This repository includes a CI platform for and collection of mature and curated Bicep modules. The platform supports both ARM and Bicep and can be leveraged using GitHub actions as well as Azure DevOps pipelines.
📯Fixed issue with Resource Type resolution in ReadMe script. 📯Fixed issue with pipeline name resolution
Modules
cache/redis-enterprise
15
as additional allowed version (& default)CI Environment
Fixes
0.20.4
7.3.6
2.51.0
Full Changelog: https://github.com/Azure/ResourceModules/compare/v0.11.0...v0.11.1
📯BREAKING CHANGE: Update to the name with which modules are published As per the alignment with the Public Bicep Registry described below, the identifier for published modules changes.
:exclamation: Note: To keep the disruption for users of the CI environment at a minimum, we introduced a new setting
useApiSpecsAlignedName
in the settings.yml. By default, a new naming will be used. To keep on using the previous naming, you must switch this setting totrue
.
📯BREAKING CHANGE: Public Bicep Registry focused file & folders changes
deploy.bicep
to main.bicep
deploy.test.bicep
to main.test.bicep
readme.md
to README.md
Microsoft.
prefix from the provider namespace foldersmetadata
content to module templatesmain.json
templateversion.json
schema to the Public Bicep Registry standard📯BREAKING CHANGE: Retired Diagnostic Logs Retention Policy across all modules (ref)
Modules
compute/ssh-public-key
digital-twins/digital-twins-instance
insights/webtest
network/dns-zone
(public DNS Zone)network/express-route-gateway
network/front-door-web-application-firewall-policy
network/service-endpoint-policies
relay/namespace
network/dns-forwarding-ruleset
resource-graph/query
search/search-service
sql/server/encryption-protector
synapse/workspace/integration-runtime
web/site/basic-publishing-credentials-policy
container-registry/registry/cache-rule
managed-identity/user-assigned-identity/federatedIdentity-credential
graphql
& websocket
sslPolicy
based on policy typegitDisablePublish
parameterBasic
SKU supportingressProfile
supportsasPolicy
to Storage Account moduleaccessTier
parameter for file sharesworkspaceRepositoryConfiguration
propertyclientId
outputauthorizationKey
agentUpdate
interfacenull
on DiagnosticLogCategoriesToEnable
parameter to enable no logs to be collected.cidrSubnet()
function)CI Environment
Deploy to Azure
button targeting the now required main.json
templatesSetEnvironment
action to avoid setting up runners twicemain.json
exists and is aligned with the latest main.bicep
namePrefix
to align with latest GitHub syntax requirementsFixes
globalConfiguration
property logiceventSubscription
passthroughnested_roleAssignments.bicep
protection-container
child referenceisNfsV3Enabled
parameter handlingminCapacity
default value for elasticpools
storageAccountName
to storageAccountResourceId
vpnAuthenticationTypes
& vpnClientProtocols
vpnConnections
child referencemain.bicep
& main.json
existUtilities
Set-ModuleReadMe.ps1
scriptWiki
0.20.4
7.3.6
2.51.0
Full Changelog: https://github.com/Azure/ResourceModules/compare/v0.10.0...v0.11.0
deploy.bicep
to main.bicep
and deploy.test.bicep
to main.test.bicep
by @eriqua in https://github.com/Azure/ResourceModules/pull/3049
Microsoft.
prefix and rename README.md
files - part 1/2 by @eriqua in https://github.com/Azure/ResourceModules/pull/3165
metadata.json
file by @AlexanderSehr in https://github.com/Azure/ResourceModules/pull/3275
Deploy to Azure
button + adding missing main.json
files by @AlexanderSehr in https://github.com/Azure/ResourceModules/pull/3381
main.json
exists and is aligned with the latest main.bicep
by @AlexanderSehr in https://github.com/Azure/ResourceModules/pull/3384
namePrefix
by @AlexanderSehr in https://github.com/Azure/ResourceModules/pull/3428
Microsoft.ResourceGraph/queries
by @krbar in https://github.com/Azure/ResourceModules/pull/3873
Set-ModuleReadMe.ps1
script by @tyconsulting in https://github.com/Azure/ResourceModules/pull/3915
Microsoft.Search/searchServices
by @krbar in https://github.com/Azure/ResourceModules/pull/3883
ConvertTo-ARMTemplate
test case by @AlexanderSehr in https://github.com/Azure/ResourceModules/pull/3931
/.test/main.test.bicep
files & test cases by @AlexanderSehr in https://github.com/Azure/ResourceModules/pull/3940
📯6 new modules and several extensions to existing modules with child resources and additional features, bringing the number of covered service modules to 124 and the total of resource type templates to 313 📯Enabled reusable workflows in GitHub module validation pipelines, avoiding code duplication 📯Improved user experience running module validation pipelines, allowing users to control which jobs they want to run 📯Integrated PSRule pre-flight checks with GitHub module validation workflows 📯Automated documentation of Pester tests
Modules
Microsoft.Insights/dataCollectionRules
Microsoft.Insights/dataCollectionEndpoints
Microsoft.Purview/accounts
Microsoft.HealthcareApis/workspaces
Microsoft.App/containerApps
Microsoft.App/managedEnvironments
Microsoft.OperationalInsights/workspaces/tables
Microsoft.OperationalInsights/workspaces/dataExports
Microsoft.EventGrid/domains/topics
'Azure.Resource.UseTags'
premium
option to StorageAccount tier with testrestrictOutboundNetworkAccess
to Microsoft.Sql/servers
'enableDefaultTelemetry'
param in test filesaddonprofiles
createMode
Microsoft.Synapse/workspaces
- adding 'systemAssignedPrincipalId'
as outputCI Environment
Microsoft.Web/hostingEnvironments
GITHUB_TOKEN
for manage issue platform pipelineFixes
'adp'
naming prefix across modulesdocs.microsoft.com
- to learn.microsoft.com
learn.microsoft.com
links and regenerated readmesDiskencryptionsets
and Eventgridsubscriptions
tags updateUtilities
dependsOn
statements7.3
where requiredWiki
0.15.31
7.3.2
2.46.0
Full Changelog: https://github.com/Azure/ResourceModules/compare/v0.9.0...v0.10.0
premium
option to StorageAccount tier with test by @MariusStorhaug in https://github.com/Azure/ResourceModules/pull/2643
📯7 new modules and several extensions to existing modules with child resources and additional features, bringing the number of covered service modules to 117 and the total of resource type templates to 291
📯Enabled concurrency feature in GitHub workflows that ensures there are no 2 concurrent runs of the same workflow
📯Improved publishing with 'Publish if not exists' feature and shortening for Template Specs artifacts
📯Improved static validation through the AzureAPICrawler
PowerShell module for API versions tests
📯Added scheduled workflow to validate PSRule pre-flight checks on the whole library
Modules
anonymousPullEnabled
propertypublicNetworkAccess
propertySecurityType
property and extended test coverageCI Environment
AzureAPICrawler
PowerShell module for API versions testsWiki
Utilities
Register-AzureDevOpsPipeline
utilityAzureAPICrawler
PowerShell moduleFixes
nameprefix
referencesbuiltInRoleNames
list for nested_roleAssignments
modulesaz bicep build
to bicep build
to avoid rate limitsartifacts-rg
reference0.13.1
7.3.2
2.44.1
Full Changelog: https://github.com/Azure/ResourceModules/compare/v0.8.0...v0.9.0
anonymousPullEnabled
by @AlexanderSehr in https://github.com/Azure/ResourceModules/pull/2424
Register-AzureDevOpsPipeline
utility by @AlexanderSehr in https://github.com/Azure/ResourceModules/pull/2452
AzureAPICrawler
PowerShell module by @AlexanderSehr in https://github.com/Azure/ResourceModules/pull/2344
az bicep build
to bicep build
to avoid rate limits by @AlexanderSehr in https://github.com/Azure/ResourceModules/pull/2492
deploy.test.bicep
parameter description by @AlexanderSehr in https://github.com/Azure/ResourceModules/pull/2563
resourceGroupResources
leftover by @eriqua in https://github.com/Azure/ResourceModules/pull/2574
@maxLength(80)
for some resource groups by @eriqua in https://github.com/Azure/ResourceModules/pull/2577
📯Self-contained dependencies approach to module deployment validation: All tests are now deploying their own resource dependencies together with the target test resource in a dedicated resource group and removed afterwards. In addition, module test JSON parameter files have been converted to Bicep test files:
When you onboarded CARML in version 0.7.0 and before, you had to first run a dependency pipeline that would deploy a set of 'persistent' Azure services we'd then use in subsequent module tests as references (for example to deploy a VM into a VNET) as seen in the following image.
Now, from version 0.8.0 onward, these dependencies (if any) are deployed as part of each module's test. This means, the VM test would deploy itself the aforementioned VNET and all resources would be removed after:
📯Deployment history cleanup: A scheduled pipeline has been introduced to automatically cleanup deployment history for Management Group and Subscription scopes.
📯Alignment with latest Bicep linter rules: Fixes have been implemented throughout the library to comply with decompiler-cleanup
and prefer-unquoted-property-names
linter rules. In particular, a new utility Update-RoleAssignmentList
allows to update latest available Role Definitions for each module nested Role Assignments while complying with the prefer-unquoted-property-names
linter rule.
Modules
Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies
Microsoft.Network/dnsResolvers
Microsoft.Maintenance/maintenanceConfigurations
networkAcls
implementation for StorageAccounts, KeyVaults and CognitiveServices modulesnested_roleAssignment
to comply with prefer-unquoted-property-names
linter ruledecompiler-cleanup
environment()
function.id
for ResourceID outputsCI environment
set-output
commands with GH environment file $env:GITHUB_OUTPUT
Wiki
Utilities
Update-RoleAssignmentList
Set-ModuleReadMe
utility to new dependencies approach, handle inline quotations and improved function identification regexTest-NamePrefixAvailability
utility to new dependencies approachConvertTo-ARMTemplate
utility to new dependencies approachFixes
privateDnsZoneGroups
to privateDnsZoneGroup
Test-Deployment
scriptFull Changelog: https://github.com/Azure/ResourceModules/compare/v0.7.0...v0.8.0
networkAcls
implementation and update parameter usage by @eriqua in https://github.com/Azure/ResourceModules/pull/2173
Microsoft.KeyVault\vaults
common test by @eriqua in https://github.com/Azure/ResourceModules/pull/2195
nested_roleAssignment
to comply with prefer-unquoted-property-names
linter rule by @eriqua in https://github.com/Azure/ResourceModules/pull/2200
set-output
commands with GH environment file $env:GITHUB_OUTPUT
by @eriqua in https://github.com/Azure/ResourceModules/pull/2301
Test-TemplateDeployment
& New-TemplateDeployment
by @AlexanderSehr in https://github.com/Azure/ResourceModules/pull/2311
Set-ModuleReadMe
Improved function identification regex by @AlexanderSehr in https://github.com/Azure/ResourceModules/pull/2294
.id
for ResourceID outputs by @ahmadabdalla in https://github.com/Azure/ResourceModules/pull/2362
ConvertTo-ARMTemplate
utility to new dependencies approach by @AlexanderSehr in https://github.com/Azure/ResourceModules/pull/2375
Set-ModuleReadme
Several smaller improvements for the JSON-Template case by @AlexanderSehr in https://github.com/Azure/ResourceModules/pull/2381
📯 CMK and networking improvements across all modules: Customer-Managed Keys
have been refined across all modules currently supporting them, aiming for this feature to have a consistent interface (input parameters) across the library. Also, networking
capabilities such as private endpoints, private DNS zone integration and public network access have been improved across modules implementing them. For instance, public network access is now disabled by default on the deployed resources when private endpoints are set, unless differently specified.
📯 Simplified token handling & repository configuration: The token replacement feature has been refined by providing a centralized place where to store variables, for both GitHub and Azure DevOps orchestrations, simplifying the CI environment initial setup. The deployment Service Principal object ID, previously required to be set as a secret, is now automatically retrieved by the pipelines, reducing the list of secrets/variables to configure for the validation pipelines to run.
📯 Improved module documentation: Each module ReadMe now lists all local cross-referenced modules
leveraged by their implementation. Deployment examples
are also improved by listing required parameters first, followed by the rest, each in alphabetical order. In addition, a Module overview page has been added to the Wiki, outlining supported features for each module such as Private endpoints, Diagnostic Settings and RBAC.
Modules
CI environment
arm
folder to modules
.parameters
folder to .test
Store VHD to blob container
optionWiki
Module overview
outlining all module features for the whole libraryFetch latest CARML updates for internalized libraries
Solution creation
section with decision support for publishing target locations and updated template-orchestrated solution examplesContribution guide
to reference latest project board approachKnown Issues
sectionUtilities
Set-ModuleReadMe
):
Cross-referenced modules
Deployment examples
section:Fixes
arm
to modules
by @MariusStorhaug in https://github.com/Azure/ResourceModules/pull/1599
.parameters
folder by @MrMCake in https://github.com/Azure/ResourceModules/pull/1612
DeploymentExamples
title & moved Bicep in front of JSON by @MrMCake in https://github.com/Azure/ResourceModules/pull/1632
Join-Path
usage + minor formatting updates by @MrMCake in https://github.com/Azure/ResourceModules/pull/1761
disableLocalAuth
by @ChrisSidebotham in https://github.com/Azure/ResourceModules/pull/1790
Set-ModuleReadMe
script's dependency on the CARML folder structure + smaller logical improvments by @MrMCake in https://github.com/Azure/ResourceModules/pull/1989
Limited job execution time
section to Known Issues
by @eriqua in https://github.com/Azure/ResourceModules/pull/2035
Full Changelog: https://github.com/Azure/ResourceModules/compare/v0.6.0...v0.7.0
📯 Cross-Module reference alignment: To increase consistency and avoid code duplication, all modules previously leveraging nested templates for resources of a different resource type are now referencing the same CARML module 📯 Added Bicep + JSON deployment examples to all module readme files 📯 Added CARML logical layers and personas Wiki page
Modules
CI Environment
Static Validation
Wiki
Utilities
Get-FormattedGitHubRelease
function to support release highlights (these highlights :) )Set-ModuleReadMe
utility when called w/ relative pathFixes
Register-AzureDevOpsPipeline
utilitySet-EnvironmentOnAgent
script by @MrMCake in https://github.com/Azure/ResourceModules/pull/1481
Full Changelog: https://github.com/Azure/ResourceModules/compare/v0.5.0...v0.6.0
Modules
settings.json
.)CI Environment
Set-ModuleReadMe
utility's outputTools
Set-ModuleReadMe
) updates:
Test-NamePrefixAvailability
)bicepconfig.json
to disable Linter location warningWiki
Fixes
accelerated networking
to support small size by @MrMCake in https://github.com/Azure/ResourceModules/pull/1066
bicepconfig.json
to disable location warning by @MrMCake in https://github.com/Azure/ResourceModules/pull/1283
batch
for subnets by @MrMCake in https://github.com/Azure/ResourceModules/pull/1262
batch
for Capacity Pools by @MrMCake in https://github.com/Azure/ResourceModules/pull/1266
batch
for solutions deployment by @MrMCake in https://github.com/Azure/ResourceModules/pull/1264
batch
for ruleCollectionGroups by @MrMCake in https://github.com/Azure/ResourceModules/pull/1263
Set-ModuleReadMe
script was applied by @MrMCake in https://github.com/Azure/ResourceModules/pull/1267
Full Changelog: https://github.com/Azure/ResourceModules/compare/v0.4.0...v0.5.0
Modules
version.json
file in each modulename
, resourceGroup
& resourceId
where applicableCI Environment
<<namePrefix>>
in the settings.json
fileTools
Test-ModuleLocally
functionWiki
utilities
in addition to the documentation inside the scriptsModule Usage
examples to latest Bicep features & added bicepconfig.json
examplesFixes
ConvertTo-ARMTemplate
utilityFull Changelog: https://github.com/Azure/ResourceModules/compare/v0.3.1...v0.4.0
Full Changelog: https://github.com/Azure/ResourceModules/compare/v0.3.0...v0.3.1