSecondaryKey') - ? eventHubEndpoint.connectionStringSecondaryKey - : '' - deadLetterSecret: contains(eventHubEndpoint, 'deadLetterSecret') ? eventHubEndpoint.deadLetterSecret : '' - deadLetterUri: contains(eventHubEndpoint, 'deadLetterUri') ? eventHubEndpoint.deadLetterUri : '' - endpointUri: contains(eventHubEndpoint, 'endpointUri') ? eventHubEndpoint.endpointUri : '' - entityPath: contains(eventHubEndpoint, 'entityPath') ? eventHubEndpoint.entityPath : '' - managedIdentities: contains(eventHubEndpoint, 'managedIdentities') ? eventHubEndpoint.managedIdentities : {} - } - } -] - -module digitalTwinsInstance_eventGridEndpoints 'endpoint--event-grid/main.bicep' = [ - for (eventGridEndpoint, index) in (eventGridEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-DigitalTwinsInstance-Endpoints-EventGrid-${index}' - params: { - digitalTwinInstanceName: digitalTwinsInstance.name - name: contains(eventGridEndpoint, 'name') ? eventGridEndpoint.name : 'EventGridEndpoint' - topicEndpoint: contains(eventGridEndpoint, 'topicEndpoint') ? eventGridEndpoint.topicEndpoint : '' - deadLetterSecret: contains(eventGridEndpoint, 'deadLetterSecret') ? eventGridEndpoint.deadLetterSecret : '' - deadLetterUri: contains(eventGridEndpoint, 'deadLetterUri') ? eventGridEndpoint.deadLetterUri : '' - eventGridDomainResourceId: contains(eventGridEndpoint, 'eventGridDomainId') - ? eventGridEndpoint.eventGridDomainId - : '' - } - } -] - -module digitalTwinsInstance_serviceBusEndpoints 'endpoint--service-bus/main.bicep' = [ - for (serviceBusEndpoint, index) in (serviceBusEndpoints ?? []): { - name: '${uniqueString(deployment().name, location)}-DigitalTwinsInstance-Endpoints-ServiceBus-${index}' +module digitalTwinsInstance_endpoints 'endpoint/main.bicep' = [ + for (endpoint, index) in (endpoints ?? []): { + name: '${uniqueString(deployment().name, location)}-DigitalTwinsInstance-Endpoints-${index}' params: { digitalTwinInstanceName: digitalTwinsInstance.name - name: contains(serviceBusEndpoint, 'name') ? serviceBusEndpoint.name : 'ServiceBusEndpoint' - authenticationType: contains(serviceBusEndpoint, 'authenticationType') - ? serviceBusEndpoint.authenticationType - : '' - deadLetterSecret: contains(serviceBusEndpoint, 'deadLetterSecret') ? serviceBusEndpoint.deadLetterSecret : '' - deadLetterUri: contains(serviceBusEndpoint, 'deadLetterUri') ? serviceBusEndpoint.deadLetterUri : '' - endpointUri: contains(serviceBusEndpoint, 'endpointUri') ? serviceBusEndpoint.endpointUri : '' - entityPath: contains(serviceBusEndpoint, 'entityPath') ? serviceBusEndpoint.entityPath : '' - primaryConnectionString: contains(serviceBusEndpoint, 'primaryConnectionString') - ? serviceBusEndpoint.primaryConnectionString - : '' - secondaryConnectionString: contains(serviceBusEndpoint, 'secondaryConnectionString') - ? serviceBusEndpoint.secondaryConnectionString - : '' - managedIdentities: contains(serviceBusEndpoint, 'managedIdentities') ? serviceBusEndpoint.managedIdentities : {} + name: endpoint.?name ?? (endpoint.endpointType == 'EventGrid' + ? 'EventGridEndpoint' + : endpoint.endpointType == 'EventHub' ? 'EventHubEndpoint' : 'ServiceBusEndpoint') + properties: endpoint.properties } } ] -module digitalTwinsInstance_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.1' = [ +module digitalTwinsInstance_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.9.0' = [ for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-digitalTwinsInstance-PrivateEndpoint-${index}' scope: resourceGroup(privateEndpoint.?resourceGroupName ?? '') @@ -221,8 +180,7 @@ module digitalTwinsInstance_privateEndpoints 'br/public:avm/res/network/private- 'Full' ).location lock: privateEndpoint.?lock ?? lock - privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName - privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds + privateDnsZoneGroup: privateEndpoint.?privateDnsZoneGroup roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags customDnsConfigs: privateEndpoint.?customDnsConfigs @@ -274,14 +232,14 @@ resource digitalTwinsInstance_diagnosticSettings 'Microsoft.Insights/diagnosticS ] resource digitalTwinsInstance_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ - for (roleAssignment, index) in (roleAssignments ?? []): { - name: guid(digitalTwinsInstance.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName) + for (roleAssignment, index) in (formattedRoleAssignments ?? []): { + name: roleAssignment.?name ?? guid( + digitalTwinsInstance.id, + roleAssignment.principalId, + roleAssignment.roleDefinitionId + ) properties: { - roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) - ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] - : contains(roleAssignment.roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/') - ? roleAssignment.roleDefinitionIdOrName - : subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleAssignment.roleDefinitionIdOrName) + roleDefinitionId: roleAssignment.roleDefinitionId principalId: roleAssignment.principalId description: roleAssignment.?description principalType: roleAssignment.?principalType @@ -309,169 +267,53 @@ output hostname string = digitalTwinsInstance.properties.hostName output location string = digitalTwinsInstance.location @description('The principal ID of the system assigned identity.') -output systemAssignedMIPrincipalId string = digitalTwinsInstance.?identity.?principalId ?? '' +output systemAssignedMIPrincipalId string? = digitalTwinsInstance.?identity.?principalId + +@description('The private endpoints of the key vault.') +output privateEndpoints privateEndpointOutputType[] = [ + for (item, index) in (privateEndpoints ?? []): { + name: digitalTwinsInstance_privateEndpoints[index].outputs.name + resourceId: digitalTwinsInstance_privateEndpoints[index].outputs.resourceId + groupId: digitalTwinsInstance_privateEndpoints[index].outputs.groupId + customDnsConfigs: digitalTwinsInstance_privateEndpoints[index].outputs.customDnsConfig + networkInterfaceResourceIds: digitalTwinsInstance_privateEndpoints[index].outputs.networkInterfaceResourceIds + } +] // =============== // // Definitions // // =============== // +@export() +type privateEndpointOutputType = { + @description('The name of the private endpoint.') + name: string -type managedIdentitiesType = { - @description('Optional. Enables system assigned managed identity on the resource.') - systemAssigned: bool? - - @description('Optional. The resource ID(s) to assign to the resource.') - userAssignedResourceIds: string[]? -}? - -type lockType = { - @description('Optional. Specify the name of lock.') - name: string? - - @description('Optional. Specify the type of lock.') - kind: ('CanNotDelete' | 'ReadOnly' | 'None')? -}? - -type roleAssignmentType = { - @description('Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') - roleDefinitionIdOrName: string - - @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.') - principalId: string - - @description('Optional. The principal type of the assigned principal ID.') - principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device')? - - @description('Optional. The description of the role assignment.') - description: string? - - @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".') - condition: string? - - @description('Optional. Version of the condition.') - conditionVersion: '2.0'? - - @description('Optional. The Resource Id of the delegated managed identity resource.') - delegatedManagedIdentityResourceId: string? -}[]? - -type privateEndpointType = { - @description('Optional. The name of the private endpoint.') - name: string? - - @description('Optional. The location to deploy the private endpoint to.') - location: string? - - @description('Optional. The name of the private link connection to create.') - privateLinkServiceConnectionName: string? - - @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".') - service: string? - - @description('Required. Resource ID of the subnet where the endpoint needs to be created.') - subnetResourceId: string + @description('The resource ID of the private endpoint.') + resourceId: string - @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') - privateDnsZoneGroupName: string? + @description('The group Id for the private endpoint Group.') + groupId: string? - @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') - privateDnsZoneResourceIds: string[]? - - @description('Optional. If Manual Private Link Connection is required.') - isManualConnection: bool? - - @description('Optional. A message passed to the owner of the remote resource with the manual connection request.') - @maxLength(140) - manualConnectionRequestMessage: string? - - @description('Optional. Custom DNS configurations.') + @description('The custom DNS configurations of the private endpoint.') customDnsConfigs: { - @description('Optional. FQDN that resolves to private endpoint IP address.') + @description('FQDN that resolves to private endpoint IP address.') fqdn: string? - @description('Required. A list of private IP addresses of the private endpoint.') + @description('A list of private IP addresses of the private endpoint.') ipAddresses: string[] - }[]? - - @description('Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints.') - ipConfigurations: { - @description('Required. The name of the resource that is unique within a resource group.') - name: string - - @description('Required. Properties of private endpoint IP configurations.') - properties: { - @description('Required. The ID of a group obtained from the remote resource that this private endpoint should connect to.') - groupId: string - - @description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.') - memberName: string - - @description('Required. A private IP address obtained from the private endpoint\'s subnet.') - privateIPAddress: string - } - }[]? - - @description('Optional. Application security groups in which the private endpoint IP configuration is included.') - applicationSecurityGroupResourceIds: string[]? - - @description('Optional. The custom name of the network interface attached to the private endpoint.') - customNetworkInterfaceName: string? - - @description('Optional. Specify the type of lock.') - lock: lockType + }[] - @description('Optional. Array of role assignments to create.') - roleAssignments: roleAssignmentType - - @description('Optional. Tags to be applied on all resources/resource groups in this deployment.') - tags: object? - - @description('Optional. Enable/Disable usage telemetry for module.') - enableTelemetry: bool? - - @description('Optional. Specify if you want to deploy the Privte Endpoint into a different resource group than the main resource.') - resourceGroupName: string? -}[]? + @description('The IDs of the network interfaces associated with the private endpoint.') + networkInterfaceResourceIds: string[] +} -type diagnosticSettingType = { - @description('Optional. The name of diagnostic setting.') +import { propertiesType } from 'endpoint/main.bicep' +@export() +@description('The type for a Digital Twin Endpoint.') +type endpointType = { + @description('Optional. The name of the Digital Twin Endpoint.') name: string? - @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to `[]` to disable log collection.') - logCategoriesAndGroups: { - @description('Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here.') - category: string? - - @description('Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to `allLogs` to collect all logs.') - categoryGroup: string? - - @description('Optional. Enable or disable the category explicitly. Default is `true`.') - enabled: bool? - }[]? - - @description('Optional. The name of metrics that will be streamed. "allMetrics" includes all possible metrics for the resource. Set to `[]` to disable metric collection.') - metricCategories: { - @description('Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to `AllMetrics` to collect all metrics.') - category: string - - @description('Optional. Enable or disable the category explicitly. Default is `true`.') - enabled: bool? - }[]? - - @description('Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.') - logAnalyticsDestinationType: ('Dedicated' | 'AzureDiagnostics')? - - @description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') - workspaceResourceId: string? - - @description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') - storageAccountResourceId: string? - - @description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') - eventHubAuthorizationRuleResourceId: string? - - @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') - eventHubName: string? - - @description('Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.') - marketplacePartnerResourceId: string? -}[]? + @description('Required. The properties of the endpoint.') + properties: propertiesType +} diff --git a/avm/res/digital-twins/digital-twins-instance/main.json b/avm/res/digital-twins/digital-twins-instance/main.json index 0b234bd50d..64130f1fc5 100644 --- a/avm/res/digital-twins/digital-twins-instance/main.json +++ b/avm/res/digital-twins/digital-twins-instance/main.json @@ -6,443 +6,911 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "16243868201799712200" + "templateHash": "5283389471967264815" }, "name": "Digital Twins Instances", "description": "This module deploys an Azure Digital Twins Instance.", "owner": "Azure/module-maintainers" }, "definitions": { - "managedIdentitiesType": { + "privateEndpointOutputType": { "type": "object", "properties": { - "systemAssigned": { - "type": "bool", + "name": { + "type": "string", + "metadata": { + "description": "The name of the private endpoint." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the private endpoint." + } + }, + "groupId": { + "type": "string", "nullable": true, "metadata": { - "description": "Optional. Enables system assigned managed identity on the resource." + "description": "The group Id for the private endpoint Group." } }, - "userAssignedResourceIds": { + "customDnsConfigs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fqdn": { + "type": "string", + "nullable": true, + "metadata": { + "description": "FQDN that resolves to private endpoint IP address." + } + }, + "ipAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "A list of private IP addresses of the private endpoint." + } + } + } + }, + "metadata": { + "description": "The custom DNS configurations of the private endpoint." + } + }, + "networkInterfaceResourceIds": { "type": "array", "items": { "type": "string" }, - "nullable": true, "metadata": { - "description": "Optional. The resource ID(s) to assign to the resource." + "description": "The IDs of the network interfaces associated with the private endpoint." } } }, - "nullable": true + "metadata": { + "__bicep_export!": true + } }, - "lockType": { + "endpointType": { "type": "object", "properties": { "name": { "type": "string", "nullable": true, "metadata": { - "description": "Optional. Specify the name of lock." + "description": "Optional. The name of the Digital Twin Endpoint." } }, - "kind": { - "type": "string", - "allowedValues": [ - "CanNotDelete", - "None", - "ReadOnly" - ], - "nullable": true, + "properties": { + "$ref": "#/definitions/propertiesType", "metadata": { - "description": "Optional. Specify the type of lock." + "description": "Required. The properties of the endpoint." } } }, - "nullable": true + "metadata": { + "__bicep_export!": true, + "description": "The type for a Digital Twin Endpoint." + } }, - "roleAssignmentType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "principalId": { - "type": "string", - "metadata": { - "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." - } - }, - "principalType": { - "type": "string", - "allowedValues": [ - "Device", - "ForeignGroup", - "Group", - "ServicePrincipal", - "User" - ], - "nullable": true, - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "description": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "condition": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." - } - }, - "conditionVersion": { - "type": "string", - "allowedValues": [ - "2.0" - ], - "nullable": true, - "metadata": { - "description": "Optional. Version of the condition." - } + "_1.privateEndpointCustomDnsConfigType": { + "type": "object", + "properties": { + "fqdn": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. FQDN that resolves to private endpoint IP address." + } + }, + "ipAddresses": { + "type": "array", + "items": { + "type": "string" }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The Resource Id of the delegated managed identity resource." - } + "metadata": { + "description": "Required. A list of private IP addresses of the private endpoint." } } }, - "nullable": true + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + } + } }, - "privateEndpointType": { - "type": "array", - "items": { - "type": "object", + "_1.privateEndpointIpConfigurationType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the resource that is unique within a resource group." + } + }, "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name of the private endpoint." - } - }, - "location": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The location to deploy the private endpoint to." - } - }, - "privateLinkServiceConnectionName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name of the private link connection to create." - } - }, - "service": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The subresource to deploy the private endpoint for. For example \"vault\", \"mysqlServer\" or \"dataFactory\"." - } - }, - "subnetResourceId": { - "type": "string", - "metadata": { - "description": "Required. Resource ID of the subnet where the endpoint needs to be created." - } - }, - "privateDnsZoneGroupName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." - } - }, - "privateDnsZoneResourceIds": { - "type": "array", - "items": { - "type": "string" - }, - "nullable": true, - "metadata": { - "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." - } - }, - "isManualConnection": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. If Manual Private Link Connection is required." - } - }, - "manualConnectionRequestMessage": { - "type": "string", - "nullable": true, - "maxLength": 140, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." - } - }, - "customDnsConfigs": { - "type": "array", - "items": { - "type": "object", - "properties": { - "fqdn": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. FQDN that resolves to private endpoint IP address." - } - }, - "ipAddresses": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." - } - } + "type": "object", + "properties": { + "groupId": { + "type": "string", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." } }, - "nullable": true, - "metadata": { - "description": "Optional. Custom DNS configurations." - } - }, - "ipConfigurations": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the resource that is unique within a resource group." - } - }, - "properties": { - "type": "object", - "properties": { - "groupId": { - "type": "string", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "memberName": { - "type": "string", - "metadata": { - "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateIPAddress": { - "type": "string", - "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." - } - } - }, - "metadata": { - "description": "Required. Properties of private endpoint IP configurations." - } - } + "memberName": { + "type": "string", + "metadata": { + "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." } }, - "nullable": true, - "metadata": { - "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." - } - }, - "applicationSecurityGroupResourceIds": { - "type": "array", - "items": { - "type": "string" - }, - "nullable": true, - "metadata": { - "description": "Optional. Application security groups in which the private endpoint IP configuration is included." - } - }, - "customNetworkInterfaceName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The custom name of the network interface attached to the private endpoint." - } - }, - "lock": { - "$ref": "#/definitions/lockType", - "metadata": { - "description": "Optional. Specify the type of lock." - } - }, - "roleAssignments": { - "$ref": "#/definitions/roleAssignmentType", - "metadata": { - "description": "Optional. Array of role assignments to create." - } - }, - "tags": { - "type": "object", - "nullable": true, - "metadata": { - "description": "Optional. Tags to be applied on all resources/resource groups in this deployment." - } - }, - "enableTelemetry": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Enable/Disable usage telemetry for module." + "privateIPAddress": { + "type": "string", + "metadata": { + "description": "Required. A private IP address obtained from the private endpoint's subnet." + } } }, - "resourceGroupName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Specify if you want to deploy the Privte Endpoint into a different resource group than the main resource." - } + "metadata": { + "description": "Required. Properties of private endpoint IP configurations." } } }, - "nullable": true + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + } + } }, - "diagnosticSettingType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name of diagnostic setting." - } - }, - "logCategoriesAndGroups": { - "type": "array", - "items": { - "type": "object", - "properties": { - "category": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here." - } - }, - "categoryGroup": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to `allLogs` to collect all logs." - } - }, - "enabled": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Enable or disable the category explicitly. Default is `true`." - } + "_1.privateEndpointPrivateDnsZoneGroupType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the Private DNS Zone Group." + } + }, + "privateDnsZoneGroupConfigs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the private DNS Zone Group config." } - } - }, - "nullable": true, - "metadata": { - "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to `[]` to disable log collection." - } - }, - "metricCategories": { - "type": "array", - "items": { - "type": "object", - "properties": { - "category": { - "type": "string", - "metadata": { - "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to `AllMetrics` to collect all metrics." - } - }, - "enabled": { - "type": "bool", - "nullable": true, - "metadata": { - "description": "Optional. Enable or disable the category explicitly. Default is `true`." - } + }, + "privateDnsZoneResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource id of the private DNS zone." } } - }, - "nullable": true, - "metadata": { - "description": "Optional. The name of metrics that will be streamed. \"allMetrics\" includes all possible metrics for the resource. Set to `[]` to disable metric collection." - } - }, - "logAnalyticsDestinationType": { - "type": "string", - "allowedValues": [ - "AzureDiagnostics", - "Dedicated" - ], - "nullable": true, - "metadata": { - "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type." - } - }, - "workspaceResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." } }, - "storageAccountResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." - } - }, - "eventHubAuthorizationRuleResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." - } - }, - "eventHubName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." - } - }, - "marketplacePartnerResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs." - } + "metadata": { + "description": "Required. The private DNS Zone Groups to associate the Private Endpoint. A DNS Zone Group can support up to 5 DNS zones." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + } + } + }, + "_2.eventGridPropertiesType": { + "type": "object", + "properties": { + "endpointType": { + "type": "string", + "allowedValues": [ + "EventGrid" + ], + "metadata": { + "description": "Required. The type of endpoint to create." + } + }, + "deadLetterSecret": { + "type": "securestring", + "nullable": true, + "metadata": { + "description": "Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read." + } + }, + "deadLetterUri": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Dead letter storage URL for identity-based authentication." + } + }, + "managedIdentities": { + "$ref": "#/definitions/managedIdentityAllType", + "nullable": true, + "metadata": { + "description": "Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both." + } + }, + "eventGridTopicResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the Event Grid Topic to get access keys from." + } + } + }, + "metadata": { + "description": "The type for an event grid endpoint.", + "__bicep_imported_from!": { + "sourceTemplate": "endpoint/main.bicep" + } + } + }, + "_2.eventHubAuthorizationPropertiesType": { + "type": "object", + "discriminator": { + "propertyName": "type", + "mapping": { + "IdentityBased": { + "$ref": "#/definitions/_2.eventHubIdentityBasedAuthenticationPropertiesType" + }, + "KeyBased": { + "$ref": "#/definitions/_2.eventHubKeyBasedAuthenticationPropertiesType" + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "endpoint/main.bicep" + } + } + }, + "_2.eventHubIdentityBasedAuthenticationPropertiesType": { + "type": "object", + "properties": { + "type": { + "type": "string", + "allowedValues": [ + "IdentityBased" + ], + "metadata": { + "description": "Required. Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is select, the endpointUri and entityPath properties must be specified." + } + }, + "eventHubResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the Event Hub Namespace Event Hub." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "endpoint/main.bicep" + } + } + }, + "_2.eventHubKeyBasedAuthenticationPropertiesType": { + "type": "object", + "properties": { + "type": { + "type": "string", + "allowedValues": [ + "KeyBased" + ], + "metadata": { + "description": "Required. Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is select, the endpointUri and entityPath properties must be specified." + } + }, + "eventHubResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the Event Hub Namespace Event Hub." + } + }, + "eventHubAuthorizationRuleName": { + "type": "string", + "metadata": { + "description": "Required. The name of the Event Hub Namespace Event Hub Authorization Rule." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "endpoint/main.bicep" + } + } + }, + "_2.eventHubPropertiesType": { + "type": "object", + "properties": { + "endpointType": { + "type": "string", + "allowedValues": [ + "EventHub" + ], + "metadata": { + "description": "Required. The type of endpoint to create." + } + }, + "deadLetterSecret": { + "type": "securestring", + "nullable": true, + "metadata": { + "description": "Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read." + } + }, + "deadLetterUri": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Dead letter storage URL for identity-based authentication." + } + }, + "managedIdentities": { + "$ref": "#/definitions/managedIdentityAllType", + "nullable": true, + "metadata": { + "description": "Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both." + } + }, + "authentication": { + "$ref": "#/definitions/_2.eventHubAuthorizationPropertiesType", + "metadata": { + "description": "Required. Specifies the authentication type being used for connecting to the endpoint." + } + } + }, + "metadata": { + "description": "The type for an event hub endpoint.", + "__bicep_imported_from!": { + "sourceTemplate": "endpoint/main.bicep" + } + } + }, + "_2.serviceBusNamespaceAuthorizationPropertiesType": { + "type": "object", + "discriminator": { + "propertyName": "type", + "mapping": { + "IdentityBased": { + "$ref": "#/definitions/_2.serviceBusNamespaceIdentityBasedAuthenticationPropertiesType" + }, + "KeyBased": { + "$ref": "#/definitions/_2.serviceBusNamespaceKeyBasedAuthenticationPropertiesType" + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "endpoint/main.bicep" + } + } + }, + "_2.serviceBusNamespaceIdentityBasedAuthenticationPropertiesType": { + "type": "object", + "properties": { + "type": { + "type": "string", + "allowedValues": [ + "IdentityBased" + ], + "metadata": { + "description": "Required. Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is select, the endpointUri and entityPath properties must be specified." + } + }, + "serviceBusNamespaceTopicResourceId": { + "type": "string", + "metadata": { + "description": "Required. The ServiceBus Namespace Topic resource ID." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "endpoint/main.bicep" + } + } + }, + "_2.serviceBusNamespaceKeyBasedAuthenticationPropertiesType": { + "type": "object", + "properties": { + "type": { + "type": "string", + "allowedValues": [ + "KeyBased" + ], + "metadata": { + "description": "Required. Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is select, the endpointUri and entityPath properties must be specified." + } + }, + "serviceBusNamespaceAuthorizationRuleResourceId": { + "type": "string", + "metadata": { + "description": "Required. The ServiceBus Namespace Authorization Rule resource ID." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "endpoint/main.bicep" + } + } + }, + "_2.serviceBusPropertiesType": { + "type": "object", + "properties": { + "endpointType": { + "type": "string", + "allowedValues": [ + "ServiceBus" + ], + "metadata": { + "description": "Required. The type of endpoint to create." + } + }, + "authentication": { + "$ref": "#/definitions/_2.serviceBusNamespaceAuthorizationPropertiesType", + "metadata": { + "description": "Required. Specifies the authentication type being used for connecting to the endpoint." + } + }, + "deadLetterSecret": { + "type": "securestring", + "nullable": true, + "metadata": { + "description": "Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read." + } + }, + "deadLetterUri": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Dead letter storage URL for identity-based authentication." + } + }, + "managedIdentities": { + "$ref": "#/definitions/managedIdentityAllType", + "nullable": true, + "metadata": { + "description": "Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both." + } + } + }, + "metadata": { + "description": "The type for a service bus endpoint.", + "__bicep_imported_from!": { + "sourceTemplate": "endpoint/main.bicep" + } + } + }, + "diagnosticSettingFullType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the diagnostic setting." + } + }, + "logCategoriesAndGroups": { + "type": "array", + "items": { + "type": "object", + "properties": { + "category": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here." + } + }, + "categoryGroup": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to `allLogs` to collect all logs." + } + }, + "enabled": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enable or disable the category explicitly. Default is `true`." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to `[]` to disable log collection." + } + }, + "metricCategories": { + "type": "array", + "items": { + "type": "object", + "properties": { + "category": { + "type": "string", + "metadata": { + "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to `AllMetrics` to collect all metrics." + } + }, + "enabled": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enable or disable the category explicitly. Default is `true`." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. The name of metrics that will be streamed. \"allMetrics\" includes all possible metrics for the resource. Set to `[]` to disable metric collection." + } + }, + "logAnalyticsDestinationType": { + "type": "string", + "allowedValues": [ + "AzureDiagnostics", + "Dedicated" + ], + "nullable": true, + "metadata": { + "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type." + } + }, + "workspaceResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "storageAccountResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "eventHubAuthorizationRuleResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." + } + }, + "eventHubName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "marketplacePartnerResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs." + } + } + }, + "metadata": { + "description": "An AVM-aligned type for a diagnostic setting. To be used if both logs & metrics are supported by the resource provider.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + } + } + }, + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "metadata": { + "description": "An AVM-aligned type for a lock.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + } + } + }, + "managedIdentityAllType": { + "type": "object", + "properties": { + "systemAssigned": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enables system assigned managed identity on the resource." + } + }, + "userAssignedResourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption." + } + } + }, + "metadata": { + "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + } + } + }, + "privateEndpointSingleServiceType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the Private Endpoint." + } + }, + "location": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The location to deploy the Private Endpoint to." + } + }, + "privateLinkServiceConnectionName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the private link connection to create." + } + }, + "service": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The subresource to deploy the Private Endpoint for. For example \"vault\" for a Key Vault Private Endpoint." + } + }, + "subnetResourceId": { + "type": "string", + "metadata": { + "description": "Required. Resource ID of the subnet where the endpoint needs to be created." + } + }, + "privateDnsZoneGroup": { + "$ref": "#/definitions/_1.privateEndpointPrivateDnsZoneGroupType", + "nullable": true, + "metadata": { + "description": "Optional. The private DNS Zone Group to configure for the Private Endpoint." + } + }, + "isManualConnection": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. If Manual Private Link Connection is required." + } + }, + "manualConnectionRequestMessage": { + "type": "string", + "nullable": true, + "maxLength": 140, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with the manual connection request." + } + }, + "customDnsConfigs": { + "type": "array", + "items": { + "$ref": "#/definitions/_1.privateEndpointCustomDnsConfigType" + }, + "nullable": true, + "metadata": { + "description": "Optional. Custom DNS configurations." + } + }, + "ipConfigurations": { + "type": "array", + "items": { + "$ref": "#/definitions/_1.privateEndpointIpConfigurationType" + }, + "nullable": true, + "metadata": { + "description": "Optional. A list of IP configurations of the Private Endpoint. This will be used to map to the first-party Service endpoints." + } + }, + "applicationSecurityGroupResourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. Application security groups in which the Private Endpoint IP configuration is included." + } + }, + "customNetworkInterfaceName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The custom name of the network interface attached to the Private Endpoint." + } + }, + "lock": { + "$ref": "#/definitions/lockType", + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "type": "array", + "items": { + "$ref": "#/definitions/roleAssignmentType" + }, + "nullable": true, + "metadata": { + "description": "Optional. Array of role assignments to create." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Tags to be applied on all resources/Resource Groups in this deployment." + } + }, + "enableTelemetry": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Enable/Disable usage telemetry for module." + } + }, + "resourceGroupName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify if you want to deploy the Private Endpoint into a different Resource Group than the main resource." + } + } + }, + "metadata": { + "description": "An AVM-aligned type for a private endpoint. To be used if the private endpoint's default service / groupId can be assumed (i.e., for services that only have one Private Endpoint type like 'vault' for key vault).", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + } + } + }, + "propertiesType": { + "type": "object", + "discriminator": { + "propertyName": "endpointType", + "mapping": { + "EventGrid": { + "$ref": "#/definitions/_2.eventGridPropertiesType" + }, + "EventHub": { + "$ref": "#/definitions/_2.eventHubPropertiesType" + }, + "ServiceBus": { + "$ref": "#/definitions/_2.serviceBusPropertiesType" + } + } + }, + "metadata": { + "description": "The type for the Digital Twin Endpoint.", + "__bicep_imported_from!": { + "sourceTemplate": "endpoint/main.bicep" + } + } + }, + "roleAssignmentType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." } } }, - "nullable": true + "metadata": { + "description": "An AVM-aligned type for a role assignment.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + } + } } }, "parameters": { @@ -470,39 +938,34 @@ }, "lock": { "$ref": "#/definitions/lockType", + "nullable": true, "metadata": { "description": "Optional. The lock settings of the service." } }, "managedIdentities": { - "$ref": "#/definitions/managedIdentitiesType", - "metadata": { - "description": "Optional. The managed identity definition for this resource." - } - }, - "eventHubEndpoints": { - "type": "array", + "$ref": "#/definitions/managedIdentityAllType", "nullable": true, "metadata": { - "description": "Optional. Event Hub Endpoint." + "description": "Optional. The managed identity definition for this resource." } }, - "eventGridEndpoints": { + "endpoints": { "type": "array", + "items": { + "$ref": "#/definitions/endpointType" + }, "nullable": true, "metadata": { - "description": "Optional. Event Grid Endpoint." + "description": "Optional. The endpoints of the service." } }, - "serviceBusEndpoints": { + "privateEndpoints": { "type": "array", + "items": { + "$ref": "#/definitions/privateEndpointSingleServiceType" + }, "nullable": true, - "metadata": { - "description": "Optional. Service Bus Endpoint." - } - }, - "privateEndpoints": { - "$ref": "#/definitions/privateEndpointType", "metadata": { "description": "Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible." } @@ -520,7 +983,11 @@ } }, "diagnosticSettings": { - "$ref": "#/definitions/diagnosticSettingType", + "type": "array", + "items": { + "$ref": "#/definitions/diagnosticSettingFullType" + }, + "nullable": true, "metadata": { "description": "Optional. The diagnostic settings of the service." } @@ -533,13 +1000,24 @@ } }, "roleAssignments": { - "$ref": "#/definitions/roleAssignmentType", + "type": "array", + "items": { + "$ref": "#/definitions/roleAssignmentType" + }, + "nullable": true, "metadata": { "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." } } }, "variables": { + "copy": [ + { + "name": "formattedRoleAssignments", + "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]", + "input": "[union(coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')], createObject('roleDefinitionId', coalesce(tryGet(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')].roleDefinitionIdOrName), if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')].roleDefinitionIdOrName)))))]" + } + ], "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', 'None')), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", "builtInRoleNames": { @@ -642,33 +1120,33 @@ "digitalTwinsInstance_roleAssignments": { "copy": { "name": "digitalTwinsInstance_roleAssignments", - "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]" + "count": "[length(coalesce(variables('formattedRoleAssignments'), createArray()))]" }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "scope": "[format('Microsoft.DigitalTwins/digitalTwinsInstances/{0}', parameters('name'))]", - "name": "[guid(resourceId('Microsoft.DigitalTwins/digitalTwinsInstances', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.DigitalTwins/digitalTwinsInstances', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)))]", - "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", - "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", - "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", - "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]", - "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", - "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" + "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", + "principalId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId]", + "description": "[tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'description')]", + "principalType": "[tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'principalType')]", + "condition": "[tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'condition')]", + "conditionVersion": "[if(not(empty(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", + "delegatedManagedIdentityResourceId": "[tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" }, "dependsOn": [ "digitalTwinsInstance" ] }, - "digitalTwinsInstance_eventHubEndpoints": { + "digitalTwinsInstance_endpoints": { "copy": { - "name": "digitalTwinsInstance_eventHubEndpoints", - "count": "[length(coalesce(parameters('eventHubEndpoints'), createArray()))]" + "name": "digitalTwinsInstance_endpoints", + "count": "[length(coalesce(parameters('endpoints'), createArray()))]" }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('{0}-DigitalTwinsInstance-Endpoints-EventHub-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "name": "[format('{0}-DigitalTwinsInstance-Endpoints-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", "properties": { "expressionEvaluationOptions": { "scope": "inner" @@ -678,15 +1156,12 @@ "digitalTwinInstanceName": { "value": "[parameters('name')]" }, - "name": "[if(contains(coalesce(parameters('eventHubEndpoints'), createArray())[copyIndex()], 'name'), createObject('value', coalesce(parameters('eventHubEndpoints'), createArray())[copyIndex()].name), createObject('value', 'EventHubEndpoint'))]", - "authenticationType": "[if(contains(coalesce(parameters('eventHubEndpoints'), createArray())[copyIndex()], 'authenticationType'), createObject('value', coalesce(parameters('eventHubEndpoints'), createArray())[copyIndex()].authenticationType), createObject('value', 'KeyBased'))]", - "connectionStringPrimaryKey": "[if(contains(coalesce(parameters('eventHubEndpoints'), createArray())[copyIndex()], 'connectionStringPrimaryKey'), createObject('value', coalesce(parameters('eventHubEndpoints'), createArray())[copyIndex()].connectionStringPrimaryKey), createObject('value', ''))]", - "connectionStringSecondaryKey": "[if(contains(coalesce(parameters('eventHubEndpoints'), createArray())[copyIndex()], 'connectionStringSecondaryKey'), createObject('value', coalesce(parameters('eventHubEndpoints'), createArray())[copyIndex()].connectionStringSecondaryKey), createObject('value', ''))]", - "deadLetterSecret": "[if(contains(coalesce(parameters('eventHubEndpoints'), createArray())[copyIndex()], 'deadLetterSecret'), createObject('value', coalesce(parameters('eventHubEndpoints'), createArray())[copyIndex()].deadLetterSecret), createObject('value', ''))]", - "deadLetterUri": "[if(contains(coalesce(parameters('eventHubEndpoints'), createArray())[copyIndex()], 'deadLetterUri'), createObject('value', coalesce(parameters('eventHubEndpoints'), createArray())[copyIndex()].deadLetterUri), createObject('value', ''))]", - "endpointUri": "[if(contains(coalesce(parameters('eventHubEndpoints'), createArray())[copyIndex()], 'endpointUri'), createObject('value', coalesce(parameters('eventHubEndpoints'), createArray())[copyIndex()].endpointUri), createObject('value', ''))]", - "entityPath": "[if(contains(coalesce(parameters('eventHubEndpoints'), createArray())[copyIndex()], 'entityPath'), createObject('value', coalesce(parameters('eventHubEndpoints'), createArray())[copyIndex()].entityPath), createObject('value', ''))]", - "managedIdentities": "[if(contains(coalesce(parameters('eventHubEndpoints'), createArray())[copyIndex()], 'managedIdentities'), createObject('value', coalesce(parameters('eventHubEndpoints'), createArray())[copyIndex()].managedIdentities), createObject('value', createObject()))]" + "name": { + "value": "[coalesce(tryGet(coalesce(parameters('endpoints'), createArray())[copyIndex()], 'name'), if(equals(coalesce(parameters('endpoints'), createArray())[copyIndex()].endpointType, 'EventGrid'), 'EventGridEndpoint', if(equals(coalesce(parameters('endpoints'), createArray())[copyIndex()].endpointType, 'EventHub'), 'EventHubEndpoint', 'ServiceBusEndpoint')))]" + }, + "properties": { + "value": "[coalesce(parameters('endpoints'), createArray())[copyIndex()].properties]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -696,336 +1171,289 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "13923156882372448729" + "templateHash": "325523584095849913" }, - "name": "Digital Twins Instance EventHub Endpoint", - "description": "This module deploys a Digital Twins Instance EventHub Endpoint.", - "owner": "Azure/module-maintainers" + "name": "Digital Twins Instance Endpoint", + "description": "This module deploys a Digital Twins Instance Endpoint." }, "definitions": { - "managedIdentitiesType": { + "propertiesType": { + "type": "object", + "discriminator": { + "propertyName": "endpointType", + "mapping": { + "EventGrid": { + "$ref": "#/definitions/eventGridPropertiesType" + }, + "EventHub": { + "$ref": "#/definitions/eventHubPropertiesType" + }, + "ServiceBus": { + "$ref": "#/definitions/serviceBusPropertiesType" + } + } + }, + "metadata": { + "__bicep_export!": true, + "description": "The type for the Digital Twin Endpoint." + } + }, + "eventGridPropertiesType": { "type": "object", "properties": { - "systemAssigned": { - "type": "bool", + "endpointType": { + "type": "string", + "allowedValues": [ + "EventGrid" + ], + "metadata": { + "description": "Required. The type of endpoint to create." + } + }, + "deadLetterSecret": { + "type": "securestring", "nullable": true, "metadata": { - "description": "Optional. Enables system assigned managed identity on the resource." + "description": "Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read." } }, - "userAssignedResourceId": { + "deadLetterUri": { "type": "string", "nullable": true, "metadata": { - "description": "Optional. The resource ID(s) to assign to the resource." + "description": "Optional. Dead letter storage URL for identity-based authentication." + } + }, + "managedIdentities": { + "$ref": "#/definitions/managedIdentityAllType", + "nullable": true, + "metadata": { + "description": "Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both." + } + }, + "eventGridTopicResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the Event Grid Topic to get access keys from." } } }, - "nullable": true - } - }, - "parameters": { - "name": { - "type": "string", - "defaultValue": "EventHubEndpoint", - "metadata": { - "description": "Optional. The name of the Digital Twin Endpoint." - } - }, - "digitalTwinInstanceName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment." - } - }, - "authenticationType": { - "type": "string", - "defaultValue": "IdentityBased", - "allowedValues": [ - "IdentityBased", - "KeyBased" - ], - "metadata": { - "description": "Optional. Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified." - } - }, - "deadLetterSecret": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read." - } - }, - "deadLetterUri": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Dead letter storage URL for identity-based authentication." - } - }, - "connectionStringPrimaryKey": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "Conditional. PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is \"KeyBased\"." - } - }, - "connectionStringSecondaryKey": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "Optional. SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is \"KeyBased\"." - } - }, - "entityPath": { - "type": "string", - "defaultValue": "", "metadata": { - "description": "Optional. The EventHub name in the EventHub namespace for identity-based authentication." + "__bicep_export!": true, + "description": "The type for an event grid endpoint." } }, - "endpointUri": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The URL of the EventHub namespace for identity-based authentication. It must include the protocol 'sb://' (i.e. sb://xyz.servicebus.windows.net)." - } - }, - "managedIdentities": { - "$ref": "#/definitions/managedIdentitiesType", - "metadata": { - "description": "Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both." - } - } - }, - "variables": { - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), 'SystemAssigned', if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceId'), ''))), 'UserAssigned', null())), 'userAssignedIdentity', tryGet(parameters('managedIdentities'), 'userAssignedResourceId')), null())]" - }, - "resources": { - "digitalTwinsInstance": { - "existing": true, - "type": "Microsoft.DigitalTwins/digitalTwinsInstances", - "apiVersion": "2023-01-31", - "name": "[parameters('digitalTwinInstanceName')]" - }, - "endpoint": { - "type": "Microsoft.DigitalTwins/digitalTwinsInstances/endpoints", - "apiVersion": "2023-01-31", - "name": "[format('{0}/{1}', parameters('digitalTwinInstanceName'), parameters('name'))]", + "eventHubPropertiesType": { + "type": "object", "properties": { - "endpointType": "EventHub", - "authenticationType": "[parameters('authenticationType')]", - "connectionStringPrimaryKey": "[parameters('connectionStringPrimaryKey')]", - "connectionStringSecondaryKey": "[parameters('connectionStringSecondaryKey')]", - "deadLetterSecret": "[parameters('deadLetterSecret')]", - "deadLetterUri": "[parameters('deadLetterUri')]", - "endpointUri": "[parameters('endpointUri')]", - "entityPath": "[parameters('entityPath')]", - "identity": "[variables('identity')]" - } - } - }, - "outputs": { - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the Endpoint." + "endpointType": { + "type": "string", + "allowedValues": [ + "EventHub" + ], + "metadata": { + "description": "Required. The type of endpoint to create." + } + }, + "deadLetterSecret": { + "type": "securestring", + "nullable": true, + "metadata": { + "description": "Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read." + } + }, + "deadLetterUri": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Dead letter storage URL for identity-based authentication." + } + }, + "managedIdentities": { + "$ref": "#/definitions/managedIdentityAllType", + "nullable": true, + "metadata": { + "description": "Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both." + } + }, + "authentication": { + "$ref": "#/definitions/eventHubAuthorizationPropertiesType", + "metadata": { + "description": "Required. Specifies the authentication type being used for connecting to the endpoint." + } + } }, - "value": "[resourceId('Microsoft.DigitalTwins/digitalTwinsInstances/endpoints', parameters('digitalTwinInstanceName'), parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", "metadata": { - "description": "The name of the resource group the resource was created in." - }, - "value": "[resourceGroup().name]" + "__bicep_export!": true, + "description": "The type for an event hub endpoint." + } }, - "name": { - "type": "string", - "metadata": { - "description": "The name of the Endpoint." + "eventHubAuthorizationPropertiesType": { + "type": "object", + "discriminator": { + "propertyName": "type", + "mapping": { + "IdentityBased": { + "$ref": "#/definitions/eventHubIdentityBasedAuthenticationPropertiesType" + }, + "KeyBased": { + "$ref": "#/definitions/eventHubKeyBasedAuthenticationPropertiesType" + } + } }, - "value": "[parameters('name')]" - }, - "systemAssignedMIPrincipalId": { - "type": "string", "metadata": { - "description": "The principal ID of the system assigned identity. Note: As of 2024-03 is not exported by API." - }, - "value": "[coalesce(tryGet(tryGet(reference('endpoint', '2023-01-31', 'full'), 'identity'), 'principalId'), '')]" - } - } - } - }, - "dependsOn": [ - "digitalTwinsInstance" - ] - }, - "digitalTwinsInstance_eventGridEndpoints": { - "copy": { - "name": "digitalTwinsInstance_eventGridEndpoints", - "count": "[length(coalesce(parameters('eventGridEndpoints'), createArray()))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-DigitalTwinsInstance-Endpoints-EventGrid-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "digitalTwinInstanceName": { - "value": "[parameters('name')]" - }, - "name": "[if(contains(coalesce(parameters('eventGridEndpoints'), createArray())[copyIndex()], 'name'), createObject('value', coalesce(parameters('eventGridEndpoints'), createArray())[copyIndex()].name), createObject('value', 'EventGridEndpoint'))]", - "topicEndpoint": "[if(contains(coalesce(parameters('eventGridEndpoints'), createArray())[copyIndex()], 'topicEndpoint'), createObject('value', coalesce(parameters('eventGridEndpoints'), createArray())[copyIndex()].topicEndpoint), createObject('value', ''))]", - "deadLetterSecret": "[if(contains(coalesce(parameters('eventGridEndpoints'), createArray())[copyIndex()], 'deadLetterSecret'), createObject('value', coalesce(parameters('eventGridEndpoints'), createArray())[copyIndex()].deadLetterSecret), createObject('value', ''))]", - "deadLetterUri": "[if(contains(coalesce(parameters('eventGridEndpoints'), createArray())[copyIndex()], 'deadLetterUri'), createObject('value', coalesce(parameters('eventGridEndpoints'), createArray())[copyIndex()].deadLetterUri), createObject('value', ''))]", - "eventGridDomainResourceId": "[if(contains(coalesce(parameters('eventGridEndpoints'), createArray())[copyIndex()], 'eventGridDomainId'), createObject('value', coalesce(parameters('eventGridEndpoints'), createArray())[copyIndex()].eventGridDomainId), createObject('value', ''))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "14357918051528584394" + "__bicep_export!": true + } }, - "name": "Digital Twins Instance Event Grid Endpoints", - "description": "This module deploys a Digital Twins Instance Event Grid Endpoint.", - "owner": "Azure/module-maintainers" - }, - "parameters": { - "name": { - "type": "string", - "defaultValue": "EventGridEndpoint", - "metadata": { - "description": "Optional. The name of the Digital Twin Endpoint." + "eventHubIdentityBasedAuthenticationPropertiesType": { + "type": "object", + "properties": { + "type": { + "type": "string", + "allowedValues": [ + "IdentityBased" + ], + "metadata": { + "description": "Required. Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is select, the endpointUri and entityPath properties must be specified." + } + }, + "eventHubResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the Event Hub Namespace Event Hub." + } + } } }, - "digitalTwinInstanceName": { - "type": "string", - "metadata": { - "description": "Conditional. The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment." + "eventHubKeyBasedAuthenticationPropertiesType": { + "type": "object", + "properties": { + "type": { + "type": "string", + "allowedValues": [ + "KeyBased" + ], + "metadata": { + "description": "Required. Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is select, the endpointUri and entityPath properties must be specified." + } + }, + "eventHubResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the Event Hub Namespace Event Hub." + } + }, + "eventHubAuthorizationRuleName": { + "type": "string", + "metadata": { + "description": "Required. The name of the Event Hub Namespace Event Hub Authorization Rule." + } + } } }, - "topicEndpoint": { - "type": "string", + "serviceBusPropertiesType": { + "type": "object", + "properties": { + "endpointType": { + "type": "string", + "allowedValues": [ + "ServiceBus" + ], + "metadata": { + "description": "Required. The type of endpoint to create." + } + }, + "authentication": { + "$ref": "#/definitions/serviceBusNamespaceAuthorizationPropertiesType", + "metadata": { + "description": "Required. Specifies the authentication type being used for connecting to the endpoint." + } + }, + "deadLetterSecret": { + "type": "securestring", + "nullable": true, + "metadata": { + "description": "Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read." + } + }, + "deadLetterUri": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Dead letter storage URL for identity-based authentication." + } + }, + "managedIdentities": { + "$ref": "#/definitions/managedIdentityAllType", + "nullable": true, + "metadata": { + "description": "Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both." + } + } + }, "metadata": { - "description": "Required. EventGrid Topic Endpoint." + "__bicep_export!": true, + "description": "The type for a service bus endpoint." } }, - "eventGridDomainResourceId": { - "type": "string", + "serviceBusNamespaceAuthorizationPropertiesType": { + "type": "object", + "discriminator": { + "propertyName": "type", + "mapping": { + "IdentityBased": { + "$ref": "#/definitions/serviceBusNamespaceIdentityBasedAuthenticationPropertiesType" + }, + "KeyBased": { + "$ref": "#/definitions/serviceBusNamespaceKeyBasedAuthenticationPropertiesType" + } + } + }, "metadata": { - "description": "Required. The resource ID of the Event Grid to get access keys from." + "__bicep_export!": true } }, - "deadLetterSecret": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read." + "serviceBusNamespaceIdentityBasedAuthenticationPropertiesType": { + "type": "object", + "properties": { + "type": { + "type": "string", + "allowedValues": [ + "IdentityBased" + ], + "metadata": { + "description": "Required. Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is select, the endpointUri and entityPath properties must be specified." + } + }, + "serviceBusNamespaceTopicResourceId": { + "type": "string", + "metadata": { + "description": "Required. The ServiceBus Namespace Topic resource ID." + } + } } }, - "deadLetterUri": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Dead letter storage URL for identity-based authentication." - } - } - }, - "resources": [ - { - "type": "Microsoft.DigitalTwins/digitalTwinsInstances/endpoints", - "apiVersion": "2023-01-31", - "name": "[format('{0}/{1}', parameters('digitalTwinInstanceName'), parameters('name'))]", + "serviceBusNamespaceKeyBasedAuthenticationPropertiesType": { + "type": "object", "properties": { - "endpointType": "EventGrid", - "authenticationType": "KeyBased", - "TopicEndpoint": "[parameters('topicEndpoint')]", - "accessKey1": "[listkeys(parameters('eventGridDomainResourceId'), '2022-06-15').key1]", - "accessKey2": "[listkeys(parameters('eventGridDomainResourceId'), '2022-06-15').key2]", - "deadLetterSecret": "[parameters('deadLetterSecret')]", - "deadLetterUri": "[parameters('deadLetterUri')]" + "type": { + "type": "string", + "allowedValues": [ + "KeyBased" + ], + "metadata": { + "description": "Required. Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is select, the endpointUri and entityPath properties must be specified." + } + }, + "serviceBusNamespaceAuthorizationRuleResourceId": { + "type": "string", + "metadata": { + "description": "Required. The ServiceBus Namespace Authorization Rule resource ID." + } + } } - } - ], - "outputs": { - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the Endpoint." - }, - "value": "[resourceId('Microsoft.DigitalTwins/digitalTwinsInstances/endpoints', parameters('digitalTwinInstanceName'), parameters('name'))]" - }, - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The name of the resource group the resource was created in." - }, - "value": "[resourceGroup().name]" - }, - "name": { - "type": "string", - "metadata": { - "description": "The name of the Endpoint." - }, - "value": "[parameters('name')]" - } - } - } - }, - "dependsOn": [ - "digitalTwinsInstance" - ] - }, - "digitalTwinsInstance_serviceBusEndpoints": { - "copy": { - "name": "digitalTwinsInstance_serviceBusEndpoints", - "count": "[length(coalesce(parameters('serviceBusEndpoints'), createArray()))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-DigitalTwinsInstance-Endpoints-ServiceBus-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "digitalTwinInstanceName": { - "value": "[parameters('name')]" - }, - "name": "[if(contains(coalesce(parameters('serviceBusEndpoints'), createArray())[copyIndex()], 'name'), createObject('value', coalesce(parameters('serviceBusEndpoints'), createArray())[copyIndex()].name), createObject('value', 'ServiceBusEndpoint'))]", - "authenticationType": "[if(contains(coalesce(parameters('serviceBusEndpoints'), createArray())[copyIndex()], 'authenticationType'), createObject('value', coalesce(parameters('serviceBusEndpoints'), createArray())[copyIndex()].authenticationType), createObject('value', ''))]", - "deadLetterSecret": "[if(contains(coalesce(parameters('serviceBusEndpoints'), createArray())[copyIndex()], 'deadLetterSecret'), createObject('value', coalesce(parameters('serviceBusEndpoints'), createArray())[copyIndex()].deadLetterSecret), createObject('value', ''))]", - "deadLetterUri": "[if(contains(coalesce(parameters('serviceBusEndpoints'), createArray())[copyIndex()], 'deadLetterUri'), createObject('value', coalesce(parameters('serviceBusEndpoints'), createArray())[copyIndex()].deadLetterUri), createObject('value', ''))]", - "endpointUri": "[if(contains(coalesce(parameters('serviceBusEndpoints'), createArray())[copyIndex()], 'endpointUri'), createObject('value', coalesce(parameters('serviceBusEndpoints'), createArray())[copyIndex()].endpointUri), createObject('value', ''))]", - "entityPath": "[if(contains(coalesce(parameters('serviceBusEndpoints'), createArray())[copyIndex()], 'entityPath'), createObject('value', coalesce(parameters('serviceBusEndpoints'), createArray())[copyIndex()].entityPath), createObject('value', ''))]", - "primaryConnectionString": "[if(contains(coalesce(parameters('serviceBusEndpoints'), createArray())[copyIndex()], 'primaryConnectionString'), createObject('value', coalesce(parameters('serviceBusEndpoints'), createArray())[copyIndex()].primaryConnectionString), createObject('value', ''))]", - "secondaryConnectionString": "[if(contains(coalesce(parameters('serviceBusEndpoints'), createArray())[copyIndex()], 'secondaryConnectionString'), createObject('value', coalesce(parameters('serviceBusEndpoints'), createArray())[copyIndex()].secondaryConnectionString), createObject('value', ''))]", - "managedIdentities": "[if(contains(coalesce(parameters('serviceBusEndpoints'), createArray())[copyIndex()], 'managedIdentities'), createObject('value', coalesce(parameters('serviceBusEndpoints'), createArray())[copyIndex()].managedIdentities), createObject('value', createObject()))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "languageVersion": "2.0", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.32.4.45862", - "templateHash": "9917080858184002423" }, - "name": "Digital Twins Instance ServiceBus Endpoint", - "description": "This module deploys a Digital Twins Instance ServiceBus Endpoint.", - "owner": "Azure/module-maintainers" - }, - "definitions": { - "managedIdentitiesType": { + "managedIdentityAllType": { "type": "object", "properties": { "systemAssigned": { @@ -1035,23 +1463,30 @@ "description": "Optional. Enables system assigned managed identity on the resource." } }, - "userAssignedResourceId": { - "type": "string", + "userAssignedResourceIds": { + "type": "array", + "items": { + "type": "string" + }, "nullable": true, "metadata": { - "description": "Optional. The resource ID(s) to assign to the resource." + "description": "Optional. The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption." } } }, - "nullable": true + "metadata": { + "description": "An AVM-aligned type for a managed identity configuration. To be used if both a system-assigned & user-assigned identities are supported by the resource provider.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.4.1" + } + } } }, "parameters": { "name": { "type": "string", - "defaultValue": "ServiceBusEndpoint", "metadata": { - "description": "Optional. The name of the Digital Twin Endpoint." + "description": "Required. The name of the Digital Twin Endpoint." } }, "digitalTwinInstanceName": { @@ -1060,70 +1495,74 @@ "description": "Conditional. The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment." } }, - "authenticationType": { - "type": "string", - "defaultValue": "IdentityBased", - "allowedValues": [ - "IdentityBased", - "KeyBased" - ], - "metadata": { - "description": "Optional. Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified." - } - }, - "deadLetterSecret": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "Optional. Dead letter storage secret for key-based authentication. Will be obfuscated during read." - } - }, - "deadLetterUri": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Dead letter storage URL for identity-based authentication." - } - }, - "endpointUri": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The URL of the ServiceBus namespace for identity-based authentication. It must include the protocol 'sb://' (e.g. sb://xyz.servicebus.windows.net)." - } - }, - "entityPath": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The ServiceBus Topic name for identity-based authentication." - } - }, - "primaryConnectionString": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "Conditional. PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is \"KeyBased\"." - } - }, - "secondaryConnectionString": { - "type": "securestring", - "defaultValue": "", - "metadata": { - "description": "Optional. SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is \"KeyBased\"." - } - }, - "managedIdentities": { - "$ref": "#/definitions/managedIdentitiesType", + "properties": { + "$ref": "#/definitions/propertiesType", "metadata": { - "description": "Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both." + "description": "Required. The properties of the endpoint." } } }, "variables": { - "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(coalesce(tryGet(parameters('managedIdentities'), 'systemAssigned'), false()), 'SystemAssigned', if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceId'), ''))), 'UserAssigned', null())), 'userAssignedIdentity', tryGet(parameters('managedIdentities'), 'userAssignedResourceId')), null())]" + "identity": "[if(not(empty(tryGet(parameters('properties'), 'managedIdentities'))), createObject('type', if(coalesce(tryGet(tryGet(parameters('properties'), 'managedIdentities'), 'systemAssigned'), false()), 'SystemAssigned', if(not(empty(coalesce(tryGet(tryGet(parameters('properties'), 'managedIdentities'), 'userAssignedResourceId'), ''))), 'UserAssigned', null())), 'userAssignedIdentity', tryGet(tryGet(parameters('properties'), 'managedIdentities'), 'userAssignedResourceId')), null())]" }, "resources": { + "eventHubNamespace::eventHub::authorizationRule": { + "condition": "[and(and(equals(parameters('properties').endpointType, 'EventHub'), equals(parameters('properties').endpointType, 'EventHub')), not(empty(tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName'))))]", + "existing": true, + "type": "Microsoft.EventHub/namespaces/eventhubs/authorizationRules", + "apiVersion": "2024-01-01", + "subscriptionId": "[split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2]]", + "resourceGroup": "[split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]]", + "name": "[format('{0}/{1}/{2}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName'))]" + }, + "eventHubNamespace::eventHub": { + "condition": "[and(equals(parameters('properties').endpointType, 'EventHub'), equals(parameters('properties').endpointType, 'EventHub'))]", + "existing": true, + "type": "Microsoft.EventHub/namespaces/eventhubs", + "apiVersion": "2024-01-01", + "subscriptionId": "[split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2]]", + "resourceGroup": "[split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]]", + "name": "[format('{0}/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')))]" + }, + "serviceBusNamespace::topic": { + "condition": "[and(equals(parameters('properties').endpointType, 'ServiceBus'), not(empty(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'))))]", + "existing": true, + "type": "Microsoft.ServiceBus/namespaces/topics", + "apiVersion": "2024-01-01", + "name": "[format('{0}/{1}', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'))]" + }, + "serviceBusNamespace::authorizationRule": { + "condition": "[and(equals(parameters('properties').endpointType, 'ServiceBus'), not(empty(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'))))]", + "existing": true, + "type": "Microsoft.ServiceBus/namespaces/AuthorizationRules", + "apiVersion": "2024-01-01", + "name": "[format('{0}/{1}', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'))]" + }, + "eventGridTopic": { + "condition": "[equals(parameters('properties').endpointType, 'EventGrid')]", + "existing": true, + "type": "Microsoft.EventGrid/topics", + "apiVersion": "2022-06-15", + "subscriptionId": "[split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2]]", + "resourceGroup": "[split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]]", + "name": "[split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/')[1]]" + }, + "eventHubNamespace": { + "condition": "[equals(parameters('properties').endpointType, 'EventHub')]", + "existing": true, + "type": "Microsoft.EventHub/namespaces", + "apiVersion": "2024-01-01", + "subscriptionId": "[split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2]]", + "resourceGroup": "[split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]]", + "name": "[split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8]]" + }, + "serviceBusNamespace": { + "condition": "[equals(parameters('properties').endpointType, 'ServiceBus')]", + "existing": true, + "type": "Microsoft.ServiceBus/namespaces", + "apiVersion": "2024-01-01", + "name": "[if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8])]" + }, "digitalTwinsInstance": { "existing": true, "type": "Microsoft.DigitalTwins/digitalTwinsInstances", @@ -1134,17 +1573,10 @@ "type": "Microsoft.DigitalTwins/digitalTwinsInstances/endpoints", "apiVersion": "2023-01-31", "name": "[format('{0}/{1}', parameters('digitalTwinInstanceName'), parameters('name'))]", - "properties": { - "endpointType": "ServiceBus", - "authenticationType": "[parameters('authenticationType')]", - "deadLetterSecret": "[parameters('deadLetterSecret')]", - "deadLetterUri": "[parameters('deadLetterUri')]", - "endpointUri": "[parameters('endpointUri')]", - "entityPath": "[parameters('entityPath')]", - "primaryConnectionString": "[parameters('primaryConnectionString')]", - "secondaryConnectionString": "[parameters('secondaryConnectionString')]", - "identity": "[variables('identity')]" - } + "properties": "[shallowMerge(createArray(createObject('endpointType', parameters('properties').endpointType, 'identity', variables('identity'), 'deadLetterSecret', tryGet(parameters('properties'), 'deadLetterSecret'), 'deadLetterUri', tryGet(parameters('properties'), 'deadLetterUri')), if(equals(parameters('properties').endpointType, 'EventGrid'), createObject('authenticationType', 'KeyBased', 'TopicEndpoint', reference('eventGridTopic').endpoint, 'accessKey1', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/')[1]), '2022-06-15').key1, 'accessKey2', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/')[1]), '2022-06-15').key2), createObject()), if(equals(parameters('properties').endpointType, 'EventHub'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authenticationType), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8]), 'entityPath', last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/'))), createObject('connectionStringPrimaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').primaryConnectionString, 'connectionStringSecondaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').secondaryConnectionString)))), createObject()), if(equals(parameters('properties').endpointType, 'ServiceBus'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authentication.type), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8])), 'entityPath', tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId')), createObject('primaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId')), '2024-01-01').primaryConnectionString, 'secondaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId')), '2024-01-01').secondaryConnectionString)))), createObject())))]", + "dependsOn": [ + "eventGridTopic" + ] } }, "outputs": { @@ -1168,13 +1600,6 @@ "description": "The name of the Endpoint." }, "value": "[parameters('name')]" - }, - "systemAssignedMIPrincipalId": { - "type": "string", - "metadata": { - "description": "The principal ID of the system assigned identity. Note: As of 2024-03 is not exported by API." - }, - "value": "[coalesce(tryGet(tryGet(reference('endpoint', '2023-01-31', 'full'), 'identity'), 'principalId'), '')]" } } } @@ -1215,11 +1640,8 @@ "lock": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'lock'), parameters('lock'))]" }, - "privateDnsZoneGroupName": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroupName')]" - }, - "privateDnsZoneResourceIds": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneResourceIds')]" + "privateDnsZoneGroup": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroup')]" }, "roleAssignments": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'roleAssignments')]" @@ -1247,79 +1669,189 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "4120048060064073955" + "version": "0.30.23.60470", + "templateHash": "6724714132049298262" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", "owner": "Azure/module-maintainers" }, "definitions": { - "roleAssignmentType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "principalId": { - "type": "string", - "metadata": { - "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." - } + "privateDnsZoneGroupType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the Private DNS Zone Group." + } + }, + "privateDnsZoneGroupConfigs": { + "type": "array", + "items": { + "$ref": "#/definitions/privateDnsZoneGroupConfigType" }, - "principalType": { - "type": "string", - "allowedValues": [ - "Device", - "ForeignGroup", - "Group", - "ServicePrincipal", - "User" - ], - "nullable": true, - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." + "metadata": { + "description": "Required. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "ipConfigurationType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the resource that is unique within a resource group." + } + }, + "properties": { + "type": "object", + "properties": { + "groupId": { + "type": "string", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string." + } + }, + "memberName": { + "type": "string", + "metadata": { + "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string." + } + }, + "privateIPAddress": { + "type": "string", + "metadata": { + "description": "Required. A private IP address obtained from the private endpoint's subnet." + } } }, - "description": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The description of the role assignment." + "metadata": { + "description": "Required. Properties of private endpoint IP configurations." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "manualPrivateLinkServiceConnectionType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the private link service connection." + } + }, + "properties": { + "type": "object", + "properties": { + "groupIds": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string array `[]`." + } + }, + "privateLinkServiceId": { + "type": "string", + "metadata": { + "description": "Required. The resource id of private link service." + } + }, + "requestMessage": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." + } } }, - "condition": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + "metadata": { + "description": "Required. Properties of private link service connection." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "privateLinkServiceConnectionType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the private link service connection." + } + }, + "properties": { + "type": "object", + "properties": { + "groupIds": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string array `[]`." + } + }, + "privateLinkServiceId": { + "type": "string", + "metadata": { + "description": "Required. The resource id of private link service." + } + }, + "requestMessage": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." + } } }, - "conditionVersion": { - "type": "string", - "allowedValues": [ - "2.0" - ], - "nullable": true, - "metadata": { - "description": "Optional. Version of the condition." - } + "metadata": { + "description": "Required. Properties of private link service connection." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "customDnsConfigType": { + "type": "object", + "properties": { + "fqdn": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. FQDN that resolves to private endpoint IP address." + } + }, + "ipAddresses": { + "type": "array", + "items": { + "type": "string" }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The Resource Id of the delegated managed identity resource." - } + "metadata": { + "description": "Required. A list of private IP addresses of the private endpoint." } } }, - "nullable": true + "metadata": { + "__bicep_export!": true + } }, "lockType": { "type": "object", @@ -1344,155 +1876,110 @@ } } }, - "nullable": true - }, - "ipConfigurationsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the resource that is unique within a resource group." - } - }, - "properties": { - "type": "object", - "properties": { - "groupId": { - "type": "string", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "memberName": { - "type": "string", - "metadata": { - "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateIPAddress": { - "type": "string", - "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." - } - } - }, - "metadata": { - "description": "Required. Properties of private endpoint IP configurations." - } - } + "metadata": { + "description": "An AVM-aligned type for a lock.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.2.1" } - }, - "nullable": true + } }, - "manualPrivateLinkServiceConnectionsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, - "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } - }, - "requestMessage": { - "type": "string", - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } - } - }, - "metadata": { - "description": "Required. Properties of private link service connection." - } + "privateDnsZoneGroupConfigType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the private DNS zone group config." } - } - }, - "nullable": true - }, - "privateLinkServiceConnectionsType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, - "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } - }, - "requestMessage": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } - } - }, - "metadata": { - "description": "Required. Properties of private link service connection." - } + }, + "privateDnsZoneResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource id of the private DNS zone." } } }, - "nullable": true + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "private-dns-zone-group/main.bicep" + } + } }, - "customDnsConfigType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "fqdn": { - "type": "string", - "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." - } - }, - "ipAddresses": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." - } + "roleAssignmentType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." } } }, - "nullable": true + "metadata": { + "description": "An AVM-aligned type for a role assignment.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.2.1" + } + } } }, "parameters": { @@ -1510,6 +1997,9 @@ }, "applicationSecurityGroupResourceIds": { "type": "array", + "items": { + "type": "string" + }, "nullable": true, "metadata": { "description": "Optional. Application security groups in which the private endpoint IP configuration is included." @@ -1523,23 +2013,20 @@ } }, "ipConfigurations": { - "$ref": "#/definitions/ipConfigurationsType", - "metadata": { - "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." - } - }, - "privateDnsZoneGroupName": { - "type": "string", + "type": "array", + "items": { + "$ref": "#/definitions/ipConfigurationType" + }, "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." + "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." } }, - "privateDnsZoneResourceIds": { - "type": "array", + "privateDnsZoneGroup": { + "$ref": "#/definitions/privateDnsZoneGroupType", "nullable": true, "metadata": { - "description": "Optional. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones." + "description": "Optional. The private DNS zone group to configure for the private endpoint." } }, "location": { @@ -1551,12 +2038,17 @@ }, "lock": { "$ref": "#/definitions/lockType", + "nullable": true, "metadata": { "description": "Optional. The lock settings of the service." } }, "roleAssignments": { - "$ref": "#/definitions/roleAssignmentType", + "type": "array", + "items": { + "$ref": "#/definitions/roleAssignmentType" + }, + "nullable": true, "metadata": { "description": "Optional. Array of role assignments to create." } @@ -1569,19 +2061,31 @@ } }, "customDnsConfigs": { - "$ref": "#/definitions/customDnsConfigType", + "type": "array", + "items": { + "$ref": "#/definitions/customDnsConfigType" + }, + "nullable": true, "metadata": { "description": "Optional. Custom DNS configurations." } }, "manualPrivateLinkServiceConnections": { - "$ref": "#/definitions/manualPrivateLinkServiceConnectionsType", + "type": "array", + "items": { + "$ref": "#/definitions/manualPrivateLinkServiceConnectionType" + }, + "nullable": true, "metadata": { "description": "Optional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource." } }, "privateLinkServiceConnections": { - "$ref": "#/definitions/privateLinkServiceConnectionsType", + "type": "array", + "items": { + "$ref": "#/definitions/privateLinkServiceConnectionType" + }, + "nullable": true, "metadata": { "description": "Optional. A grouping of information about the connection to the remote resource." } @@ -1595,6 +2099,13 @@ } }, "variables": { + "copy": [ + { + "name": "formattedRoleAssignments", + "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]", + "input": "[union(coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')], createObject('roleDefinitionId', coalesce(tryGet(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')].roleDefinitionIdOrName), if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')].roleDefinitionIdOrName)))))]" + } + ], "builtInRoleNames": { "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", @@ -1605,15 +2116,15 @@ "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", - "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]" + "Role Based Access Control Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]" } }, "resources": { "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2023-07-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.4.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2024-03-01", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.9.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1631,7 +2142,7 @@ }, "privateEndpoint": { "type": "Microsoft.Network/privateEndpoints", - "apiVersion": "2023-04-01", + "apiVersion": "2023-11-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -1672,27 +2183,27 @@ "privateEndpoint_roleAssignments": { "copy": { "name": "privateEndpoint_roleAssignments", - "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]" + "count": "[length(coalesce(variables('formattedRoleAssignments'), createArray()))]" }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "scope": "[format('Microsoft.Network/privateEndpoints/{0}', parameters('name'))]", - "name": "[guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.Network/privateEndpoints', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)))]", - "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", - "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", - "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", - "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]", - "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", - "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" + "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", + "principalId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId]", + "description": "[tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'description')]", + "principalType": "[tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'principalType')]", + "condition": "[tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'condition')]", + "conditionVersion": "[if(not(empty(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", + "delegatedManagedIdentityResourceId": "[tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" }, "dependsOn": [ "privateEndpoint" ] }, "privateEndpoint_privateDnsZoneGroup": { - "condition": "[not(empty(parameters('privateDnsZoneResourceIds')))]", + "condition": "[not(empty(parameters('privateDnsZoneGroup')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-PrivateEndpoint-PrivateDnsZoneGroup', uniqueString(deployment().name))]", @@ -1703,28 +2214,52 @@ "mode": "Incremental", "parameters": { "name": { - "value": "[coalesce(parameters('privateDnsZoneGroupName'), 'default')]" - }, - "privateDNSResourceIds": { - "value": "[coalesce(parameters('privateDnsZoneResourceIds'), createArray())]" + "value": "[tryGet(parameters('privateDnsZoneGroup'), 'name')]" }, "privateEndpointName": { "value": "[parameters('name')]" + }, + "privateDnsZoneConfigs": { + "value": "[parameters('privateDnsZoneGroup').privateDnsZoneGroupConfigs]" } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.25.53.49325", - "templateHash": "11244630631275470040" + "version": "0.30.23.60470", + "templateHash": "12329174801198479603" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", "owner": "Azure/module-maintainers" }, + "definitions": { + "privateDnsZoneGroupConfigType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the private DNS zone group config." + } + }, + "privateDnsZoneResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource id of the private DNS zone." + } + } + }, + "metadata": { + "__bicep_export!": true + } + } + }, "parameters": { "privateEndpointName": { "type": "string", @@ -1732,12 +2267,15 @@ "description": "Conditional. The name of the parent private endpoint. Required if the template is used in a standalone deployment." } }, - "privateDNSResourceIds": { + "privateDnsZoneConfigs": { "type": "array", + "items": { + "$ref": "#/definitions/privateDnsZoneGroupConfigType" + }, "minLength": 1, "maxLength": 5, "metadata": { - "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." + "description": "Required. Array of private DNS zone configurations of the private DNS zone group. A DNS zone group can support up to 5 DNS zones." } }, "name": { @@ -1751,27 +2289,36 @@ "variables": { "copy": [ { - "name": "privateDnsZoneConfigs", - "count": "[length(parameters('privateDNSResourceIds'))]", + "name": "privateDnsZoneConfigsVar", + "count": "[length(parameters('privateDnsZoneConfigs'))]", "input": { - "name": "[last(split(parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')], '/'))]", + "name": "[coalesce(tryGet(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')], 'name'), last(split(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')].privateDnsZoneResourceId, '/')))]", "properties": { - "privateDnsZoneId": "[parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')]]" + "privateDnsZoneId": "[parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')].privateDnsZoneResourceId]" } } } ] }, - "resources": [ - { + "resources": { + "privateEndpoint": { + "existing": true, + "type": "Microsoft.Network/privateEndpoints", + "apiVersion": "2023-11-01", + "name": "[parameters('privateEndpointName')]" + }, + "privateDnsZoneGroup": { "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", - "apiVersion": "2023-04-01", + "apiVersion": "2023-11-01", "name": "[format('{0}/{1}', parameters('privateEndpointName'), parameters('name'))]", "properties": { - "privateDnsZoneConfigs": "[variables('privateDnsZoneConfigs')]" - } + "privateDnsZoneConfigs": "[variables('privateDnsZoneConfigsVar')]" + }, + "dependsOn": [ + "privateEndpoint" + ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1829,14 +2376,35 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('privateEndpoint', '2023-04-01', 'full').location]" + "value": "[reference('privateEndpoint', '2023-11-01', 'full').location]" + }, + "customDnsConfig": { + "type": "array", + "items": { + "$ref": "#/definitions/customDnsConfigType" + }, + "metadata": { + "description": "The custom DNS configurations of the private endpoint." + }, + "value": "[reference('privateEndpoint').customDnsConfigs]" + }, + "networkInterfaceResourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "The resource IDs of the network interfaces associated with the private endpoint." + }, + "value": "[map(reference('privateEndpoint').networkInterfaces, lambda('nic', lambdaVariables('nic').id))]" }, "groupId": { "type": "string", + "nullable": true, "metadata": { "description": "The group Id for the private endpoint Group." }, - "value": "[if(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties.groupIds[0], reference('privateEndpoint').privateLinkServiceConnections[0].properties.groupIds[0])]" + "value": "[coalesce(tryGet(tryGet(tryGet(tryGet(reference('privateEndpoint'), 'manualPrivateLinkServiceConnections'), 0, 'properties'), 'groupIds'), 0), tryGet(tryGet(tryGet(tryGet(reference('privateEndpoint'), 'privateLinkServiceConnections'), 0, 'properties'), 'groupIds'), 0))]" } } } @@ -1884,10 +2452,30 @@ }, "systemAssignedMIPrincipalId": { "type": "string", + "nullable": true, "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[coalesce(tryGet(tryGet(reference('digitalTwinsInstance', '2023-01-31', 'full'), 'identity'), 'principalId'), '')]" + "value": "[tryGet(tryGet(reference('digitalTwinsInstance', '2023-01-31', 'full'), 'identity'), 'principalId')]" + }, + "privateEndpoints": { + "type": "array", + "items": { + "$ref": "#/definitions/privateEndpointOutputType" + }, + "metadata": { + "description": "The private endpoints of the key vault." + }, + "copy": { + "count": "[length(coalesce(parameters('privateEndpoints'), createArray()))]", + "input": { + "name": "[reference(format('digitalTwinsInstance_privateEndpoints[{0}]', copyIndex())).outputs.name.value]", + "resourceId": "[reference(format('digitalTwinsInstance_privateEndpoints[{0}]', copyIndex())).outputs.resourceId.value]", + "groupId": "[reference(format('digitalTwinsInstance_privateEndpoints[{0}]', copyIndex())).outputs.groupId.value]", + "customDnsConfigs": "[reference(format('digitalTwinsInstance_privateEndpoints[{0}]', copyIndex())).outputs.customDnsConfig.value]", + "networkInterfaceResourceIds": "[reference(format('digitalTwinsInstance_privateEndpoints[{0}]', copyIndex())).outputs.networkInterfaceResourceIds.value]" + } + } } } } \ No newline at end of file diff --git a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep index ea5443ccc1..ebdab30cc6 100644 --- a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep +++ b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep @@ -13,11 +13,11 @@ param eventHubNamespaceName string @description('Required. The name of the Event Hub to create.') param eventHubName string -@description('Required. Service Bus name') -param serviceBusName string +@description('Required. The name of the Service Bus Namespace to create.') +param serviceBusNamespaceName string -@description('Required. Event Grid Domain name.') -param eventGridDomainName string +@description('Required. The name of the Event Grid Topic to create.') +param eventGridTopicName string var addressPrefix = '10.0.0.0/16' @@ -78,11 +78,21 @@ resource eventHubNamespace 'Microsoft.EventHub/namespaces@2022-10-01-preview' = resource eventHub 'eventhubs@2022-10-01-preview' = { name: eventHubName + + resource authorizationRule 'authorizationRules@2024-01-01' = { + name: 'testRule' + properties: { + rights: [ + 'Listen' + 'Send' + ] + } + } } } -resource serviceBus 'Microsoft.ServiceBus/namespaces@2022-10-01-preview' = { - name: serviceBusName +resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces@2022-10-01-preview' = { + name: serviceBusNamespaceName location: location properties: { zoneRedundant: false @@ -91,18 +101,21 @@ resource serviceBus 'Microsoft.ServiceBus/namespaces@2022-10-01-preview' = { resource topic 'topics@2022-10-01-preview' = { name: 'topic' } -} -resource eventGridDomain 'Microsoft.EventGrid/domains@2022-06-15' = { - name: eventGridDomainName - location: location - properties: { - disableLocalAuth: false + resource authorizationRule 'AuthorizationRules@2024-01-01' = { + name: 'testRule' + properties: { + rights: [ + 'Listen' + 'Send' + ] + } } +} - resource topic 'topics@2022-06-15' = { - name: 'topic' - } +resource eventGridTopic 'Microsoft.EventGrid/topics@2022-06-15' = { + name: eventGridTopicName + location: location } resource eventHubNamespaceRbacAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { @@ -120,7 +133,7 @@ resource eventHubNamespaceRbacAssignment 'Microsoft.Authorization/roleAssignment resource serviceBusRbacAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid(managedIdentity.id, 'sbrbacAssignment') - scope: serviceBus + scope: serviceBusNamespace properties: { roleDefinitionId: subscriptionResourceId( 'Microsoft.Authorization/roleDefinitions', @@ -141,28 +154,22 @@ output managedIdentityPrincipalId string = managedIdentity.properties.principalI output privateDNSZoneResourceId string = privateDNSZone.id @description('The name of the Event Hub Namespace.') -output eventhubNamespaceName string = eventHubNamespace.name +output eventHubNamespaceName string = eventHubNamespace.name -@description('The resource ID of the created Event Hub Namespace.') -output eventHubResourceId string = eventHubNamespace::eventHub.id +@description('The name of the Event Hub Namespace Event Hub Authorization Rule.') +output eventHubNamespaceEventHubAuthorizationRuleName string = eventHubNamespace::eventHub::authorizationRule.name -@description('The name of the Event Hub.') -output eventhubName string = eventHubNamespace::eventHub.name +@description('The resource ID of the Service Bus Topic.') +output serviceBusNamespaceTopicResourceId string = serviceBusNamespace::topic.id -@description('The name of the Service Bus Namespace.') -output serviceBusName string = serviceBus.name +@description('The resource ID of the Service Bus Authorization Rule.') +output serviceBusNamespaceAuthorizationRuleResourceId string = serviceBusNamespace::authorizationRule.id -@description('The name of the Service Bus Topic.') -output serviceBusTopicName string = serviceBus::topic.name - -@description('The Event Grid endpoint uri.') -output eventGridEndpoint string = eventGridDomain.properties.endpoint +@description('The resource ID of the created Managed Identity.') +output managedIdentityResourceId string = managedIdentity.id @description('The resource ID of the created Event Grid Topic.') -output eventGridTopicResourceId string = eventGridDomain::topic.id - -@description('The resource ID of the created Event Grid Domain.') -output eventGridDomainResourceId string = eventGridDomain.id +output eventGridTopicResourceId string = eventGridTopic.id -@description('The resource ID of the created Managed Identity.') -output managedIdentityResourceId string = managedIdentity.id +@description('The resource ID of the created Event Hub Namespace Event Hub.') +output eventHubNamespaceEventHubResourceId string = eventHubNamespace::eventHub.id diff --git a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep index 896cffba56..245eac8137 100644 --- a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep +++ b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep @@ -38,10 +38,10 @@ module nestedDependencies 'dependencies.bicep' = { location: resourceLocation virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' - eventHubName: 'dt-${serviceShort}-evh-01' - eventHubNamespaceName: 'dt-${serviceShort}-evhns-01' - serviceBusName: 'dt-${serviceShort}-sb-01' - eventGridDomainName: 'dt-${serviceShort}-evg-01' + eventHubName: 'dep-${serviceShort}-evh-01' + eventHubNamespaceName: 'dep-${serviceShort}-evhns-01' + serviceBusNamespaceName: 'dep-${serviceShort}-sb-01' + eventGridTopicName: 'dep-${serviceShort}-evgt-01' } } @@ -77,40 +77,77 @@ module testDeployment '../../../main.bicep' = [ nestedDependencies.outputs.managedIdentityResourceId ] } - eventHubEndpoints: [ + endpoints: [ { - authenticationType: 'IdentityBased' - endpointUri: 'sb://${nestedDependencies.outputs.eventhubNamespaceName}.servicebus.windows.net/' - entityPath: nestedDependencies.outputs.eventhubName - managedIdentities: { - userAssignedResourceId: nestedDependencies.outputs.managedIdentityResourceId + name: 'EventGridPrimary' + properties: { + endpointType: 'EventGrid' + eventGridTopicResourceId: nestedDependencies.outputs.eventGridTopicResourceId } } - ] - serviceBusEndpoints: [ { - name: 'ServiceBusPrimary' - authenticationType: 'IdentityBased' - endpointUri: 'sb://${nestedDependencies.outputs.serviceBusName}.servicebus.windows.net/' - entityPath: nestedDependencies.outputs.serviceBusTopicName - managedIdentities: { - userAssignedResourceId: nestedDependencies.outputs.managedIdentityResourceId + name: 'IdentityBasedEndpoint' + properties: { + endpointType: 'EventHub' + authentication: { + eventHubResourceId: nestedDependencies.outputs.eventHubNamespaceEventHubResourceId + type: 'IdentityBased' + } + managedIdentities: { + userAssignedResourceIds: [ + nestedDependencies.outputs.managedIdentityResourceId + ] + } } } { - name: 'ServiceBusSeconday' - authenticationType: 'IdentityBased' - endpointUri: 'sb://${nestedDependencies.outputs.serviceBusName}.servicebus.windows.net/' - entityPath: nestedDependencies.outputs.serviceBusTopicName - managedIdentities: { - systemAssigned: true + name: 'KeyBasedEndpoint' + properties: { + endpointType: 'EventHub' + authentication: { + eventHubAuthorizationRuleName: nestedDependencies.outputs.eventHubNamespaceEventHubAuthorizationRuleName + eventHubResourceId: nestedDependencies.outputs.eventHubNamespaceEventHubResourceId + type: 'KeyBased' + } + managedIdentities: { + userAssignedResourceIds: [ + nestedDependencies.outputs.managedIdentityResourceId + ] + } } } - ] - eventGridEndpoints: [ { - eventGridDomainId: nestedDependencies.outputs.eventGridDomainResourceId - topicEndpoint: nestedDependencies.outputs.eventGridEndpoint + name: 'IdentityBasedServiceBusPrimaryEndpoint' + properties: { + endpointType: 'ServiceBus' + authentication: { + type: 'IdentityBased' + serviceBusNamespaceTopicResourceId: nestedDependencies.outputs.serviceBusNamespaceTopicResourceId + } + } + } + { + name: 'IdentityBasedServiceBusSecondaryEndpoint' + properties: { + endpointType: 'ServiceBus' + authentication: { + type: 'IdentityBased' + serviceBusNamespaceTopicResourceId: nestedDependencies.outputs.serviceBusNamespaceTopicResourceId + } + managedIdentities: { + systemAssigned: true + } + } + } + { + name: 'KeyBasedServiceBusEndpoint' + properties: { + authentication: { + serviceBusNamespaceAuthorizationRuleResourceId: nestedDependencies.outputs.serviceBusNamespaceAuthorizationRuleResourceId + type: 'KeyBased' + } + endpointType: 'ServiceBus' + } } ] diagnosticSettings: [ @@ -133,9 +170,13 @@ module testDeployment '../../../main.bicep' = [ } privateEndpoints: [ { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] + privateDnsZoneGroup: { + privateDnsZoneGroupConfigs: [ + { + privateDnsZoneResourceId: nestedDependencies.outputs.privateDNSZoneResourceId + } + ] + } subnetResourceId: nestedDependencies.outputs.subnetResourceId } ] @@ -165,9 +206,5 @@ module testDeployment '../../../main.bicep' = [ Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] } ] diff --git a/avm/res/digital-twins/digital-twins-instance/tests/e2e/pe/main.test.bicep b/avm/res/digital-twins/digital-twins-instance/tests/e2e/pe/main.test.bicep index 7bdd327bdb..ea132de61b 100644 --- a/avm/res/digital-twins/digital-twins-instance/tests/e2e/pe/main.test.bicep +++ b/avm/res/digital-twins/digital-twins-instance/tests/e2e/pe/main.test.bicep @@ -50,25 +50,29 @@ module testDeployment '../../../main.bicep' = [ scope: resourceGroup name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' params: { - location: resourceLocation name: '${namePrefix}${serviceShort}001' privateEndpoints: [ { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] + privateDnsZoneGroup: { + privateDnsZoneGroupConfigs: [ + { + privateDnsZoneResourceId: nestedDependencies.outputs.privateDNSZoneResourceId + } + ] + } subnetResourceId: nestedDependencies.outputs.defaultSubnetResourceId } { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] + privateDnsZoneGroup: { + privateDnsZoneGroupConfigs: [ + { + privateDnsZoneResourceId: nestedDependencies.outputs.privateDNSZoneResourceId + } + ] + } subnetResourceId: nestedDependencies.outputs.pepTestSubnetResourceId } ] } - dependsOn: [ - nestedDependencies - ] } ] diff --git a/avm/res/digital-twins/digital-twins-instance/tests/e2e/waf-aligned/dependencies.bicep b/avm/res/digital-twins/digital-twins-instance/tests/e2e/waf-aligned/dependencies.bicep new file mode 100644 index 0000000000..1b34a4ac45 --- /dev/null +++ b/avm/res/digital-twins/digital-twins-instance/tests/e2e/waf-aligned/dependencies.bicep @@ -0,0 +1,68 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +var addressPrefix = '10.0.0.0/16' + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 24, 0) + serviceEndpoints: [ + { + service: 'Microsoft.KeyVault' + } + ] + } + } + { + name: 'peTestSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 24, 1) + serviceEndpoints: [ + { + service: 'Microsoft.KeyVault' + } + ] + } + } + ] + } +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.digitaltwins.azure.net' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + +@description('The resource ID of the created Virtual Network Subnet.') +output defaultSubnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The resource ID of the created Virtual Network Subnet.') +output pepTestSubnetResourceId string = virtualNetwork.properties.subnets[1].id + +@description('The resource ID of the created Private DNS Zone.') +output privateDNSZoneResourceId string = privateDNSZone.id diff --git a/avm/res/digital-twins/digital-twins-instance/tests/e2e/waf-aligned/main.test.bicep b/avm/res/digital-twins/digital-twins-instance/tests/e2e/waf-aligned/main.test.bicep index 21c537ff6d..ad93f106d2 100644 --- a/avm/res/digital-twins/digital-twins-instance/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/digital-twins/digital-twins-instance/tests/e2e/waf-aligned/main.test.bicep @@ -31,6 +31,15 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { location: resourceLocation } +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' + params: { + location: resourceLocation + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' + } +} + // Diagnostics // =========== module diagnosticDependencies '../../../../../../../utilities/e2e-template-assets/templates/diagnostic.dependencies.bicep' = { @@ -55,7 +64,6 @@ module testDeployment '../../../main.bicep' = [ scope: resourceGroup name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' params: { - location: resourceLocation name: '${namePrefix}${serviceShort}001' diagnosticSettings: [ { @@ -70,9 +78,28 @@ module testDeployment '../../../main.bicep' = [ Environment: 'Non-Prod' Role: 'DeploymentValidation' } + privateEndpoints: [ + { + privateDnsZoneGroup: { + privateDnsZoneGroupConfigs: [ + { + privateDnsZoneResourceId: nestedDependencies.outputs.privateDNSZoneResourceId + } + ] + } + subnetResourceId: nestedDependencies.outputs.defaultSubnetResourceId + } + { + privateDnsZoneGroup: { + privateDnsZoneGroupConfigs: [ + { + privateDnsZoneResourceId: nestedDependencies.outputs.privateDNSZoneResourceId + } + ] + } + subnetResourceId: nestedDependencies.outputs.pepTestSubnetResourceId + } + ] } - dependsOn: [ - diagnosticDependencies - ] } ] From d32cc824ea340c519e7fa6e0d45c68e52168c46f Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 4 Jan 2025 14:56:03 +0100 Subject: [PATCH 02/36] Temp test changes --- .../templates/avm-validateModuleDeployment/action.yml | 6 ++++-- .github/workflows/avm.res.service-bus.namespace.yml | 3 ++- .../resourceDeployment/New-TemplateDeployment.ps1 | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.github/actions/templates/avm-validateModuleDeployment/action.yml b/.github/actions/templates/avm-validateModuleDeployment/action.yml index 391cc1bdd7..24414d92c4 100644 --- a/.github/actions/templates/avm-validateModuleDeployment/action.yml +++ b/.github/actions/templates/avm-validateModuleDeployment/action.yml @@ -211,7 +211,8 @@ runs: # Add custom parameters as needed if($moduleTemplatePossibleParameters -contains 'resourceLocation') { $functionInput.AdditionalParameters += @{ - resourceLocation = '${{ steps.get-resource-location.outputs.resourceLocation }}' + # resourceLocation = '${{ steps.get-resource-location.outputs.resourceLocation }}' + resourceLocation = 'eastus' } } if($moduleTemplatePossibleParameters -contains 'baseTime') { @@ -290,7 +291,8 @@ runs: if($moduleTemplatePossibleParameters -contains 'resourceLocation') { $functionInput.AdditionalParameters += @{ - resourceLocation = '${{ steps.get-resource-location.outputs.resourceLocation }}' + # resourceLocation = '${{ steps.get-resource-location.outputs.resourceLocation }}' + resourceLocation = 'eastus' } } if($moduleTemplatePossibleParameters -contains 'baseTime') { diff --git a/.github/workflows/avm.res.service-bus.namespace.yml b/.github/workflows/avm.res.service-bus.namespace.yml index 84fa9812d4..577d41f9b9 100644 --- a/.github/workflows/avm.res.service-bus.namespace.yml +++ b/.github/workflows/avm.res.service-bus.namespace.yml @@ -82,7 +82,8 @@ jobs: uses: ./.github/workflows/avm.template.module.yml with: workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}" - moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" + # moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" + moduleTestFilePaths: "[{\"path\":\"tests/e2e/defaults/main.test.bicep\",\"name\":\"defaults\"}]" psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}" modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}" secrets: inherit diff --git a/utilities/pipelines/e2eValidation/resourceDeployment/New-TemplateDeployment.ps1 b/utilities/pipelines/e2eValidation/resourceDeployment/New-TemplateDeployment.ps1 index dfb3e64c94..2a9adce2cc 100644 --- a/utilities/pipelines/e2eValidation/resourceDeployment/New-TemplateDeployment.ps1 +++ b/utilities/pipelines/e2eValidation/resourceDeployment/New-TemplateDeployment.ps1 @@ -428,7 +428,7 @@ function New-TemplateDeployment { [switch] $DoNotThrow, [Parameter(Mandatory = $false)] - [int] $RetryLimit = 3, + [int] $RetryLimit = 1, [Parameter(Mandatory = $false)] [string] $RepoRoot = (Get-Item -Path $PSScriptRoot).parent.parent.parent.parent.FullName From fa38e4b7665c12ed07d24f596493631c701c5b3c Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 4 Jan 2025 15:00:03 +0100 Subject: [PATCH 03/36] Update to latest --- .../workflows/avm.res.digital-twins.digital-twins-instance.yml | 1 + .github/workflows/avm.res.service-bus.namespace.yml | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/avm.res.digital-twins.digital-twins-instance.yml b/.github/workflows/avm.res.digital-twins.digital-twins-instance.yml index 19957c038a..d59d7a424f 100644 --- a/.github/workflows/avm.res.digital-twins.digital-twins-instance.yml +++ b/.github/workflows/avm.res.digital-twins.digital-twins-instance.yml @@ -83,6 +83,7 @@ jobs: with: workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}" moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" + # moduleTestFilePaths: "[{\"path\":\"tests/e2e/max/main.test.bicep\",\"name\":\"max\"}]" psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}" modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}" secrets: inherit diff --git a/.github/workflows/avm.res.service-bus.namespace.yml b/.github/workflows/avm.res.service-bus.namespace.yml index 577d41f9b9..84fa9812d4 100644 --- a/.github/workflows/avm.res.service-bus.namespace.yml +++ b/.github/workflows/avm.res.service-bus.namespace.yml @@ -82,8 +82,7 @@ jobs: uses: ./.github/workflows/avm.template.module.yml with: workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}" - # moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" - moduleTestFilePaths: "[{\"path\":\"tests/e2e/defaults/main.test.bicep\",\"name\":\"defaults\"}]" + moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}" modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}" secrets: inherit From 2e96bc3405a9371deca032af51ce2074a4207535 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 4 Jan 2025 16:11:17 +0100 Subject: [PATCH 04/36] Update to latest --- avm/res/digital-twins/digital-twins-instance/main.bicep | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/main.bicep b/avm/res/digital-twins/digital-twins-instance/main.bicep index 759722f99b..49f3a78468 100644 --- a/avm/res/digital-twins/digital-twins-instance/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/main.bicep @@ -131,9 +131,7 @@ module digitalTwinsInstance_endpoints 'endpoint/main.bicep' = [ name: '${uniqueString(deployment().name, location)}-DigitalTwinsInstance-Endpoints-${index}' params: { digitalTwinInstanceName: digitalTwinsInstance.name - name: endpoint.?name ?? (endpoint.endpointType == 'EventGrid' - ? 'EventGridEndpoint' - : endpoint.endpointType == 'EventHub' ? 'EventHubEndpoint' : 'ServiceBusEndpoint') + name: endpoint.?name ?? '${endpoint.properties.endpointType}Endpoint' properties: endpoint.properties } } From 9f2702cc8cbe62646a17a06192c75002667d1a93 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 4 Jan 2025 16:30:27 +0100 Subject: [PATCH 05/36] Update to latest --- .../digital-twins/digital-twins-instance/endpoint/main.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index 11a0a367a7..ed0d87363f 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -58,11 +58,11 @@ resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces@2024-01-01' existi ) resource topic 'topics@2024-01-01' existing = if (!empty(properties.authentication.?serviceBusNamespaceTopicResourceId)) { - name: properties.authentication.?serviceBusNamespaceTopicResourceId + name: last(split(properties.authentication.?serviceBusNamespaceTopicResourceId, '/')) } resource authorizationRule 'AuthorizationRules@2024-01-01' existing = if (!empty(properties.authentication.?serviceBusNamespaceAuthorizationRuleResourceId)) { - name: properties.authentication.?serviceBusNamespaceAuthorizationRuleResourceId + name: last(split(properties.authentication.?serviceBusNamespaceAuthorizationRuleResourceId, '/')) } } From a6b4c4d7272e51ceebbf04ac707ed2b617b7484c Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 4 Jan 2025 16:30:57 +0100 Subject: [PATCH 06/36] Update to latest --- .../digital-twins/digital-twins-instance/endpoint/main.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index ed0d87363f..d26c2e4eef 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -20,7 +20,7 @@ var identity = !empty(properties.?managedIdentities) : null resource eventGridTopic 'Microsoft.EventGrid/topics@2022-06-15' existing = if (properties.endpointType == 'EventGrid') { - name: split(properties.?eventGridTopicResourceId, '/')[1] + name: last(split(properties.?eventGridTopicResourceId, '/')) scope: resourceGroup( split((properties.?eventGridTopicResourceId ?? '//'), '/')[2], split((properties.?eventGridTopicResourceId ?? '////'), '/')[4] From 6330be51c6c822373fed677faf376fec5321360f Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 4 Jan 2025 16:32:03 +0100 Subject: [PATCH 07/36] Update to latest --- .../avm.res.digital-twins.digital-twins-instance.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/avm.res.digital-twins.digital-twins-instance.yml b/.github/workflows/avm.res.digital-twins.digital-twins-instance.yml index d59d7a424f..b7f4766823 100644 --- a/.github/workflows/avm.res.digital-twins.digital-twins-instance.yml +++ b/.github/workflows/avm.res.digital-twins.digital-twins-instance.yml @@ -82,8 +82,8 @@ jobs: uses: ./.github/workflows/avm.template.module.yml with: workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}" - moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" - # moduleTestFilePaths: "[{\"path\":\"tests/e2e/max/main.test.bicep\",\"name\":\"max\"}]" + # moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" + moduleTestFilePaths: "[{\"path\":\"tests/e2e/max/main.test.bicep\",\"name\":\"max\"}]" psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}" modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}" secrets: inherit From a8ca77062155194f0bbf561a1fe65721ab9ef0fc Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 4 Jan 2025 17:41:42 +0100 Subject: [PATCH 08/36] Added test confitinos --- .../digital-twins-instance/endpoint/main.bicep | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index d26c2e4eef..f1bf157d84 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -82,9 +82,9 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 ...(properties.endpointType == 'EventGrid' ? { authenticationType: 'KeyBased' - TopicEndpoint: eventGridTopic.properties.endpoint - accessKey1: eventGridTopic.listkeys().key1 - accessKey2: eventGridTopic.listkeys().key2 + TopicEndpoint: properties.endpointType == 'EventGrid' ? eventGridTopic.properties.endpoint : null + accessKey1: properties.endpointType == 'EventGrid' ? eventGridTopic.listkeys().key1 : null + accessKey2: properties.endpointType == 'EventGrid' ? eventGridTopic.listkeys().key2 : null } : {}) From f6f81731a720bd9e97d2dc1c452f1c405a00689d Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 4 Jan 2025 18:54:39 +0100 Subject: [PATCH 09/36] Update to latest --- .../digital-twins-instance/endpoint/main.bicep | 6 +++--- .../digital-twins-instance/endpoint/main.json | 10 +++++----- .../digital-twins/digital-twins-instance/main.json | 14 +++++++------- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index f1bf157d84..d26c2e4eef 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -82,9 +82,9 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 ...(properties.endpointType == 'EventGrid' ? { authenticationType: 'KeyBased' - TopicEndpoint: properties.endpointType == 'EventGrid' ? eventGridTopic.properties.endpoint : null - accessKey1: properties.endpointType == 'EventGrid' ? eventGridTopic.listkeys().key1 : null - accessKey2: properties.endpointType == 'EventGrid' ? eventGridTopic.listkeys().key2 : null + TopicEndpoint: eventGridTopic.properties.endpoint + accessKey1: eventGridTopic.listkeys().key1 + accessKey2: eventGridTopic.listkeys().key2 } : {}) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.json b/avm/res/digital-twins/digital-twins-instance/endpoint/main.json index 6169c95b61..f5079187cd 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.json +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "325523584095849913" + "templateHash": "15134934931803310309" }, "name": "Digital Twins Instance Endpoint", "description": "This module deploys a Digital Twins Instance Endpoint." @@ -364,14 +364,14 @@ "existing": true, "type": "Microsoft.ServiceBus/namespaces/topics", "apiVersion": "2024-01-01", - "name": "[format('{0}/{1}', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'))]" + "name": "[format('{0}/{1}', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')))]" }, "serviceBusNamespace::authorizationRule": { "condition": "[and(equals(parameters('properties').endpointType, 'ServiceBus'), not(empty(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'))))]", "existing": true, "type": "Microsoft.ServiceBus/namespaces/AuthorizationRules", "apiVersion": "2024-01-01", - "name": "[format('{0}/{1}', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'))]" + "name": "[format('{0}/{1}', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')))]" }, "eventGridTopic": { "condition": "[equals(parameters('properties').endpointType, 'EventGrid')]", @@ -380,7 +380,7 @@ "apiVersion": "2022-06-15", "subscriptionId": "[split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2]]", "resourceGroup": "[split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]]", - "name": "[split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/')[1]]" + "name": "[last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))]" }, "eventHubNamespace": { "condition": "[equals(parameters('properties').endpointType, 'EventHub')]", @@ -408,7 +408,7 @@ "type": "Microsoft.DigitalTwins/digitalTwinsInstances/endpoints", "apiVersion": "2023-01-31", "name": "[format('{0}/{1}', parameters('digitalTwinInstanceName'), parameters('name'))]", - "properties": "[shallowMerge(createArray(createObject('endpointType', parameters('properties').endpointType, 'identity', variables('identity'), 'deadLetterSecret', tryGet(parameters('properties'), 'deadLetterSecret'), 'deadLetterUri', tryGet(parameters('properties'), 'deadLetterUri')), if(equals(parameters('properties').endpointType, 'EventGrid'), createObject('authenticationType', 'KeyBased', 'TopicEndpoint', reference('eventGridTopic').endpoint, 'accessKey1', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/')[1]), '2022-06-15').key1, 'accessKey2', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/')[1]), '2022-06-15').key2), createObject()), if(equals(parameters('properties').endpointType, 'EventHub'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authenticationType), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8]), 'entityPath', last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/'))), createObject('connectionStringPrimaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').primaryConnectionString, 'connectionStringSecondaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').secondaryConnectionString)))), createObject()), if(equals(parameters('properties').endpointType, 'ServiceBus'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authentication.type), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8])), 'entityPath', tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId')), createObject('primaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId')), '2024-01-01').primaryConnectionString, 'secondaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId')), '2024-01-01').secondaryConnectionString)))), createObject())))]", + "properties": "[shallowMerge(createArray(createObject('endpointType', parameters('properties').endpointType, 'identity', variables('identity'), 'deadLetterSecret', tryGet(parameters('properties'), 'deadLetterSecret'), 'deadLetterUri', tryGet(parameters('properties'), 'deadLetterUri')), if(equals(parameters('properties').endpointType, 'EventGrid'), createObject('authenticationType', 'KeyBased', 'TopicEndpoint', reference('eventGridTopic').endpoint, 'accessKey1', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))), '2022-06-15').key1, 'accessKey2', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))), '2022-06-15').key2), createObject()), if(equals(parameters('properties').endpointType, 'EventHub'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authenticationType), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8]), 'entityPath', last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/'))), createObject('connectionStringPrimaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').primaryConnectionString, 'connectionStringSecondaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').secondaryConnectionString)))), createObject()), if(equals(parameters('properties').endpointType, 'ServiceBus'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authentication.type), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8])), 'entityPath', last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/'))), createObject('primaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/'))), '2024-01-01').primaryConnectionString, 'secondaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/'))), '2024-01-01').secondaryConnectionString)))), createObject())))]", "dependsOn": [ "eventGridTopic" ] diff --git a/avm/res/digital-twins/digital-twins-instance/main.json b/avm/res/digital-twins/digital-twins-instance/main.json index 64130f1fc5..14483516e8 100644 --- a/avm/res/digital-twins/digital-twins-instance/main.json +++ b/avm/res/digital-twins/digital-twins-instance/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "5283389471967264815" + "templateHash": "8316013845507480244" }, "name": "Digital Twins Instances", "description": "This module deploys an Azure Digital Twins Instance.", @@ -1157,7 +1157,7 @@ "value": "[parameters('name')]" }, "name": { - "value": "[coalesce(tryGet(coalesce(parameters('endpoints'), createArray())[copyIndex()], 'name'), if(equals(coalesce(parameters('endpoints'), createArray())[copyIndex()].endpointType, 'EventGrid'), 'EventGridEndpoint', if(equals(coalesce(parameters('endpoints'), createArray())[copyIndex()].endpointType, 'EventHub'), 'EventHubEndpoint', 'ServiceBusEndpoint')))]" + "value": "[coalesce(tryGet(coalesce(parameters('endpoints'), createArray())[copyIndex()], 'name'), format('{0}Endpoint', coalesce(parameters('endpoints'), createArray())[copyIndex()].properties.endpointType))]" }, "properties": { "value": "[coalesce(parameters('endpoints'), createArray())[copyIndex()].properties]" @@ -1171,7 +1171,7 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "325523584095849913" + "templateHash": "15134934931803310309" }, "name": "Digital Twins Instance Endpoint", "description": "This module deploys a Digital Twins Instance Endpoint." @@ -1529,14 +1529,14 @@ "existing": true, "type": "Microsoft.ServiceBus/namespaces/topics", "apiVersion": "2024-01-01", - "name": "[format('{0}/{1}', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'))]" + "name": "[format('{0}/{1}', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')))]" }, "serviceBusNamespace::authorizationRule": { "condition": "[and(equals(parameters('properties').endpointType, 'ServiceBus'), not(empty(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'))))]", "existing": true, "type": "Microsoft.ServiceBus/namespaces/AuthorizationRules", "apiVersion": "2024-01-01", - "name": "[format('{0}/{1}', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'))]" + "name": "[format('{0}/{1}', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')))]" }, "eventGridTopic": { "condition": "[equals(parameters('properties').endpointType, 'EventGrid')]", @@ -1545,7 +1545,7 @@ "apiVersion": "2022-06-15", "subscriptionId": "[split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2]]", "resourceGroup": "[split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]]", - "name": "[split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/')[1]]" + "name": "[last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))]" }, "eventHubNamespace": { "condition": "[equals(parameters('properties').endpointType, 'EventHub')]", @@ -1573,7 +1573,7 @@ "type": "Microsoft.DigitalTwins/digitalTwinsInstances/endpoints", "apiVersion": "2023-01-31", "name": "[format('{0}/{1}', parameters('digitalTwinInstanceName'), parameters('name'))]", - "properties": "[shallowMerge(createArray(createObject('endpointType', parameters('properties').endpointType, 'identity', variables('identity'), 'deadLetterSecret', tryGet(parameters('properties'), 'deadLetterSecret'), 'deadLetterUri', tryGet(parameters('properties'), 'deadLetterUri')), if(equals(parameters('properties').endpointType, 'EventGrid'), createObject('authenticationType', 'KeyBased', 'TopicEndpoint', reference('eventGridTopic').endpoint, 'accessKey1', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/')[1]), '2022-06-15').key1, 'accessKey2', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/')[1]), '2022-06-15').key2), createObject()), if(equals(parameters('properties').endpointType, 'EventHub'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authenticationType), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8]), 'entityPath', last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/'))), createObject('connectionStringPrimaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').primaryConnectionString, 'connectionStringSecondaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').secondaryConnectionString)))), createObject()), if(equals(parameters('properties').endpointType, 'ServiceBus'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authentication.type), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8])), 'entityPath', tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId')), createObject('primaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId')), '2024-01-01').primaryConnectionString, 'secondaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId')), '2024-01-01').secondaryConnectionString)))), createObject())))]", + "properties": "[shallowMerge(createArray(createObject('endpointType', parameters('properties').endpointType, 'identity', variables('identity'), 'deadLetterSecret', tryGet(parameters('properties'), 'deadLetterSecret'), 'deadLetterUri', tryGet(parameters('properties'), 'deadLetterUri')), if(equals(parameters('properties').endpointType, 'EventGrid'), createObject('authenticationType', 'KeyBased', 'TopicEndpoint', reference('eventGridTopic').endpoint, 'accessKey1', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))), '2022-06-15').key1, 'accessKey2', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))), '2022-06-15').key2), createObject()), if(equals(parameters('properties').endpointType, 'EventHub'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authenticationType), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8]), 'entityPath', last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/'))), createObject('connectionStringPrimaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').primaryConnectionString, 'connectionStringSecondaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').secondaryConnectionString)))), createObject()), if(equals(parameters('properties').endpointType, 'ServiceBus'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authentication.type), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8])), 'entityPath', last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/'))), createObject('primaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/'))), '2024-01-01').primaryConnectionString, 'secondaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/'))), '2024-01-01').secondaryConnectionString)))), createObject())))]", "dependsOn": [ "eventGridTopic" ] From 4511711cae359123c85a9789eee5c29016efec81 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 4 Jan 2025 19:03:45 +0100 Subject: [PATCH 10/36] Update to latest --- .../digital-twins-instance/endpoint/main.bicep | 2 +- .../digital-twins/digital-twins-instance/endpoint/main.json | 4 ++-- avm/res/digital-twins/digital-twins-instance/main.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index d26c2e4eef..c342fe5c3f 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -82,7 +82,7 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 ...(properties.endpointType == 'EventGrid' ? { authenticationType: 'KeyBased' - TopicEndpoint: eventGridTopic.properties.endpoint + TopicEndpoint: !empty(properties.?eventGridTopicResourceId) ? eventGridTopic.properties.endpoint : null accessKey1: eventGridTopic.listkeys().key1 accessKey2: eventGridTopic.listkeys().key2 } diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.json b/avm/res/digital-twins/digital-twins-instance/endpoint/main.json index f5079187cd..570642562b 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.json +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "15134934931803310309" + "templateHash": "15031724727955418019" }, "name": "Digital Twins Instance Endpoint", "description": "This module deploys a Digital Twins Instance Endpoint." @@ -408,7 +408,7 @@ "type": "Microsoft.DigitalTwins/digitalTwinsInstances/endpoints", "apiVersion": "2023-01-31", "name": "[format('{0}/{1}', parameters('digitalTwinInstanceName'), parameters('name'))]", - "properties": "[shallowMerge(createArray(createObject('endpointType', parameters('properties').endpointType, 'identity', variables('identity'), 'deadLetterSecret', tryGet(parameters('properties'), 'deadLetterSecret'), 'deadLetterUri', tryGet(parameters('properties'), 'deadLetterUri')), if(equals(parameters('properties').endpointType, 'EventGrid'), createObject('authenticationType', 'KeyBased', 'TopicEndpoint', reference('eventGridTopic').endpoint, 'accessKey1', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))), '2022-06-15').key1, 'accessKey2', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))), '2022-06-15').key2), createObject()), if(equals(parameters('properties').endpointType, 'EventHub'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authenticationType), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8]), 'entityPath', last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/'))), createObject('connectionStringPrimaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').primaryConnectionString, 'connectionStringSecondaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').secondaryConnectionString)))), createObject()), if(equals(parameters('properties').endpointType, 'ServiceBus'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authentication.type), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8])), 'entityPath', last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/'))), createObject('primaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/'))), '2024-01-01').primaryConnectionString, 'secondaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/'))), '2024-01-01').secondaryConnectionString)))), createObject())))]", + "properties": "[shallowMerge(createArray(createObject('endpointType', parameters('properties').endpointType, 'identity', variables('identity'), 'deadLetterSecret', tryGet(parameters('properties'), 'deadLetterSecret'), 'deadLetterUri', tryGet(parameters('properties'), 'deadLetterUri')), if(equals(parameters('properties').endpointType, 'EventGrid'), createObject('authenticationType', 'KeyBased', 'TopicEndpoint', if(not(empty(tryGet(parameters('properties'), 'eventGridTopicResourceId'))), reference('eventGridTopic').endpoint, null()), 'accessKey1', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))), '2022-06-15').key1, 'accessKey2', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))), '2022-06-15').key2), createObject()), if(equals(parameters('properties').endpointType, 'EventHub'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authenticationType), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8]), 'entityPath', last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/'))), createObject('connectionStringPrimaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').primaryConnectionString, 'connectionStringSecondaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').secondaryConnectionString)))), createObject()), if(equals(parameters('properties').endpointType, 'ServiceBus'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authentication.type), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8])), 'entityPath', last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/'))), createObject('primaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/'))), '2024-01-01').primaryConnectionString, 'secondaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/'))), '2024-01-01').secondaryConnectionString)))), createObject())))]", "dependsOn": [ "eventGridTopic" ] diff --git a/avm/res/digital-twins/digital-twins-instance/main.json b/avm/res/digital-twins/digital-twins-instance/main.json index 14483516e8..d6eae5fe5b 100644 --- a/avm/res/digital-twins/digital-twins-instance/main.json +++ b/avm/res/digital-twins/digital-twins-instance/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "8316013845507480244" + "templateHash": "229296186980808972" }, "name": "Digital Twins Instances", "description": "This module deploys an Azure Digital Twins Instance.", @@ -1171,7 +1171,7 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "15134934931803310309" + "templateHash": "15031724727955418019" }, "name": "Digital Twins Instance Endpoint", "description": "This module deploys a Digital Twins Instance Endpoint." @@ -1573,7 +1573,7 @@ "type": "Microsoft.DigitalTwins/digitalTwinsInstances/endpoints", "apiVersion": "2023-01-31", "name": "[format('{0}/{1}', parameters('digitalTwinInstanceName'), parameters('name'))]", - "properties": "[shallowMerge(createArray(createObject('endpointType', parameters('properties').endpointType, 'identity', variables('identity'), 'deadLetterSecret', tryGet(parameters('properties'), 'deadLetterSecret'), 'deadLetterUri', tryGet(parameters('properties'), 'deadLetterUri')), if(equals(parameters('properties').endpointType, 'EventGrid'), createObject('authenticationType', 'KeyBased', 'TopicEndpoint', reference('eventGridTopic').endpoint, 'accessKey1', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))), '2022-06-15').key1, 'accessKey2', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))), '2022-06-15').key2), createObject()), if(equals(parameters('properties').endpointType, 'EventHub'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authenticationType), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8]), 'entityPath', last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/'))), createObject('connectionStringPrimaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').primaryConnectionString, 'connectionStringSecondaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').secondaryConnectionString)))), createObject()), if(equals(parameters('properties').endpointType, 'ServiceBus'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authentication.type), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8])), 'entityPath', last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/'))), createObject('primaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/'))), '2024-01-01').primaryConnectionString, 'secondaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/'))), '2024-01-01').secondaryConnectionString)))), createObject())))]", + "properties": "[shallowMerge(createArray(createObject('endpointType', parameters('properties').endpointType, 'identity', variables('identity'), 'deadLetterSecret', tryGet(parameters('properties'), 'deadLetterSecret'), 'deadLetterUri', tryGet(parameters('properties'), 'deadLetterUri')), if(equals(parameters('properties').endpointType, 'EventGrid'), createObject('authenticationType', 'KeyBased', 'TopicEndpoint', if(not(empty(tryGet(parameters('properties'), 'eventGridTopicResourceId'))), reference('eventGridTopic').endpoint, null()), 'accessKey1', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))), '2022-06-15').key1, 'accessKey2', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))), '2022-06-15').key2), createObject()), if(equals(parameters('properties').endpointType, 'EventHub'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authenticationType), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8]), 'entityPath', last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/'))), createObject('connectionStringPrimaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').primaryConnectionString, 'connectionStringSecondaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').secondaryConnectionString)))), createObject()), if(equals(parameters('properties').endpointType, 'ServiceBus'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authentication.type), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8])), 'entityPath', last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/'))), createObject('primaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/'))), '2024-01-01').primaryConnectionString, 'secondaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/'))), '2024-01-01').secondaryConnectionString)))), createObject())))]", "dependsOn": [ "eventGridTopic" ] From b9fc79fca5e8858ee337b8e3ea3612d06675a73d Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 4 Jan 2025 19:10:25 +0100 Subject: [PATCH 11/36] Update to latest --- .../digital-twins-instance/endpoint/main.bicep | 2 +- .../digital-twins/digital-twins-instance/endpoint/main.json | 4 ++-- avm/res/digital-twins/digital-twins-instance/main.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index c342fe5c3f..f6ec037aa2 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -82,7 +82,7 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 ...(properties.endpointType == 'EventGrid' ? { authenticationType: 'KeyBased' - TopicEndpoint: !empty(properties.?eventGridTopicResourceId) ? eventGridTopic.properties.endpoint : null + TopicEndpoint: 'dummy' // eventGridTopic.properties.endpoint accessKey1: eventGridTopic.listkeys().key1 accessKey2: eventGridTopic.listkeys().key2 } diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.json b/avm/res/digital-twins/digital-twins-instance/endpoint/main.json index 570642562b..663ec46f9a 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.json +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "15031724727955418019" + "templateHash": "1872253241260109642" }, "name": "Digital Twins Instance Endpoint", "description": "This module deploys a Digital Twins Instance Endpoint." @@ -408,7 +408,7 @@ "type": "Microsoft.DigitalTwins/digitalTwinsInstances/endpoints", "apiVersion": "2023-01-31", "name": "[format('{0}/{1}', parameters('digitalTwinInstanceName'), parameters('name'))]", - "properties": "[shallowMerge(createArray(createObject('endpointType', parameters('properties').endpointType, 'identity', variables('identity'), 'deadLetterSecret', tryGet(parameters('properties'), 'deadLetterSecret'), 'deadLetterUri', tryGet(parameters('properties'), 'deadLetterUri')), if(equals(parameters('properties').endpointType, 'EventGrid'), createObject('authenticationType', 'KeyBased', 'TopicEndpoint', if(not(empty(tryGet(parameters('properties'), 'eventGridTopicResourceId'))), reference('eventGridTopic').endpoint, null()), 'accessKey1', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))), '2022-06-15').key1, 'accessKey2', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))), '2022-06-15').key2), createObject()), if(equals(parameters('properties').endpointType, 'EventHub'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authenticationType), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8]), 'entityPath', last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/'))), createObject('connectionStringPrimaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').primaryConnectionString, 'connectionStringSecondaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').secondaryConnectionString)))), createObject()), if(equals(parameters('properties').endpointType, 'ServiceBus'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authentication.type), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8])), 'entityPath', last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/'))), createObject('primaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/'))), '2024-01-01').primaryConnectionString, 'secondaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/'))), '2024-01-01').secondaryConnectionString)))), createObject())))]", + "properties": "[shallowMerge(createArray(createObject('endpointType', parameters('properties').endpointType, 'identity', variables('identity'), 'deadLetterSecret', tryGet(parameters('properties'), 'deadLetterSecret'), 'deadLetterUri', tryGet(parameters('properties'), 'deadLetterUri')), if(equals(parameters('properties').endpointType, 'EventGrid'), createObject('authenticationType', 'KeyBased', 'TopicEndpoint', tryGet(tryGet(reference('eventGridTopic', '2022-06-15', 'full'), 'properties'), 'endpoint'), 'accessKey1', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))), '2022-06-15').key1, 'accessKey2', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))), '2022-06-15').key2), createObject()), if(equals(parameters('properties').endpointType, 'EventHub'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authenticationType), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8]), 'entityPath', last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/'))), createObject('connectionStringPrimaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').primaryConnectionString, 'connectionStringSecondaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').secondaryConnectionString)))), createObject()), if(equals(parameters('properties').endpointType, 'ServiceBus'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authentication.type), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8])), 'entityPath', last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/'))), createObject('primaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/'))), '2024-01-01').primaryConnectionString, 'secondaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/'))), '2024-01-01').secondaryConnectionString)))), createObject())))]", "dependsOn": [ "eventGridTopic" ] diff --git a/avm/res/digital-twins/digital-twins-instance/main.json b/avm/res/digital-twins/digital-twins-instance/main.json index d6eae5fe5b..cb1236cccf 100644 --- a/avm/res/digital-twins/digital-twins-instance/main.json +++ b/avm/res/digital-twins/digital-twins-instance/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "229296186980808972" + "templateHash": "4854991310442346942" }, "name": "Digital Twins Instances", "description": "This module deploys an Azure Digital Twins Instance.", @@ -1171,7 +1171,7 @@ "_generator": { "name": "bicep", "version": "0.32.4.45862", - "templateHash": "15031724727955418019" + "templateHash": "1872253241260109642" }, "name": "Digital Twins Instance Endpoint", "description": "This module deploys a Digital Twins Instance Endpoint." @@ -1573,7 +1573,7 @@ "type": "Microsoft.DigitalTwins/digitalTwinsInstances/endpoints", "apiVersion": "2023-01-31", "name": "[format('{0}/{1}', parameters('digitalTwinInstanceName'), parameters('name'))]", - "properties": "[shallowMerge(createArray(createObject('endpointType', parameters('properties').endpointType, 'identity', variables('identity'), 'deadLetterSecret', tryGet(parameters('properties'), 'deadLetterSecret'), 'deadLetterUri', tryGet(parameters('properties'), 'deadLetterUri')), if(equals(parameters('properties').endpointType, 'EventGrid'), createObject('authenticationType', 'KeyBased', 'TopicEndpoint', if(not(empty(tryGet(parameters('properties'), 'eventGridTopicResourceId'))), reference('eventGridTopic').endpoint, null()), 'accessKey1', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))), '2022-06-15').key1, 'accessKey2', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))), '2022-06-15').key2), createObject()), if(equals(parameters('properties').endpointType, 'EventHub'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authenticationType), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8]), 'entityPath', last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/'))), createObject('connectionStringPrimaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').primaryConnectionString, 'connectionStringSecondaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').secondaryConnectionString)))), createObject()), if(equals(parameters('properties').endpointType, 'ServiceBus'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authentication.type), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8])), 'entityPath', last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/'))), createObject('primaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/'))), '2024-01-01').primaryConnectionString, 'secondaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/'))), '2024-01-01').secondaryConnectionString)))), createObject())))]", + "properties": "[shallowMerge(createArray(createObject('endpointType', parameters('properties').endpointType, 'identity', variables('identity'), 'deadLetterSecret', tryGet(parameters('properties'), 'deadLetterSecret'), 'deadLetterUri', tryGet(parameters('properties'), 'deadLetterUri')), if(equals(parameters('properties').endpointType, 'EventGrid'), createObject('authenticationType', 'KeyBased', 'TopicEndpoint', tryGet(tryGet(reference('eventGridTopic', '2022-06-15', 'full'), 'properties'), 'endpoint'), 'accessKey1', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))), '2022-06-15').key1, 'accessKey2', listkeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '//'), '/')[2], split(coalesce(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '////'), '/')[4]), 'Microsoft.EventGrid/topics', last(split(tryGet(parameters('properties'), 'eventGridTopicResourceId'), '/'))), '2022-06-15').key2), createObject()), if(equals(parameters('properties').endpointType, 'EventHub'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authenticationType), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8]), 'entityPath', last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/'))), createObject('connectionStringPrimaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').primaryConnectionString, 'connectionStringSecondaryKey', listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(coalesce(parameters('properties').authentication.eventHubResourceId, '//'), '/')[2], split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[4]), 'Microsoft.EventHub/namespaces/eventhubs/authorizationRules', split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')[8], last(split(coalesce(parameters('properties').authentication.eventHubResourceId, '////'), '/')), tryGet(parameters('properties').authentication, 'eventHubAuthorizationRuleName')), '2024-01-01').secondaryConnectionString)))), createObject()), if(equals(parameters('properties').endpointType, 'ServiceBus'), shallowMerge(createArray(createObject('authenticationType', parameters('properties').authentication.type), if(equals(parameters('properties').authentication.type, 'IdentityBased'), createObject('endpointUri', format('sb://{0}.servicebus.windows.net/', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8])), 'entityPath', last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/'))), createObject('primaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/'))), '2024-01-01').primaryConnectionString, 'secondaryConnectionString', listKeys(resourceId('Microsoft.ServiceBus/namespaces/AuthorizationRules', if(equals(parameters('properties').authentication.type, 'IdentityBased'), split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceTopicResourceId'), '/')[8], split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/')[8]), last(split(tryGet(parameters('properties').authentication, 'serviceBusNamespaceAuthorizationRuleResourceId'), '/'))), '2024-01-01').secondaryConnectionString)))), createObject())))]", "dependsOn": [ "eventGridTopic" ] From 46da0bec6b8049bef61e5a069d60f6d3509bb1c0 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 4 Jan 2025 19:29:49 +0100 Subject: [PATCH 12/36] Update to latest --- .../digital-twins/digital-twins-instance/endpoint/main.bicep | 2 +- .../digital-twins-instance/tests/e2e/max/dependencies.bicep | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index f6ec037aa2..dbf786610a 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -91,7 +91,7 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 // EventHub Event Hub ...(properties.endpointType == 'EventHub' ? { - authenticationType: properties.authenticationType + authenticationType: properties.authentication.type ...(properties.authentication.type == 'IdentityBased' ? { endpointUri: 'sb://${eventHubNamespace.name}.servicebus.windows.net/' diff --git a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep index ebdab30cc6..369a126e7e 100644 --- a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep +++ b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep @@ -108,6 +108,7 @@ resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces@2022-10-01-preview rights: [ 'Listen' 'Send' + 'Manage' ] } } From d96531cf952d52174739c8c1f878ffd10c98bc5a Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 4 Jan 2025 20:24:15 +0100 Subject: [PATCH 13/36] Update to latest --- .../digital-twins-instance/endpoint/main.bicep | 16 ++++++++++++---- .../tests/e2e/max/main.test.bicep | 8 ++------ 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index dbf786610a..c60518ac1f 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -135,7 +135,15 @@ output name string = endpoint.name // Definitions // // =============== // -import { managedIdentityAllType } from 'br/public:avm/utl/types/avm-common-types:0.4.1' +// NOTE: This managed identity type (either-or) is not available in the AVM-Common-Types module. +@description('The type for the managed identity.') +type managedIdentitiesType = { + @description('Optional. Enables system assigned managed identity on the resource.') + systemAssigned: bool? + + @description('Optional. The resource ID(s) to assign to the resource.') + userAssignedResourceId: string? +} @description('The type for the Digital Twin Endpoint.') @discriminator('endpointType') @@ -156,7 +164,7 @@ type eventGridPropertiesType = { deadLetterUri: string? @description('Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both.') - managedIdentities: managedIdentityAllType? + managedIdentities: managedIdentitiesType? @description('Required. The resource ID of the Event Grid Topic to get access keys from.') eventGridTopicResourceId: string @@ -176,7 +184,7 @@ type eventHubPropertiesType = { deadLetterUri: string? @description('Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both.') - managedIdentities: managedIdentityAllType? + managedIdentities: managedIdentitiesType? @description('Required. Specifies the authentication type being used for connecting to the endpoint.') authentication: eventHubAuthorizationPropertiesType @@ -224,7 +232,7 @@ type serviceBusPropertiesType = { deadLetterUri: string? @description('Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both.') - managedIdentities: managedIdentityAllType? + managedIdentities: managedIdentitiesType? } @discriminator('type') diff --git a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep index 245eac8137..d4fd51a340 100644 --- a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep +++ b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep @@ -94,9 +94,7 @@ module testDeployment '../../../main.bicep' = [ type: 'IdentityBased' } managedIdentities: { - userAssignedResourceIds: [ - nestedDependencies.outputs.managedIdentityResourceId - ] + userAssignedResourceId: nestedDependencies.outputs.managedIdentityResourceId } } } @@ -110,9 +108,7 @@ module testDeployment '../../../main.bicep' = [ type: 'KeyBased' } managedIdentities: { - userAssignedResourceIds: [ - nestedDependencies.outputs.managedIdentityResourceId - ] + userAssignedResourceId: nestedDependencies.outputs.managedIdentityResourceId } } } From d5458c825273a95ed2f910453b9a0d61ad1dcf92 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 4 Jan 2025 20:50:00 +0100 Subject: [PATCH 14/36] Switched from service bus auth rule to topic auth rule --- .../endpoint/main.bicep | 2 +- .../tests/e2e/max/dependencies.bicep | 31 +++++++++++++------ 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index c60518ac1f..bbeb86b6e0 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -82,7 +82,7 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 ...(properties.endpointType == 'EventGrid' ? { authenticationType: 'KeyBased' - TopicEndpoint: 'dummy' // eventGridTopic.properties.endpoint + TopicEndpoint: 'dummy' // eventGridTopic.properties.endpoint // Introduces a breaking dependency accessKey1: eventGridTopic.listkeys().key1 accessKey2: eventGridTopic.listkeys().key2 } diff --git a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep index 369a126e7e..2e4897eed5 100644 --- a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep +++ b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep @@ -100,18 +100,29 @@ resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces@2022-10-01-preview resource topic 'topics@2022-10-01-preview' = { name: 'topic' - } - resource authorizationRule 'AuthorizationRules@2024-01-01' = { - name: 'testRule' - properties: { - rights: [ - 'Listen' - 'Send' - 'Manage' - ] + resource authorizationRule 'authorizationRules@2024-01-01' = { + name: 'testRule' + properties: { + rights: [ + 'Listen' + 'Send' + 'Manage' + ] + } } } + + // resource authorizationRule 'AuthorizationRules@2024-01-01' = { + // name: 'testRule' + // properties: { + // rights: [ + // 'Listen' + // 'Send' + // 'Manage' + // ] + // } + // } } resource eventGridTopic 'Microsoft.EventGrid/topics@2022-06-15' = { @@ -164,7 +175,7 @@ output eventHubNamespaceEventHubAuthorizationRuleName string = eventHubNamespace output serviceBusNamespaceTopicResourceId string = serviceBusNamespace::topic.id @description('The resource ID of the Service Bus Authorization Rule.') -output serviceBusNamespaceAuthorizationRuleResourceId string = serviceBusNamespace::authorizationRule.id +output serviceBusNamespaceAuthorizationRuleResourceId string = serviceBusNamespace::topic::authorizationRule.id @description('The resource ID of the created Managed Identity.') output managedIdentityResourceId string = managedIdentity.id From 175b3dfdf789075114abc78cfefee062bb464893 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 4 Jan 2025 22:51:29 +0100 Subject: [PATCH 15/36] Update to latest --- .../digital-twins-instance/endpoint/main.bicep | 7 ++++++- .../tests/e2e/max/dependencies.bicep | 14 +++----------- .../tests/e2e/max/main.test.bicep | 1 + 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index bbeb86b6e0..c168adcae9 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -82,7 +82,9 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 ...(properties.endpointType == 'EventGrid' ? { authenticationType: 'KeyBased' - TopicEndpoint: 'dummy' // eventGridTopic.properties.endpoint // Introduces a breaking dependency + // Should use the comment code for simplification, but this introduces a bug where all deployments not using the eventGridTopic resourceId will fail as they cannot resolve the dependency (that they're not using). Asking for the TopicEndpoints is a workaround. + // TopicEndpoint: eventGridTopic.properties.endpoint // Introduces a breaking dependency. E.g., https://dep-dtdmax-evgt-01.eastus-1.eventgrid.azure.net/api/events + TopicEndpoint: properties.topicEndpoint accessKey1: eventGridTopic.listkeys().key1 accessKey2: eventGridTopic.listkeys().key2 } @@ -168,6 +170,9 @@ type eventGridPropertiesType = { @description('Required. The resource ID of the Event Grid Topic to get access keys from.') eventGridTopicResourceId: string + + @description('Required. The endpoint of the Event Grid Topic to get access keys from.') + eventGridTopicEndpoint: string } @export() diff --git a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep index 2e4897eed5..d02665e58c 100644 --- a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep +++ b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep @@ -112,17 +112,6 @@ resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces@2022-10-01-preview } } } - - // resource authorizationRule 'AuthorizationRules@2024-01-01' = { - // name: 'testRule' - // properties: { - // rights: [ - // 'Listen' - // 'Send' - // 'Manage' - // ] - // } - // } } resource eventGridTopic 'Microsoft.EventGrid/topics@2022-06-15' = { @@ -183,5 +172,8 @@ output managedIdentityResourceId string = managedIdentity.id @description('The resource ID of the created Event Grid Topic.') output eventGridTopicResourceId string = eventGridTopic.id +@description('The endpoint of the created Event Grid Topic.') +output eventGridTopicEndpoint string = eventGridTopic.properties.endpoint + @description('The resource ID of the created Event Hub Namespace Event Hub.') output eventHubNamespaceEventHubResourceId string = eventHubNamespace::eventHub.id diff --git a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep index d4fd51a340..bd8b65a198 100644 --- a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep +++ b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep @@ -83,6 +83,7 @@ module testDeployment '../../../main.bicep' = [ properties: { endpointType: 'EventGrid' eventGridTopicResourceId: nestedDependencies.outputs.eventGridTopicResourceId + eventGridTopicEndpoint: nestedDependencies.outputs.eventGridTopicEndpoint } } { From 4b1caf6ce8d7d470229710cc0312546cdc1e0873 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 4 Jan 2025 23:00:28 +0100 Subject: [PATCH 16/36] Update to latest --- .../digital-twins-instance/endpoint/main.bicep | 18 +++++++++--------- .../tests/e2e/max/dependencies.bicep | 2 +- .../tests/e2e/max/main.test.bicep | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index c168adcae9..1a174bf061 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -46,23 +46,23 @@ resource eventHubNamespace 'Microsoft.EventHub/namespaces@2024-01-01' existing = resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces@2024-01-01' existing = if (properties.endpointType == 'ServiceBus') { name: properties.authentication.type == 'IdentityBased' ? split(properties.authentication.?serviceBusNamespaceTopicResourceId, '/')[8] - : split(properties.authentication.?serviceBusNamespaceAuthorizationRuleResourceId, '/')[8] + : split(properties.authentication.?serviceBusNamespaceTopicAuthorizationRuleResourceId, '/')[8] scope: properties.authentication.type == 'IdentityBased' ? resourceGroup( split((properties.authentication.?serviceBusNamespaceTopicResourceId ?? '//'), '/')[2], split((properties.authentication.?serviceBusNamespaceTopicResourceId ?? '////'), '/')[4] ) : resourceGroup( - split((properties.authentication.?serviceBusNamespaceAuthorizationRuleResourceId ?? '//'), '/')[2], - split((properties.authentication.?serviceBusNamespaceAuthorizationRuleResourceId ?? '////'), '/')[4] + split((properties.authentication.?serviceBusNamespaceTopicAuthorizationRuleResourceId ?? '//'), '/')[2], + split((properties.authentication.?serviceBusNamespaceTopicAuthorizationRuleResourceId ?? '////'), '/')[4] ) resource topic 'topics@2024-01-01' existing = if (!empty(properties.authentication.?serviceBusNamespaceTopicResourceId)) { name: last(split(properties.authentication.?serviceBusNamespaceTopicResourceId, '/')) - } - resource authorizationRule 'AuthorizationRules@2024-01-01' existing = if (!empty(properties.authentication.?serviceBusNamespaceAuthorizationRuleResourceId)) { - name: last(split(properties.authentication.?serviceBusNamespaceAuthorizationRuleResourceId, '/')) + resource authorizationRule 'AuthorizationRules@2024-01-01' existing = if (!empty(properties.authentication.?serviceBusNamespaceTopicAuthorizationRuleResourceId)) { + name: last(split(properties.authentication.?serviceBusNamespaceTopicAuthorizationRuleResourceId, '/')) + } } } @@ -116,8 +116,8 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 entityPath: serviceBusNamespace::topic.name } : { - primaryConnectionString: serviceBusNamespace::authorizationRule.listKeys().primaryConnectionString - secondaryConnectionString: serviceBusNamespace::authorizationRule.listKeys().secondaryConnectionString + primaryConnectionString: serviceBusNamespace::topic::authorizationRule.listKeys().primaryConnectionString + secondaryConnectionString: serviceBusNamespace::topic::authorizationRule.listKeys().secondaryConnectionString }) } : {}) @@ -259,5 +259,5 @@ type serviceBusNamespaceKeyBasedAuthenticationPropertiesType = { type: 'KeyBased' @description('Required. The ServiceBus Namespace Authorization Rule resource ID.') - serviceBusNamespaceAuthorizationRuleResourceId: string + serviceBusNamespaceTopicAuthorizationRuleResourceId: string } diff --git a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep index d02665e58c..bbd5fb95b1 100644 --- a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep +++ b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep @@ -164,7 +164,7 @@ output eventHubNamespaceEventHubAuthorizationRuleName string = eventHubNamespace output serviceBusNamespaceTopicResourceId string = serviceBusNamespace::topic.id @description('The resource ID of the Service Bus Authorization Rule.') -output serviceBusNamespaceAuthorizationRuleResourceId string = serviceBusNamespace::topic::authorizationRule.id +output serviceBusNamespaceTopicAuthorizationRuleResourceId string = serviceBusNamespace::topic::authorizationRule.id @description('The resource ID of the created Managed Identity.') output managedIdentityResourceId string = managedIdentity.id diff --git a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep index bd8b65a198..3d57345206 100644 --- a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep +++ b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep @@ -140,7 +140,7 @@ module testDeployment '../../../main.bicep' = [ name: 'KeyBasedServiceBusEndpoint' properties: { authentication: { - serviceBusNamespaceAuthorizationRuleResourceId: nestedDependencies.outputs.serviceBusNamespaceAuthorizationRuleResourceId + serviceBusNamespaceTopicAuthorizationRuleResourceId: nestedDependencies.outputs.serviceBusNamespaceTopicAuthorizationRuleResourceId type: 'KeyBased' } endpointType: 'ServiceBus' From 20a1496b3d783a3f1ac6474b264d09cf10679dba Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 4 Jan 2025 23:37:03 +0100 Subject: [PATCH 17/36] Update to latest --- .../digital-twins/digital-twins-instance/endpoint/main.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index 1a174bf061..4acaf21c70 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -84,7 +84,7 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 authenticationType: 'KeyBased' // Should use the comment code for simplification, but this introduces a bug where all deployments not using the eventGridTopic resourceId will fail as they cannot resolve the dependency (that they're not using). Asking for the TopicEndpoints is a workaround. // TopicEndpoint: eventGridTopic.properties.endpoint // Introduces a breaking dependency. E.g., https://dep-dtdmax-evgt-01.eastus-1.eventgrid.azure.net/api/events - TopicEndpoint: properties.topicEndpoint + TopicEndpoint: properties.eventGridTopicEndpoint accessKey1: eventGridTopic.listkeys().key1 accessKey2: eventGridTopic.listkeys().key2 } From 28083ec5acb0b380e4bc5df5c94927b0b24989f9 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 4 Jan 2025 23:44:29 +0100 Subject: [PATCH 18/36] Simplification --- .../endpoint/main.bicep | 38 +++++++++---------- .../tests/e2e/max/dependencies.bicep | 6 +-- .../tests/e2e/max/main.test.bicep | 3 +- 3 files changed, 22 insertions(+), 25 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index 4acaf21c70..edfb77c6be 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -35,7 +35,7 @@ resource eventHubNamespace 'Microsoft.EventHub/namespaces@2024-01-01' existing = ) resource eventHub 'eventhubs@2024-01-01' existing = if (properties.endpointType == 'EventHub') { - name: last(split((properties.authentication.eventHubResourceId ?? '////'), '/')) + name: last(split((properties.authentication.eventHubResourceId ?? '/'), '/')) resource authorizationRule 'authorizationRules@2024-01-01' existing = if (!empty(properties.authentication.?eventHubAuthorizationRuleName)) { name: properties.authentication.?eventHubAuthorizationRuleName @@ -44,24 +44,17 @@ resource eventHubNamespace 'Microsoft.EventHub/namespaces@2024-01-01' existing = } resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces@2024-01-01' existing = if (properties.endpointType == 'ServiceBus') { - name: properties.authentication.type == 'IdentityBased' - ? split(properties.authentication.?serviceBusNamespaceTopicResourceId, '/')[8] - : split(properties.authentication.?serviceBusNamespaceTopicAuthorizationRuleResourceId, '/')[8] - scope: properties.authentication.type == 'IdentityBased' - ? resourceGroup( - split((properties.authentication.?serviceBusNamespaceTopicResourceId ?? '//'), '/')[2], - split((properties.authentication.?serviceBusNamespaceTopicResourceId ?? '////'), '/')[4] - ) - : resourceGroup( - split((properties.authentication.?serviceBusNamespaceTopicAuthorizationRuleResourceId ?? '//'), '/')[2], - split((properties.authentication.?serviceBusNamespaceTopicAuthorizationRuleResourceId ?? '////'), '/')[4] - ) - - resource topic 'topics@2024-01-01' existing = if (!empty(properties.authentication.?serviceBusNamespaceTopicResourceId)) { - name: last(split(properties.authentication.?serviceBusNamespaceTopicResourceId, '/')) - - resource authorizationRule 'AuthorizationRules@2024-01-01' existing = if (!empty(properties.authentication.?serviceBusNamespaceTopicAuthorizationRuleResourceId)) { - name: last(split(properties.authentication.?serviceBusNamespaceTopicAuthorizationRuleResourceId, '/')) + name: split(properties.authentication.serviceBusNamespaceTopicResourceId, '/')[8] + scope: resourceGroup( + split((properties.authentication.serviceBusNamespaceTopicResourceId ?? '//'), '/')[2], + split((properties.authentication.serviceBusNamespaceTopicResourceId ?? '////'), '/')[4] + ) + + resource topic 'topics@2024-01-01' existing = if (properties.endpointType == 'ServiceBus') { + name: last(split((properties.authentication.serviceBusNamespaceTopicResourceId ?? '/'), '/')) + + resource authorizationRule 'AuthorizationRules@2024-01-01' existing = if (!empty(properties.authentication.?serviceBusNamespaceTopicAuthorizationRuleName)) { + name: properties.authentication.?serviceBusNamespaceTopicAuthorizationRuleName } } } @@ -258,6 +251,9 @@ type serviceBusNamespaceKeyBasedAuthenticationPropertiesType = { @description('Required. Specifies the authentication type being used for connecting to the endpoint. If \'KeyBased\' is selected, a connection string must be specified (at least the primary connection string). If \'IdentityBased\' is select, the endpointUri and entityPath properties must be specified.') type: 'KeyBased' - @description('Required. The ServiceBus Namespace Authorization Rule resource ID.') - serviceBusNamespaceTopicAuthorizationRuleResourceId: string + @description('Required. The ServiceBus Namespace Topic resource ID.') + serviceBusNamespaceTopicResourceId: string + + @description('Required. The ServiceBus Namespace Topic Authorization Rule name.') + serviceBusNamespaceTopicAuthorizationRuleName: string } diff --git a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep index bbd5fb95b1..dd1bef0818 100644 --- a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep +++ b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep @@ -160,11 +160,11 @@ output eventHubNamespaceName string = eventHubNamespace.name @description('The name of the Event Hub Namespace Event Hub Authorization Rule.') output eventHubNamespaceEventHubAuthorizationRuleName string = eventHubNamespace::eventHub::authorizationRule.name -@description('The resource ID of the Service Bus Topic.') +@description('The resource ID of the Service Bus Namespace Topic.') output serviceBusNamespaceTopicResourceId string = serviceBusNamespace::topic.id -@description('The resource ID of the Service Bus Authorization Rule.') -output serviceBusNamespaceTopicAuthorizationRuleResourceId string = serviceBusNamespace::topic::authorizationRule.id +@description('The resource ID of the Service Bus Namespace Topic Authorization Rule.') +output serviceBusNamespaceTopicAuthorizationRuleName string = serviceBusNamespace::topic::authorizationRule.name @description('The resource ID of the created Managed Identity.') output managedIdentityResourceId string = managedIdentity.id diff --git a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep index 3d57345206..0b84dbc79d 100644 --- a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep +++ b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep @@ -140,7 +140,8 @@ module testDeployment '../../../main.bicep' = [ name: 'KeyBasedServiceBusEndpoint' properties: { authentication: { - serviceBusNamespaceTopicAuthorizationRuleResourceId: nestedDependencies.outputs.serviceBusNamespaceTopicAuthorizationRuleResourceId + serviceBusNamespaceTopicAuthorizationRuleName: nestedDependencies.outputs.serviceBusNamespaceTopicAuthorizationRuleName + serviceBusNamespaceTopicResourceId: nestedDependencies.outputs.serviceBusNamespaceTopicResourceId type: 'KeyBased' } endpointType: 'ServiceBus' From 0b466248b181c25281da536ce48a346ed1700890 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 5 Jan 2025 00:07:07 +0100 Subject: [PATCH 19/36] Moved identity --- .../endpoint/main.bicep | 23 ++++++++----------- .../tests/e2e/max/main.test.bicep | 18 +++++++-------- 2 files changed, 19 insertions(+), 22 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index edfb77c6be..a7bbdad6cd 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -10,12 +10,12 @@ param digitalTwinInstanceName string @description('Required. The properties of the endpoint.') param properties propertiesType -var identity = !empty(properties.?managedIdentities) +var identity = !empty(properties.authentication.?managedIdentities) ? { - type: (properties.?managedIdentities.?systemAssigned ?? false) + type: (properties.authentication.?managedIdentities.?systemAssigned ?? false) ? 'SystemAssigned' - : (!empty(properties.?managedIdentities.?userAssignedResourceId ?? '') ? 'UserAssigned' : null) - userAssignedIdentity: properties.?managedIdentities.?userAssignedResourceId + : (!empty(properties.authentication.?managedIdentities.?userAssignedResourceId ?? '') ? 'UserAssigned' : null) + userAssignedIdentity: properties.authentication.?managedIdentities.?userAssignedResourceId } : null @@ -158,9 +158,6 @@ type eventGridPropertiesType = { @description('Optional. Dead letter storage URL for identity-based authentication.') deadLetterUri: string? - @description('Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both.') - managedIdentities: managedIdentitiesType? - @description('Required. The resource ID of the Event Grid Topic to get access keys from.') eventGridTopicResourceId: string @@ -181,9 +178,6 @@ type eventHubPropertiesType = { @description('Optional. Dead letter storage URL for identity-based authentication.') deadLetterUri: string? - @description('Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both.') - managedIdentities: managedIdentitiesType? - @description('Required. Specifies the authentication type being used for connecting to the endpoint.') authentication: eventHubAuthorizationPropertiesType } @@ -198,6 +192,9 @@ type eventHubIdentityBasedAuthenticationPropertiesType = { @description('Required. Specifies the authentication type being used for connecting to the endpoint. If \'KeyBased\' is selected, a connection string must be specified (at least the primary connection string). If \'IdentityBased\' is select, the endpointUri and entityPath properties must be specified.') type: 'IdentityBased' + @description('Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both.') + managedIdentities: managedIdentitiesType? + @description('Required. The resource ID of the Event Hub Namespace Event Hub.') eventHubResourceId: string } @@ -228,9 +225,6 @@ type serviceBusPropertiesType = { @description('Optional. Dead letter storage URL for identity-based authentication.') deadLetterUri: string? - - @description('Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both.') - managedIdentities: managedIdentitiesType? } @discriminator('type') @@ -243,6 +237,9 @@ type serviceBusNamespaceIdentityBasedAuthenticationPropertiesType = { @description('Required. Specifies the authentication type being used for connecting to the endpoint. If \'KeyBased\' is selected, a connection string must be specified (at least the primary connection string). If \'IdentityBased\' is select, the endpointUri and entityPath properties must be specified.') type: 'IdentityBased' + @description('Optional. The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both.') + managedIdentities: managedIdentitiesType? + @description('Required. The ServiceBus Namespace Topic resource ID.') serviceBusNamespaceTopicResourceId: string } diff --git a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep index 0b84dbc79d..15bbe08ac6 100644 --- a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep +++ b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep @@ -93,9 +93,9 @@ module testDeployment '../../../main.bicep' = [ authentication: { eventHubResourceId: nestedDependencies.outputs.eventHubNamespaceEventHubResourceId type: 'IdentityBased' - } - managedIdentities: { - userAssignedResourceId: nestedDependencies.outputs.managedIdentityResourceId + managedIdentities: { + userAssignedResourceId: nestedDependencies.outputs.managedIdentityResourceId + } } } } @@ -108,9 +108,6 @@ module testDeployment '../../../main.bicep' = [ eventHubResourceId: nestedDependencies.outputs.eventHubNamespaceEventHubResourceId type: 'KeyBased' } - managedIdentities: { - userAssignedResourceId: nestedDependencies.outputs.managedIdentityResourceId - } } } { @@ -120,6 +117,9 @@ module testDeployment '../../../main.bicep' = [ authentication: { type: 'IdentityBased' serviceBusNamespaceTopicResourceId: nestedDependencies.outputs.serviceBusNamespaceTopicResourceId + managedIdentities: { + userAssignedResourceId: nestedDependencies.outputs.managedIdentityResourceId + } } } } @@ -130,9 +130,9 @@ module testDeployment '../../../main.bicep' = [ authentication: { type: 'IdentityBased' serviceBusNamespaceTopicResourceId: nestedDependencies.outputs.serviceBusNamespaceTopicResourceId - } - managedIdentities: { - systemAssigned: true + managedIdentities: { + systemAssigned: true + } } } } From 9373d467b7f49d6bb4bf9eda75c3344c099ad63b Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 5 Jan 2025 00:08:14 +0100 Subject: [PATCH 20/36] Update to latest --- .../tests/e2e/max/dependencies.bicep | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep index dd1bef0818..f5361c9750 100644 --- a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep +++ b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/dependencies.bicep @@ -67,6 +67,11 @@ resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { } } +resource eventGridTopic 'Microsoft.EventGrid/topics@2022-06-15' = { + name: eventGridTopicName + location: location +} + resource eventHubNamespace 'Microsoft.EventHub/namespaces@2022-10-01-preview' = { name: eventHubNamespaceName location: location @@ -114,11 +119,6 @@ resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces@2022-10-01-preview } } -resource eventGridTopic 'Microsoft.EventGrid/topics@2022-06-15' = { - name: eventGridTopicName - location: location -} - resource eventHubNamespaceRbacAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid(managedIdentity.id, 'evhrbacAssignment') scope: eventHubNamespace From b6e4c9a5bfdf491f62228b0d43602a15c1498c1e Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 5 Jan 2025 00:16:00 +0100 Subject: [PATCH 21/36] Fixed var --- .../digital-twins-instance/endpoint/main.bicep | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index a7bbdad6cd..bdf3d71dd2 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -10,12 +10,12 @@ param digitalTwinInstanceName string @description('Required. The properties of the endpoint.') param properties propertiesType -var identity = !empty(properties.authentication.?managedIdentities) +var identity = !empty(properties.?authentication.?managedIdentities) ? { - type: (properties.authentication.?managedIdentities.?systemAssigned ?? false) + type: (properties.?authentication.?managedIdentities.?systemAssigned ?? false) ? 'SystemAssigned' - : (!empty(properties.authentication.?managedIdentities.?userAssignedResourceId ?? '') ? 'UserAssigned' : null) - userAssignedIdentity: properties.authentication.?managedIdentities.?userAssignedResourceId + : (!empty(properties.?authentication.?managedIdentities.?userAssignedResourceId ?? '') ? 'UserAssigned' : null) + userAssignedIdentity: properties.?authentication.?managedIdentities.?userAssignedResourceId } : null From 408fecd1a0f4fc70389264aea4589220a937f2f0 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 5 Jan 2025 00:22:14 +0100 Subject: [PATCH 22/36] Trimed slash --- .../digital-twins/digital-twins-instance/endpoint/main.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index bdf3d71dd2..1d51b34154 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -89,7 +89,7 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 authenticationType: properties.authentication.type ...(properties.authentication.type == 'IdentityBased' ? { - endpointUri: 'sb://${eventHubNamespace.name}.servicebus.windows.net/' + endpointUri: 'sb://${eventHubNamespace.name}.servicebus.windows.net' entityPath: eventHubNamespace::eventHub.name } : { @@ -105,7 +105,7 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 authenticationType: properties.authentication.type ...(properties.authentication.type == 'IdentityBased' ? { - endpointUri: 'sb://${serviceBusNamespace.name}.servicebus.windows.net/' + endpointUri: 'sb://${serviceBusNamespace.name}.servicebus.windows.net' entityPath: serviceBusNamespace::topic.name } : { From 4509c34d2514bbd345207052ed46bd72e9b9646b Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 5 Jan 2025 01:03:04 +0100 Subject: [PATCH 23/36] Added service bus param test --- .../digital-twins-instance/endpoint/main.bicep | 17 +++++++++++++++++ .../digital-twins-instance/endpoint/temp.bicep | 14 ++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 avm/res/digital-twins/digital-twins-instance/endpoint/temp.bicep diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index 1d51b34154..9c676ffbd7 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -117,6 +117,23 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 } } +module test 'temp.bicep' = if (properties.endpointType == 'ServiceBus') { + name: 'serviceBusIdentityBasedParemTest' + params: { + authenticationType: properties.authentication.type + endpointUri: properties.authentication.type == 'IdentityBased' + ? 'sb://${serviceBusNamespace.name}.servicebus.windows.net' + : null + entityPath: properties.authentication.type == 'IdentityBased' ? serviceBusNamespace::topic.name : null + primaryConnectionString: properties.authentication.type != 'IdentityBased' + ? serviceBusNamespace::topic::authorizationRule.listKeys().primaryConnectionString + : null + secondaryConnectionString: properties.authentication.type != 'IdentityBased' + ? serviceBusNamespace::topic::authorizationRule.listKeys().secondaryConnectionString + : null + } +} + @description('The resource ID of the Endpoint.') output resourceId string = endpoint.id diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/temp.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/temp.bicep new file mode 100644 index 0000000000..c86bde2386 --- /dev/null +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/temp.bicep @@ -0,0 +1,14 @@ +param authenticationType string +param endpointUri string? +param entityPath string? +@secure() +param primaryConnectionString string? + +@secure() +param secondaryConnectionString string? + +output authenticationTypeOutput string = authenticationType +output endpointUriOutput string? = endpointUri +output entityPathOutput string? = entityPath +output primaryConnectionStringOutput string? = primaryConnectionString +output secondaryConnectionStringOutput string? = secondaryConnectionString From 3b3a7fc53fb263b0ff643904388cb9774aab9ea1 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 5 Jan 2025 01:03:29 +0100 Subject: [PATCH 24/36] Update to latest --- .../digital-twins/digital-twins-instance/endpoint/main.bicep | 3 +++ 1 file changed, 3 insertions(+) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index 9c676ffbd7..8d384e42fb 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -115,6 +115,9 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 } : {}) } + dependsOn: [ + test + ] } module test 'temp.bicep' = if (properties.endpointType == 'ServiceBus') { From cb648ce996360df231632987edfae44fa6ecf1eb Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 5 Jan 2025 01:10:12 +0100 Subject: [PATCH 25/36] Update to latest --- .../digital-twins/digital-twins-instance/endpoint/main.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index 8d384e42fb..34a1edb08a 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -121,7 +121,7 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 } module test 'temp.bicep' = if (properties.endpointType == 'ServiceBus') { - name: 'serviceBusIdentityBasedParemTest' + name: 'serviceBusIdentityBasedParemTest-${name}' params: { authenticationType: properties.authentication.type endpointUri: properties.authentication.type == 'IdentityBased' From b0b47095663ea24ab8920b4dee8a751add7efb76 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 5 Jan 2025 01:20:46 +0100 Subject: [PATCH 26/36] Update to latest --- .../endpoint/main.bicep | 121 +++++++++--------- .../tests/e2e/max/main.test.bicep | 2 +- 2 files changed, 60 insertions(+), 63 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index 34a1edb08a..d79d5ec1c8 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -63,62 +63,59 @@ resource digitalTwinsInstance 'Microsoft.DigitalTwins/digitalTwinsInstances@2023 name: digitalTwinInstanceName } -resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-01-31' = { - name: name - parent: digitalTwinsInstance - properties: { - endpointType: properties.endpointType - identity: identity - deadLetterSecret: properties.?deadLetterSecret - deadLetterUri: properties.?deadLetterUri - // Event Grid Event Hub - ...(properties.endpointType == 'EventGrid' - ? { - authenticationType: 'KeyBased' - // Should use the comment code for simplification, but this introduces a bug where all deployments not using the eventGridTopic resourceId will fail as they cannot resolve the dependency (that they're not using). Asking for the TopicEndpoints is a workaround. - // TopicEndpoint: eventGridTopic.properties.endpoint // Introduces a breaking dependency. E.g., https://dep-dtdmax-evgt-01.eastus-1.eventgrid.azure.net/api/events - TopicEndpoint: properties.eventGridTopicEndpoint - accessKey1: eventGridTopic.listkeys().key1 - accessKey2: eventGridTopic.listkeys().key2 - } - : {}) - - // EventHub Event Hub - ...(properties.endpointType == 'EventHub' - ? { - authenticationType: properties.authentication.type - ...(properties.authentication.type == 'IdentityBased' - ? { - endpointUri: 'sb://${eventHubNamespace.name}.servicebus.windows.net' - entityPath: eventHubNamespace::eventHub.name - } - : { - connectionStringPrimaryKey: eventHubNamespace::eventHub::authorizationRule.listKeys().primaryConnectionString - connectionStringSecondaryKey: eventHubNamespace::eventHub::authorizationRule.listKeys().secondaryConnectionString - }) - } - : {}) - - // Service Bus Event Hub - ...(properties.endpointType == 'ServiceBus' - ? { - authenticationType: properties.authentication.type - ...(properties.authentication.type == 'IdentityBased' - ? { - endpointUri: 'sb://${serviceBusNamespace.name}.servicebus.windows.net' - entityPath: serviceBusNamespace::topic.name - } - : { - primaryConnectionString: serviceBusNamespace::topic::authorizationRule.listKeys().primaryConnectionString - secondaryConnectionString: serviceBusNamespace::topic::authorizationRule.listKeys().secondaryConnectionString - }) - } - : {}) - } - dependsOn: [ - test - ] -} +// resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-01-31' = { +// name: name +// parent: digitalTwinsInstance +// properties: { +// endpointType: properties.endpointType +// identity: identity +// deadLetterSecret: properties.?deadLetterSecret +// deadLetterUri: properties.?deadLetterUri +// // Event Grid Event Hub +// ...(properties.endpointType == 'EventGrid' +// ? { +// authenticationType: 'KeyBased' +// // Should use the comment code for simplification, but this introduces a bug where all deployments not using the eventGridTopic resourceId will fail as they cannot resolve the dependency (that they're not using). Asking for the TopicEndpoints is a workaround. +// // TopicEndpoint: eventGridTopic.properties.endpoint // Introduces a breaking dependency. E.g., https://dep-dtdmax-evgt-01.eastus-1.eventgrid.azure.net/api/events +// TopicEndpoint: properties.eventGridTopicEndpoint +// accessKey1: eventGridTopic.listkeys().key1 +// accessKey2: eventGridTopic.listkeys().key2 +// } +// : {}) + +// // EventHub Event Hub +// ...(properties.endpointType == 'EventHub' +// ? { +// authenticationType: properties.authentication.type +// ...(properties.authentication.type == 'IdentityBased' +// ? { +// endpointUri: 'sb://${eventHubNamespace.name}.servicebus.windows.net' +// entityPath: eventHubNamespace::eventHub.name +// } +// : { +// connectionStringPrimaryKey: eventHubNamespace::eventHub::authorizationRule.listKeys().primaryConnectionString +// connectionStringSecondaryKey: eventHubNamespace::eventHub::authorizationRule.listKeys().secondaryConnectionString +// }) +// } +// : {}) + +// // Service Bus Event Hub +// ...(properties.endpointType == 'ServiceBus' +// ? { +// authenticationType: properties.authentication.type +// ...(properties.authentication.type == 'IdentityBased' +// ? { +// endpointUri: 'sb://${serviceBusNamespace.name}.servicebus.windows.net' +// entityPath: serviceBusNamespace::topic.name +// } +// : { +// primaryConnectionString: serviceBusNamespace::topic::authorizationRule.listKeys().primaryConnectionString +// secondaryConnectionString: serviceBusNamespace::topic::authorizationRule.listKeys().secondaryConnectionString +// }) +// } +// : {}) +// } +// } module test 'temp.bicep' = if (properties.endpointType == 'ServiceBus') { name: 'serviceBusIdentityBasedParemTest-${name}' @@ -137,14 +134,14 @@ module test 'temp.bicep' = if (properties.endpointType == 'ServiceBus') { } } -@description('The resource ID of the Endpoint.') -output resourceId string = endpoint.id +// @description('The resource ID of the Endpoint.') +// output resourceId string = endpoint.id -@description('The name of the resource group the resource was created in.') -output resourceGroupName string = resourceGroup().name +// @description('The name of the resource group the resource was created in.') +// output resourceGroupName string = resourceGroup().name -@description('The name of the Endpoint.') -output name string = endpoint.name +// @description('The name of the Endpoint.') +// output name string = endpoint.name // =============== // // Definitions // diff --git a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep index 15bbe08ac6..6932a55238 100644 --- a/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep +++ b/avm/res/digital-twins/digital-twins-instance/tests/e2e/max/main.test.bicep @@ -140,9 +140,9 @@ module testDeployment '../../../main.bicep' = [ name: 'KeyBasedServiceBusEndpoint' properties: { authentication: { + type: 'KeyBased' serviceBusNamespaceTopicAuthorizationRuleName: nestedDependencies.outputs.serviceBusNamespaceTopicAuthorizationRuleName serviceBusNamespaceTopicResourceId: nestedDependencies.outputs.serviceBusNamespaceTopicResourceId - type: 'KeyBased' } endpointType: 'ServiceBus' } From 035a06c9aaa47f9a34804f43b94e90d5f3d4cae5 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 5 Jan 2025 01:26:47 +0100 Subject: [PATCH 27/36] Update to latest --- .../digital-twins-instance/endpoint/main.bicep | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index d79d5ec1c8..1788265e1a 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -89,7 +89,7 @@ resource digitalTwinsInstance 'Microsoft.DigitalTwins/digitalTwinsInstances@2023 // authenticationType: properties.authentication.type // ...(properties.authentication.type == 'IdentityBased' // ? { -// endpointUri: 'sb://${eventHubNamespace.name}.servicebus.windows.net' +// endpointUri: 'sb://${eventHubNamespace.name}.servicebus.windows.net/' // entityPath: eventHubNamespace::eventHub.name // } // : { @@ -105,7 +105,7 @@ resource digitalTwinsInstance 'Microsoft.DigitalTwins/digitalTwinsInstances@2023 // authenticationType: properties.authentication.type // ...(properties.authentication.type == 'IdentityBased' // ? { -// endpointUri: 'sb://${serviceBusNamespace.name}.servicebus.windows.net' +// endpointUri: 'sb://${serviceBusNamespace.name}.servicebus.windows.net/' // entityPath: serviceBusNamespace::topic.name // } // : { @@ -118,11 +118,11 @@ resource digitalTwinsInstance 'Microsoft.DigitalTwins/digitalTwinsInstances@2023 // } module test 'temp.bicep' = if (properties.endpointType == 'ServiceBus') { - name: 'serviceBusIdentityBasedParemTest-${name}' + name: 'paremTest-${name}' params: { authenticationType: properties.authentication.type endpointUri: properties.authentication.type == 'IdentityBased' - ? 'sb://${serviceBusNamespace.name}.servicebus.windows.net' + ? 'sb://${serviceBusNamespace.name}.servicebus.windows.net/' : null entityPath: properties.authentication.type == 'IdentityBased' ? serviceBusNamespace::topic.name : null primaryConnectionString: properties.authentication.type != 'IdentityBased' @@ -143,6 +143,9 @@ module test 'temp.bicep' = if (properties.endpointType == 'ServiceBus') { // @description('The name of the Endpoint.') // output name string = endpoint.name +// @description('The principal ID of the system assigned identity. Note: As of 2024-03 is not exported by API.') +// output systemAssignedMIPrincipalId string? = endpoint.?identity.?principalId + // =============== // // Definitions // // =============== // From 43961fbc2018657a7ce6a04125aed526dd9944f9 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 5 Jan 2025 10:16:50 +0100 Subject: [PATCH 28/36] Update to latest --- .../endpoint/main.bicep | 135 ++++++++---------- 1 file changed, 59 insertions(+), 76 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index 1788265e1a..6e53ec101c 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -63,88 +63,71 @@ resource digitalTwinsInstance 'Microsoft.DigitalTwins/digitalTwinsInstances@2023 name: digitalTwinInstanceName } -// resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-01-31' = { -// name: name -// parent: digitalTwinsInstance -// properties: { -// endpointType: properties.endpointType -// identity: identity -// deadLetterSecret: properties.?deadLetterSecret -// deadLetterUri: properties.?deadLetterUri -// // Event Grid Event Hub -// ...(properties.endpointType == 'EventGrid' -// ? { -// authenticationType: 'KeyBased' -// // Should use the comment code for simplification, but this introduces a bug where all deployments not using the eventGridTopic resourceId will fail as they cannot resolve the dependency (that they're not using). Asking for the TopicEndpoints is a workaround. -// // TopicEndpoint: eventGridTopic.properties.endpoint // Introduces a breaking dependency. E.g., https://dep-dtdmax-evgt-01.eastus-1.eventgrid.azure.net/api/events -// TopicEndpoint: properties.eventGridTopicEndpoint -// accessKey1: eventGridTopic.listkeys().key1 -// accessKey2: eventGridTopic.listkeys().key2 -// } -// : {}) - -// // EventHub Event Hub -// ...(properties.endpointType == 'EventHub' -// ? { -// authenticationType: properties.authentication.type -// ...(properties.authentication.type == 'IdentityBased' -// ? { -// endpointUri: 'sb://${eventHubNamespace.name}.servicebus.windows.net/' -// entityPath: eventHubNamespace::eventHub.name -// } -// : { -// connectionStringPrimaryKey: eventHubNamespace::eventHub::authorizationRule.listKeys().primaryConnectionString -// connectionStringSecondaryKey: eventHubNamespace::eventHub::authorizationRule.listKeys().secondaryConnectionString -// }) -// } -// : {}) - -// // Service Bus Event Hub -// ...(properties.endpointType == 'ServiceBus' -// ? { -// authenticationType: properties.authentication.type -// ...(properties.authentication.type == 'IdentityBased' -// ? { -// endpointUri: 'sb://${serviceBusNamespace.name}.servicebus.windows.net/' -// entityPath: serviceBusNamespace::topic.name -// } -// : { -// primaryConnectionString: serviceBusNamespace::topic::authorizationRule.listKeys().primaryConnectionString -// secondaryConnectionString: serviceBusNamespace::topic::authorizationRule.listKeys().secondaryConnectionString -// }) -// } -// : {}) -// } -// } - -module test 'temp.bicep' = if (properties.endpointType == 'ServiceBus') { - name: 'paremTest-${name}' - params: { - authenticationType: properties.authentication.type - endpointUri: properties.authentication.type == 'IdentityBased' - ? 'sb://${serviceBusNamespace.name}.servicebus.windows.net/' - : null - entityPath: properties.authentication.type == 'IdentityBased' ? serviceBusNamespace::topic.name : null - primaryConnectionString: properties.authentication.type != 'IdentityBased' - ? serviceBusNamespace::topic::authorizationRule.listKeys().primaryConnectionString - : null - secondaryConnectionString: properties.authentication.type != 'IdentityBased' - ? serviceBusNamespace::topic::authorizationRule.listKeys().secondaryConnectionString - : null +resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-01-31' = { + name: name + parent: digitalTwinsInstance + properties: { + endpointType: properties.endpointType + identity: identity + deadLetterSecret: properties.?deadLetterSecret + deadLetterUri: properties.?deadLetterUri + // Event Grid Event Hub + ...(properties.endpointType == 'EventGrid' + ? { + authenticationType: 'KeyBased' + // Should use the comment code for simplification (allows one less user input), but this introduces a bug where all deployments not using the eventGridTopic resourceId will fail as they cannot resolve the dependency (that they're not using). Asking for the TopicEndpoints is a workaround. + // TopicEndpoint: eventGridTopic.properties.endpoint // Introduces a breaking dependency. E.g., https://dep-dtdmax-evgt-01.eastus-1.eventgrid.azure.net/api/events + TopicEndpoint: properties.eventGridTopicEndpoint + accessKey1: eventGridTopic.listkeys().key1 + accessKey2: eventGridTopic.listkeys().key2 + } + : {}) + + // EventHub Event Hub + ...(properties.endpointType == 'EventHub' + ? { + authenticationType: properties.authentication.type + ...(properties.authentication.type == 'IdentityBased' + ? { + endpointUri: 'sb://${eventHubNamespace.name}.servicebus.windows.net/' + entityPath: eventHubNamespace::eventHub.name + } + : { + connectionStringPrimaryKey: eventHubNamespace::eventHub::authorizationRule.listKeys().primaryConnectionString + connectionStringSecondaryKey: eventHubNamespace::eventHub::authorizationRule.listKeys().secondaryConnectionString + }) + } + : {}) + + // Service Bus Event Hub + ...(properties.endpointType == 'ServiceBus' + ? { + authenticationType: properties.authentication.type + ...(properties.authentication.type == 'IdentityBased' + ? { + endpointUri: 'sb://${serviceBusNamespace.name}.servicebus.windows.net/' + entityPath: serviceBusNamespace::topic.name + } + : { + primaryConnectionString: serviceBusNamespace::topic::authorizationRule.listKeys().primaryConnectionString + secondaryConnectionString: serviceBusNamespace::topic::authorizationRule.listKeys().secondaryConnectionString + }) + } + : {}) } } -// @description('The resource ID of the Endpoint.') -// output resourceId string = endpoint.id +@description('The resource ID of the Endpoint.') +output resourceId string = endpoint.id -// @description('The name of the resource group the resource was created in.') -// output resourceGroupName string = resourceGroup().name +@description('The name of the resource group the resource was created in.') +output resourceGroupName string = resourceGroup().name -// @description('The name of the Endpoint.') -// output name string = endpoint.name +@description('The name of the Endpoint.') +output name string = endpoint.name -// @description('The principal ID of the system assigned identity. Note: As of 2024-03 is not exported by API.') -// output systemAssignedMIPrincipalId string? = endpoint.?identity.?principalId +@description('The principal ID of the system assigned identity. Note: As of 2024-03 is not exported by API.') +output systemAssignedMIPrincipalId string? = endpoint.?identity.?principalId // =============== // // Definitions // From 0d4c4067707a698b958109e4a80397f0fb82aa27 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 5 Jan 2025 10:22:15 +0100 Subject: [PATCH 29/36] Alt implementation without references --- .../digital-twins-instance/endpoint/main.bicep | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index 6e53ec101c..10db25166b 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -105,8 +105,10 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 authenticationType: properties.authentication.type ...(properties.authentication.type == 'IdentityBased' ? { - endpointUri: 'sb://${serviceBusNamespace.name}.servicebus.windows.net/' - entityPath: serviceBusNamespace::topic.name + // endpointUri: 'sb://${serviceBusNamespace.name}.servicebus.windows.net/' + // entityPath: serviceBusNamespace::topic.name + endpointUri: 'sb://${split(properties.authentication.serviceBusNamespaceTopicResourceId, '/')[8]}.servicebus.windows.net/' + entityPath: last(split((properties.authentication.serviceBusNamespaceTopicResourceId ?? '/'), '/')) } : { primaryConnectionString: serviceBusNamespace::topic::authorizationRule.listKeys().primaryConnectionString From 454bb423fe21cd3842c54c7bac698e5415c5dfc4 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 5 Jan 2025 11:24:22 +0100 Subject: [PATCH 30/36] Update to latest --- .../digital-twins-instance/endpoint/main.bicep | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index 10db25166b..9c8188ab75 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -71,7 +71,7 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 identity: identity deadLetterSecret: properties.?deadLetterSecret deadLetterUri: properties.?deadLetterUri - // Event Grid Event Hub + // Event Grid ...(properties.endpointType == 'EventGrid' ? { authenticationType: 'KeyBased' @@ -83,7 +83,7 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 } : {}) - // EventHub Event Hub + // Event Hub ...(properties.endpointType == 'EventHub' ? { authenticationType: properties.authentication.type @@ -99,16 +99,17 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 } : {}) - // Service Bus Event Hub + // Service Bus ...(properties.endpointType == 'ServiceBus' ? { authenticationType: properties.authentication.type ...(properties.authentication.type == 'IdentityBased' ? { - // endpointUri: 'sb://${serviceBusNamespace.name}.servicebus.windows.net/' - // entityPath: serviceBusNamespace::topic.name - endpointUri: 'sb://${split(properties.authentication.serviceBusNamespaceTopicResourceId, '/')[8]}.servicebus.windows.net/' - entityPath: last(split((properties.authentication.serviceBusNamespaceTopicResourceId ?? '/'), '/')) + endpointUri: 'sb://${serviceBusNamespace.name}.servicebus.windows.net/' + entityPath: serviceBusNamespace::topic.name + // Did not help + // endpointUri: 'sb://${split(properties.authentication.serviceBusNamespaceTopicResourceId, '/')[8]}.servicebus.windows.net/' + // entityPath: last(split((properties.authentication.serviceBusNamespaceTopicResourceId ?? '/'), '/')) } : { primaryConnectionString: serviceBusNamespace::topic::authorizationRule.listKeys().primaryConnectionString From 68b4ff527c86360f336735e128371b084d8d7b68 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 5 Jan 2025 11:33:39 +0100 Subject: [PATCH 31/36] Switched to test without PE --- ...s.digital-twins.digital-twins-instance.yml | 2 +- .../tests/e2e/testMe/dependencies.bicep | 179 ++++++++++++++++++ .../tests/e2e/testMe/main.test.bicep | 136 +++++++++++++ 3 files changed, 316 insertions(+), 1 deletion(-) create mode 100644 avm/res/digital-twins/digital-twins-instance/tests/e2e/testMe/dependencies.bicep create mode 100644 avm/res/digital-twins/digital-twins-instance/tests/e2e/testMe/main.test.bicep diff --git a/.github/workflows/avm.res.digital-twins.digital-twins-instance.yml b/.github/workflows/avm.res.digital-twins.digital-twins-instance.yml index b7f4766823..9803bc9d98 100644 --- a/.github/workflows/avm.res.digital-twins.digital-twins-instance.yml +++ b/.github/workflows/avm.res.digital-twins.digital-twins-instance.yml @@ -83,7 +83,7 @@ jobs: with: workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}" # moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" - moduleTestFilePaths: "[{\"path\":\"tests/e2e/max/main.test.bicep\",\"name\":\"max\"}]" + moduleTestFilePaths: "[{\"path\":\"tests/e2e/testMe/main.test.bicep\",\"name\":\"testMe\"}]" psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}" modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}" secrets: inherit diff --git a/avm/res/digital-twins/digital-twins-instance/tests/e2e/testMe/dependencies.bicep b/avm/res/digital-twins/digital-twins-instance/tests/e2e/testMe/dependencies.bicep new file mode 100644 index 0000000000..f5361c9750 --- /dev/null +++ b/avm/res/digital-twins/digital-twins-instance/tests/e2e/testMe/dependencies.bicep @@ -0,0 +1,179 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +@description('Required. The name of the Event Hub Namespace to create.') +param eventHubNamespaceName string + +@description('Required. The name of the Event Hub to create.') +param eventHubName string + +@description('Required. The name of the Service Bus Namespace to create.') +param serviceBusNamespaceName string + +@description('Required. The name of the Event Grid Topic to create.') +param eventGridTopicName string + +var addressPrefix = '10.0.0.0/16' + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 16, 0) + serviceEndpoints: [ + { + service: 'Microsoft.KeyVault' + } + ] + } + } + ] + } +} + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + +resource privateDNSZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { + name: 'privatelink.digitaltwins.azure.net' + location: 'global' + + resource virtualNetworkLinks 'virtualNetworkLinks@2020-06-01' = { + name: '${virtualNetwork.name}-vnetlink' + location: 'global' + properties: { + virtualNetwork: { + id: virtualNetwork.id + } + registrationEnabled: false + } + } +} + +resource eventGridTopic 'Microsoft.EventGrid/topics@2022-06-15' = { + name: eventGridTopicName + location: location +} + +resource eventHubNamespace 'Microsoft.EventHub/namespaces@2022-10-01-preview' = { + name: eventHubNamespaceName + location: location + properties: { + zoneRedundant: false + isAutoInflateEnabled: false + maximumThroughputUnits: 0 + } + + resource eventHub 'eventhubs@2022-10-01-preview' = { + name: eventHubName + + resource authorizationRule 'authorizationRules@2024-01-01' = { + name: 'testRule' + properties: { + rights: [ + 'Listen' + 'Send' + ] + } + } + } +} + +resource serviceBusNamespace 'Microsoft.ServiceBus/namespaces@2022-10-01-preview' = { + name: serviceBusNamespaceName + location: location + properties: { + zoneRedundant: false + } + + resource topic 'topics@2022-10-01-preview' = { + name: 'topic' + + resource authorizationRule 'authorizationRules@2024-01-01' = { + name: 'testRule' + properties: { + rights: [ + 'Listen' + 'Send' + 'Manage' + ] + } + } + } +} + +resource eventHubNamespaceRbacAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { + name: guid(managedIdentity.id, 'evhrbacAssignment') + scope: eventHubNamespace + properties: { + roleDefinitionId: subscriptionResourceId( + 'Microsoft.Authorization/roleDefinitions', + '2b629674-e913-4c01-ae53-ef4638d8f975' + ) //Azure Event Hubs Data Sender + principalId: managedIdentity.properties.principalId + principalType: 'ServicePrincipal' + } +} + +resource serviceBusRbacAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { + name: guid(managedIdentity.id, 'sbrbacAssignment') + scope: serviceBusNamespace + properties: { + roleDefinitionId: subscriptionResourceId( + 'Microsoft.Authorization/roleDefinitions', + '69a216fc-b8fb-44d8-bc22-1f3c2cd27a39' + ) //Azure Service Bus Data Sender + principalId: managedIdentity.properties.principalId + principalType: 'ServicePrincipal' + } +} + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId + +@description('The resource ID of the created Private DNS Zone.') +output privateDNSZoneResourceId string = privateDNSZone.id + +@description('The name of the Event Hub Namespace.') +output eventHubNamespaceName string = eventHubNamespace.name + +@description('The name of the Event Hub Namespace Event Hub Authorization Rule.') +output eventHubNamespaceEventHubAuthorizationRuleName string = eventHubNamespace::eventHub::authorizationRule.name + +@description('The resource ID of the Service Bus Namespace Topic.') +output serviceBusNamespaceTopicResourceId string = serviceBusNamespace::topic.id + +@description('The resource ID of the Service Bus Namespace Topic Authorization Rule.') +output serviceBusNamespaceTopicAuthorizationRuleName string = serviceBusNamespace::topic::authorizationRule.name + +@description('The resource ID of the created Managed Identity.') +output managedIdentityResourceId string = managedIdentity.id + +@description('The resource ID of the created Event Grid Topic.') +output eventGridTopicResourceId string = eventGridTopic.id + +@description('The endpoint of the created Event Grid Topic.') +output eventGridTopicEndpoint string = eventGridTopic.properties.endpoint + +@description('The resource ID of the created Event Hub Namespace Event Hub.') +output eventHubNamespaceEventHubResourceId string = eventHubNamespace::eventHub.id diff --git a/avm/res/digital-twins/digital-twins-instance/tests/e2e/testMe/main.test.bicep b/avm/res/digital-twins/digital-twins-instance/tests/e2e/testMe/main.test.bicep new file mode 100644 index 0000000000..8657ae234f --- /dev/null +++ b/avm/res/digital-twins/digital-twins-instance/tests/e2e/testMe/main.test.bicep @@ -0,0 +1,136 @@ +targetScope = 'subscription' + +// ========== // +// Parameters // +// ========== // + +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-digitaltwins.digitaltwinsinstances-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param resourceLocation string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'alsehr' + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '#_namePrefix_#' + +// ============ // +// Dependencies // +// ============ // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: resourceLocation +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' + params: { + location: resourceLocation + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' + managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' + eventHubName: 'dep-${serviceShort}-evh-01' + eventHubNamespaceName: 'dep-${serviceShort}-evhns-01' + serviceBusNamespaceName: 'dep-${serviceShort}-sb-01' + eventGridTopicName: 'dep-${serviceShort}-evgt-01' + } +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: resourceLocation + managedIdentities: { + systemAssigned: true + userAssignedResourceIds: [ + nestedDependencies.outputs.managedIdentityResourceId + ] + } + endpoints: [ + { + name: 'EventGridPrimary' + properties: { + endpointType: 'EventGrid' + eventGridTopicResourceId: nestedDependencies.outputs.eventGridTopicResourceId + eventGridTopicEndpoint: nestedDependencies.outputs.eventGridTopicEndpoint + } + } + { + name: 'IdentityBasedEndpoint' + properties: { + endpointType: 'EventHub' + authentication: { + eventHubResourceId: nestedDependencies.outputs.eventHubNamespaceEventHubResourceId + type: 'IdentityBased' + managedIdentities: { + userAssignedResourceId: nestedDependencies.outputs.managedIdentityResourceId + } + } + } + } + { + name: 'KeyBasedEndpoint' + properties: { + endpointType: 'EventHub' + authentication: { + eventHubAuthorizationRuleName: nestedDependencies.outputs.eventHubNamespaceEventHubAuthorizationRuleName + eventHubResourceId: nestedDependencies.outputs.eventHubNamespaceEventHubResourceId + type: 'KeyBased' + } + } + } + { + name: 'IdentityBasedServiceBusPrimaryEndpoint' + properties: { + endpointType: 'ServiceBus' + authentication: { + type: 'IdentityBased' + serviceBusNamespaceTopicResourceId: nestedDependencies.outputs.serviceBusNamespaceTopicResourceId + managedIdentities: { + userAssignedResourceId: nestedDependencies.outputs.managedIdentityResourceId + } + } + } + } + { + name: 'IdentityBasedServiceBusSecondaryEndpoint' + properties: { + endpointType: 'ServiceBus' + authentication: { + type: 'IdentityBased' + serviceBusNamespaceTopicResourceId: nestedDependencies.outputs.serviceBusNamespaceTopicResourceId + managedIdentities: { + systemAssigned: true + } + } + } + } + { + name: 'KeyBasedServiceBusEndpoint' + properties: { + authentication: { + type: 'KeyBased' + serviceBusNamespaceTopicAuthorizationRuleName: nestedDependencies.outputs.serviceBusNamespaceTopicAuthorizationRuleName + serviceBusNamespaceTopicResourceId: nestedDependencies.outputs.serviceBusNamespaceTopicResourceId + } + endpointType: 'ServiceBus' + } + } + ] + } + } +] From 199010bef62cc984a9f3dde78ee681f015c239c9 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 5 Jan 2025 12:19:59 +0100 Subject: [PATCH 32/36] Update to latest --- .../workflows/avm.res.digital-twins.digital-twins-instance.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/avm.res.digital-twins.digital-twins-instance.yml b/.github/workflows/avm.res.digital-twins.digital-twins-instance.yml index 9803bc9d98..26c507a477 100644 --- a/.github/workflows/avm.res.digital-twins.digital-twins-instance.yml +++ b/.github/workflows/avm.res.digital-twins.digital-twins-instance.yml @@ -83,7 +83,8 @@ jobs: with: workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}" # moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" - moduleTestFilePaths: "[{\"path\":\"tests/e2e/testMe/main.test.bicep\",\"name\":\"testMe\"}]" + moduleTestFilePaths: "[{\"path\":\"tests/e2e/max/main.test.bicep\",\"name\":\"max\"}]" + # moduleTestFilePaths: "[{\"path\":\"tests/e2e/testMe/main.test.bicep\",\"name\":\"testMe\"}]" psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}" modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}" secrets: inherit From 2c1f512ad1ff92aa91ac638c9b73a2f41dc655f9 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Tue, 7 Jan 2025 21:56:48 +0100 Subject: [PATCH 33/36] Update to latest --- avm/res/digital-twins/digital-twins-instance/version.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/version.json b/avm/res/digital-twins/digital-twins-instance/version.json index 7fa401bdf7..1c035df49f 100644 --- a/avm/res/digital-twins/digital-twins-instance/version.json +++ b/avm/res/digital-twins/digital-twins-instance/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.1", + "version": "0.2", "pathFilters": [ "./main.json" ] -} +} \ No newline at end of file From b809bd66281c400ab9d988eed5eec513cf65690b Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Wed, 8 Jan 2025 16:52:47 +0100 Subject: [PATCH 34/36] Update to latest --- .../digital-twins/digital-twins-instance/endpoint/main.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index 9c8188ab75..293a7abbd0 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -75,8 +75,8 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 ...(properties.endpointType == 'EventGrid' ? { authenticationType: 'KeyBased' - // Should use the comment code for simplification (allows one less user input), but this introduces a bug where all deployments not using the eventGridTopic resourceId will fail as they cannot resolve the dependency (that they're not using). Asking for the TopicEndpoints is a workaround. - // TopicEndpoint: eventGridTopic.properties.endpoint // Introduces a breaking dependency. E.g., https://dep-dtdmax-evgt-01.eastus-1.eventgrid.azure.net/api/events + // Should use the commented code for simplification (allows one less user input), but this introduces a bug where all deployments not using the eventGridTopic resourceId will fail as they cannot resolve the dependency (that they're not using). Asking for the TopicEndpoints is a workaround. + // TopicEndpoint: eventGridTopic.properties.endpoint // Introduces a breaking dependency. Would be value: E.g., https://dep-dtdmax-evgt-01.eastus-1.eventgrid.azure.net/api/events TopicEndpoint: properties.eventGridTopicEndpoint accessKey1: eventGridTopic.listkeys().key1 accessKey2: eventGridTopic.listkeys().key2 From 2740f78e1d5ecac2601606a1abcc8124617c2634 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 26 Jan 2025 23:11:44 +0100 Subject: [PATCH 35/36] Enabled TopicEndpoint ref test --- .../digital-twins/digital-twins-instance/endpoint/main.bicep | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index 293a7abbd0..42bc299d53 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -76,8 +76,8 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 ? { authenticationType: 'KeyBased' // Should use the commented code for simplification (allows one less user input), but this introduces a bug where all deployments not using the eventGridTopic resourceId will fail as they cannot resolve the dependency (that they're not using). Asking for the TopicEndpoints is a workaround. - // TopicEndpoint: eventGridTopic.properties.endpoint // Introduces a breaking dependency. Would be value: E.g., https://dep-dtdmax-evgt-01.eastus-1.eventgrid.azure.net/api/events - TopicEndpoint: properties.eventGridTopicEndpoint + TopicEndpoint: eventGridTopic.properties.endpoint // Introduces a breaking dependency. Would be value: E.g., https://dep-dtdmax-evgt-01.eastus-1.eventgrid.azure.net/api/events + // TopicEndpoint: properties.eventGridTopicEndpoint accessKey1: eventGridTopic.listkeys().key1 accessKey2: eventGridTopic.listkeys().key2 } From 8e2e138c2c051591faca6261c4d1f5dc81fc10b3 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 26 Jan 2025 23:23:14 +0100 Subject: [PATCH 36/36] Update to latest --- .../digital-twins/digital-twins-instance/endpoint/main.bicep | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep index 42bc299d53..82d2e8783c 100644 --- a/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep +++ b/avm/res/digital-twins/digital-twins-instance/endpoint/main.bicep @@ -76,8 +76,9 @@ resource endpoint 'Microsoft.DigitalTwins/digitalTwinsInstances/endpoints@2023-0 ? { authenticationType: 'KeyBased' // Should use the commented code for simplification (allows one less user input), but this introduces a bug where all deployments not using the eventGridTopic resourceId will fail as they cannot resolve the dependency (that they're not using). Asking for the TopicEndpoints is a workaround. - TopicEndpoint: eventGridTopic.properties.endpoint // Introduces a breaking dependency. Would be value: E.g., https://dep-dtdmax-evgt-01.eastus-1.eventgrid.azure.net/api/events - // TopicEndpoint: properties.eventGridTopicEndpoint + // Ref: https://github.com/Azure/bicep/issues/15443 + // TopicEndpoint: eventGridTopic.properties.endpoint // Introduces a breaking dependency. Would be value: E.g., https://dep-dtdmax-evgt-01.eastus-1.eventgrid.azure.net/api/events + TopicEndpoint: properties.eventGridTopicEndpoint accessKey1: eventGridTopic.listkeys().key1 accessKey2: eventGridTopic.listkeys().key2 }