ResourceModules Versions Save

This repository includes a CI platform for and collection of mature and curated Bicep modules. The platform supports both ARM and Bicep and can be leveraged using GitHub actions as well as Azure DevOps pipelines.

v0.11.1

7 months ago

Highlights

📯Fixed issue with Resource Type resolution in ReadMe script. 📯Fixed issue with pipeline name resolution

Modules

  • New Modules
    • cache/redis-enterprise
  • MySQL Flexible Server: Added support for Azure AD authentication
  • DB for Postgre-SQL Flexible Server:
    • Enabled AAD authentication
    • Added 15 as additional allowed version (& default)
  • Maintenance Configuration: Added support for inGuest Patch support

CI Environment

  • Fixed ADO Publish Job for Bicep Registry ordering for prerelease and feature branch publishing

Fixes

  • Implement fixes to correctly identify resource type & pipeline
  • Log Analytics Workspace: Fixed Saved Search module typo
  • Redis Cache: Updated the API Versions and fixed private endpoint test bug
  • Storage Account: Fixed NFSv3 bug that limited idempotency

Tested with version(s)

  • Bicep: 0.20.4
  • Powershell: 7.3.6
  • Az CLI: 2.51.0

New Contributors

All merged PRs

New Contributors

Full Changelog: https://github.com/Azure/ResourceModules/compare/v0.11.0...v0.11.1

v0.11.0

8 months ago

Highlights

📯BREAKING CHANGE: Update to the name with which modules are published As per the alignment with the Public Bicep Registry described below, the identifier for published modules changes.

:exclamation: Note: To keep the disruption for users of the CI environment at a minimum, we introduced a new setting useApiSpecsAlignedName in the settings.yml. By default, a new naming will be used. To keep on using the previous naming, you must switch this setting to true.

📯BREAKING CHANGE: Public Bicep Registry focused file & folders changes

  • Renamed deploy.bicep to main.bicep
  • Renamed deploy.test.bicep to main.test.bicep
  • Renamed readme.md to README.md
  • Renamed all module names to singular & lower case
  • Removed the Microsoft. prefix from the provider namespace folders
  • Added metadata content to module templates
  • Added main.json template
  • Updated version.json schema to the Public Bicep Registry standard

📯BREAKING CHANGE: Retired Diagnostic Logs Retention Policy across all modules (ref)

Modules

  • New modules:
    • compute/ssh-public-key
    • digital-twins/digital-twins-instance
    • insights/webtest
    • network/dns-zone (public DNS Zone)
    • network/express-route-gateway
    • network/front-door-web-application-firewall-policy
    • network/service-endpoint-policies
    • relay/namespace
    • network/dns-forwarding-ruleset
    • resource-graph/query
    • search/search-service
  • Several new child modules, including:
    • sql/server/encryption-protector
    • synapse/workspace/integration-runtime
    • web/site/basic-publishing-credentials-policy
    • container-registry/registry/cache-rule
    • managed-identity/user-assigned-identity/federatedIdentity-credential
  • API Management: Added additional types graphql & websocket
  • Application Gateway: Adjusted sslPolicy based on policy type
  • Application Insights: Added Diagnostic Settings
  • Azure Container Registry: Updated test case to support Paired region dependencies
  • Azure Data Factory:
    • Added support for GitHub Enterprise Server
    • Added gitDisablePublish parameter
  • Azure Firewall: Added Basic SKU support
  • Azure Front Door: Added missing SKUs
  • Azure Kubernetes Cluster:
    • Added ingressProfile support
    • Added support to provide a Private DNS Zone for usage
    • Added support for additional parameters
  • Bastion: Added new parameters
  • Cosmos DB:
    • Enabled free tier
    • Added additional parameters to SQL API container
    • Added private endpoint support
  • Databricks: Enabled Customer-Managed-Keys, Private Endpoints & additional parameters
  • Deployment Script
    • Added support for using existing storage account
    • Added environment variables parameter & added support for outputs
  • DNS Forwarding RuleSet: Simplified DNS Forwarding Rule Input Parameter
  • EventHub: Added additional parameters
  • Health Bot: Added support for user-assigned identities
  • Storage Account:
    • Added new feature sasPolicy to Storage Account module
    • Added accessTier parameter for file shares
  • Redis Cache: Added parameters to specify zone redundancy and availability zones
  • NetApp Account: Added support for user-assigned identities
  • Synapse Workspace:
    • Added workspaceRepositoryConfiguration property
    • Updated CMK interface
  • SQL Server: Expanded test to support dynamic location parameter for Maintenance Configuration
  • Virtual Machine:
    • Enabled tags on extensions
    • Added support for custom computer name
    • Simplified LAW reference
  • User-Assigned Identity: Added clientId output
  • Network Connection: Added support for authorizationKey
  • Operational Insights Workspace: Added support for Capacity Reservation
  • Azure Virtual Desktop Host Pool: Expanded agentUpdate interface
  • Diverse: Updated modules to latest API Version
  • Diverse: Streamlined several parameter names (e.g., shortened the name if parts of the name were self-evident)
  • Diverse: Enabled null on DiagnosticLogCategoriesToEnable parameter to enable no logs to be collected.
  • Diverse: Added new test features (e.g., cidrSubnet() function)
  • Diverse: Addressed serveral PSRule findings
  • Diverse: Support both location input and subnet location reference in modules using the Private Endpoint module

CI Environment

  • Added Deploy to Azure button targeting the now required main.json templates
  • Added cross-module reference pipeline triggers, added corresponding Pester test & aligned API Management module
  • Introduce custom Pester results section to GitHub workflow runs
  • Removed the logic retrieving the deployment SP object ID and replacing it in <> token occurrences. The logic is not needed anymore since tests are now using a dependency msi.
  • Removed Az login step from Pester static validation jobs
  • Updated SetEnvironment action to avoid setting up runners twice
  • Renamed linter pipeline to show it is optional
  • Introduced a test that tests that a main.json exists and is aligned with the latest main.bicep
  • Replaced default namePrefix to align with latest GitHub syntax requirements
  • Updated the module table generation
  • Fixed Pester test result output table
  • Added logic to retrieve main resource type leveraging API Specs JSON
  • Improved robustness of registry publishing logic
  • Added Azure context configuration to diverse tasks
  • Enabled the usage of both the old published module name, as well as the new PBR-aligned

Fixes

  • App Service Environment: Fixed issue where ASE subsequent deployments fail after initial successful one
  • Application Gateway:
    • Fixed max length validation of name
    • Fixed globalConfiguration property logic
  • Automation Account: Fixed variables value bug
  • Cognitive Services: Fix for Customer Managed Keys
  • Databricks: Improved test robustness by auto-fetching paired regions
  • DNS Resolver: Fixed references of RBAC resource
  • Event Grid:
    • Enabled Event Subscriptions for both topics & system topics
    • Fixed incorrect eventSubscription passthrough
  • Event Hub:
    • Fixed role assignment naming issues
    • Fixed excess character in nested_roleAssignments.bicep
  • ExpressRouteGateway:
    • Updated pipeline name to align with naming convention
    • Fixed RBAC handling, added lock capability & added min test
  • Firewall Policy: Removed unsupported system-assigned identity
  • Purview: Aligned target location with currently supported set
  • Recover Services Vault: Fixed protection-container child reference
  • NAT Gateway: Fixed dependsOn condition
  • Service Bus Namespace: Fixed bug in test case
  • Storage Account: Fixed isNfsV3Enabled parameter handling
  • SQL Server:
    • Fixed location param passthrough
    • Updated minCapacity default value for elasticpools
  • Synapse Workspace: Update Storage Account input parameter storageAccountName to storageAccountResourceId
  • Virtual Machine: Updated cross reference to updated Recovery Services Vault module
  • Virtual Network Gateway: Fixed parameter handling for vpnAuthenticationTypes & vpnClientProtocols
  • VPN Gateway: Fixed vpnConnections child reference
  • Diverse: Fixed diverse link references
  • Machine Learning Workspace:
    • Added missing purge to test instance removal
    • Added waiting on Private Endpoints before creating compute instances
  • CI: Fixed that a pre-release publishing won't cause actual versions to be published if there has not been any previous release
  • CI: Align GH removal conditions with ADO
  • CI: Addressed latest name changes in module table generation script
  • CI: Fixed module overview table generation
  • CI: Updated deployment search to not prematurely throw an exception
  • CI: Updated ADO pipeline conditions to make it impossible to publish on canceled job
  • CI: Fixed issues when both main.bicep & main.json exist

Utilities

  • Updated token handling for readme examples
  • Updated Bicep to ARM conversion script
  • Added 'required module' to Set-ModuleReadMe.ps1 script
  • Aligned with latest file & folder changes
  • Added logic to pull module names & descriptions from metadata in template

Wiki

  • Added a step by step "how to create a solution"
  • Added guidelines to troubleshoot outdated Bicep versions
  • Incorporated feedback of contributors
  • Updated all wiki sections to latest changes (e.g., naming convention)
  • Fix typos

Tested with version(s)

  • Bicep: 0.20.4
  • Powershell: 7.3.6
  • Az CLI: 2.51.0

New Contributors

All merged PRs

Full Changelog: https://github.com/Azure/ResourceModules/compare/v0.10.0...v0.11.0

v0.10.0

1 year ago

Highlights

📯6 new modules and several extensions to existing modules with child resources and additional features, bringing the number of covered service modules to 124 and the total of resource type templates to 313 📯Enabled reusable workflows in GitHub module validation pipelines, avoiding code duplication 📯Improved user experience running module validation pipelines, allowing users to control which jobs they want to run 📯Integrated PSRule pre-flight checks with GitHub module validation workflows 📯Automated documentation of Pester tests

Modules

  • New modules:
    • Microsoft.Insights/dataCollectionRules
    • Microsoft.Insights/dataCollectionEndpoints
    • Microsoft.Purview/accounts
    • Microsoft.HealthcareApis/workspaces
    • Microsoft.App/containerApps
    • Microsoft.App/managedEnvironments
  • Several new child modules, including:
    • Microsoft.OperationalInsights/workspaces/tables
    • Microsoft.OperationalInsights/workspaces/dataExports
    • Microsoft.EventGrid/domains/topics
  • Updated API version and extended parameters for several modules including those under Storage, Compute, Network, KeyVault, DesktopVirtualization resource providers
  • PSRule - Aligned modules with rule 'Azure.Resource.UseTags'
  • Reduce parameter names to necessary baseline
  • Removed the parameters of those properties that allow a single value only & updated docs
  • Addressed Bicep Update about null-checks
  • Update builtInRoleNames for nested RBAC modules
  • Add premium option to StorageAccount tier with test
  • Included OIDC issuer URL as output to the AKS module
  • Compute Gallery Image Definition update
  • Added min test to managedClusters
  • Enabled RBAC role assignment for disk encryption set key
  • Extend managedCluster and K8s extensions with flux config
  • Support for configuring backup retention policies for Azure SQL Database
  • Key Vault - Added support for key auto-rotation
  • Add support for ADF GlobalParameter
  • Added Database for MySQL Flexible Server Module
  • Added restrictOutboundNetworkAccess to Microsoft.Sql/servers
  • Added missing 'enableDefaultTelemetry' param in test files
  • Simplify roleAssignment implementation for Resource Group
  • Reduced permissions of ML encryption test
  • Updated Encryption Set module conditions for Managed Identities
  • Updated SKU options and added generation parameter for VNET Gateways
  • ManagedClusters - Fix a bug for addonprofiles
  • ManagedCluster - Add support for enabling Open Service Mesh
  • SQL server databases added support for createMode
  • Added test cases to Azure Firewall
  • Update diagnostic settings name approach
  • Updated SKU for the Managed Environment Test
  • Microsoft.Synapse/workspaces - adding 'systemAssignedPrincipalId' as output

CI Environment

  • Integrate PSRule action with GH module workflows
  • Added controls to enable only Pester and or only deployment tests
  • Added automation to update the Static Validation Tests documentation
  • GitHub Reusable workflows for module validation pipelines
  • Moved test scripts to shared folder & renamed shared templates folder
  • Increased Azure DevOps timeout for Microsoft.Web/hostingEnvironments
  • Use GITHUB_TOKEN for manage issue platform pipeline
  • Remove assign issue to project GitHub workflow

Fixes

  • Update Resource Group roleAssignments name (GUID) to use Resource Group resourceID instead of Resource Group name
  • Remove JSON function from modules not requiring it
  • Disable referenced modules telemetry for a few modules missing the functionality
  • Replace 'adp' naming prefix across modules
  • Align ADO module pipeline input parameters
  • Updated documentation references from docs.microsoft.com - to learn.microsoft.com
  • Replace missing occurrences of learn.microsoft.com links and regenerated readmes
  • Automation account fix parameter names
  • Fix filter for excluded workflows in manage issue pipeline
  • Fix target-path reference for Universal Package Publish
  • Regenerate readmes after PSRule tags PR
  • Diskencryptionsets and Eventgridsubscriptions tags update
  • Automation account schedule frequency update
  • Updated tags of SignalRService Resource Provider
  • Storage Account Local User : Pass on correct parameter
  • Fixed a minor utility issue due to a parameter type change
  • Small documentation fixes
  • Removed child resource that may not be used in the applied context

Utilities

  • New condition for adding examples in module readme
  • Updated regex to remove top-level dependsOn statements
  • Enforce PowerShell version 7.3 where required

Wiki

  • Add further details to identity bug of Recovery Services Vault to its documentation
  • Removed outdated 'upgrade release' page in favor of our general upgrade guidelines
  • Added disclaimer/guidance on which version of the code to leverage
  • Added a PowerShell script example to frontload all supported publish locations with all modules

New Contributors

Tested with version(s)

  • Bicep: 0.15.31
  • Powershell: 7.3.2
  • Az CLI: 2.46.0

All merged PRs

Full Changelog: https://github.com/Azure/ResourceModules/compare/v0.9.0...v0.10.0

v0.9.0

1 year ago

Highlights

📯7 new modules and several extensions to existing modules with child resources and additional features, bringing the number of covered service modules to 117 and the total of resource type templates to 291 📯Enabled concurrency feature in GitHub workflows that ensures there are no 2 concurrent runs of the same workflow 📯Improved publishing with 'Publish if not exists' feature and shortening for Template Specs artifacts 📯Improved static validation through the AzureAPICrawler PowerShell module for API versions tests 📯Added scheduled workflow to validate PSRule pre-flight checks on the whole library

Modules

  • New modules:
    • Microsoft.EventGrid/domains
    • Microsoft.EventGrid/subscriptions
    • Microsoft.DevTestLab/labs
    • Microsoft.CDN/profiles
    • Microsoft.Network/networkManagers
    • Microsoft.SignalRService/signalR
    • Microsoft.PolicyInsights/remediations
  • Several new child modules, including:
    • Microsoft.Sql/servers/keys
    • Microsoft.Compute/galleries/applications
    • Microsoft.Web/sites/slots
  • Updated API version for several modules: Locks, Tags, Resource Groups, DocumentDB DatabaseAccounts, Consumption Budgets, Recovery Services, Azure Policy Assignments, Machine Learning Workspaces, DBforPostgreSQL Flexible Servers, Web Sites, AVD Scaling Plans
  • Enabled 'AllLogs' as diagnostic category
  • Updated Private Endpoint Config to Allows Static IP on Parent Modules
  • Improved CMK implementation for Cognitive Services and Container Instances
  • Azure Cosmos DB SQL Container Indexing policy
  • Added ContainerRegistry anonymousPullEnabled property
  • Added support for Virtual Machine Automatic VM Guest Patching
  • Added Storage Accounts SFTP and LargeFileShares features
  • Updated VNET Gateway to reference Public IP module
  • Added Virtual Machines AADJoin Extension feature
  • Dependencies approach fixes and updates: variable usage, deployment names, template formatting
  • Updated Azure Policy Definitions - mode to support 'Microsoft.Network.Data'
  • Updated Recovery Services Vaults publicNetworkAccess property
  • Added Virtual Machine Images named Staging Resource Group VM User-Assigned IDs and SIG Image parameters
  • Added Compute gallery Images SecurityType property and extended test coverage
  • Connect Azure Firewall to a VirtualHub

CI Environment

  • Enabled concurrency feature in GitHub workflows that ensures there are no 2 concurrent runs of the same workflow
  • Improved publishing with 'Publish if not exists' feature and identifier shortening for TemplateSpecs artifacts
  • Improved static validation through the AzureAPICrawler PowerShell module for API versions tests
  • Added scheduled workflow to validate PSRule pre-flight checks on the whole library
  • Automated creation and closure of GitHub issues for failing pipelines
  • Migrated 'Issue to Project' assignment automation from GitHub project (classic) to GitHub projects
  • Added platform pipelines status badge to the main readme

Wiki

  • Update telemetry article
  • Added sorting to wiki module table
  • Updated dependencies approach guidelines in module design
  • Added initial version of troubleshooting guidance
  • Updated Network Manager documentation and Wiki known issues

Utilities

Fixes

  • Fixed removal of Maintenance Configurations and Log Analytics Workspaces
  • Improve removal of resources in a retry scenario
  • Privatelink ADO pipeline name fix
  • Cleanup hardcoded nameprefix references
  • Update builtInRoleNames list for nested_roleAssignments modules
  • Switch from az bicep build to bicep build to avoid rate limits
  • Fixed hardcoded artifacts-rg reference
  • Fixed VNET Peering test
  • Update link to code examples in module design Wiki
  • Several minor fixes for the Publishing logic
  • Solve issue with WAF config in Application Gateway

New Contributors

Tested with version(s)

  • Bicep: 0.13.1
  • Powershell: 7.3.2
  • Az CLI: 2.44.1

All merged PRs

Full Changelog: https://github.com/Azure/ResourceModules/compare/v0.8.0...v0.9.0

v0.8.0

1 year ago

Highlights

📯Self-contained dependencies approach to module deployment validation: All tests are now deploying their own resource dependencies together with the target test resource in a dedicated resource group and removed afterwards. In addition, module test JSON parameter files have been converted to Bicep test files:

When you onboarded CARML in version 0.7.0 and before, you had to first run a dependency pipeline that would deploy a set of 'persistent' Azure services we'd then use in subsequent module tests as references (for example to deploy a VM into a VNET) as seen in the following image.

070carmlpipe

Now, from version 0.8.0 onward, these dependencies (if any) are deployed as part of each module's test. This means, the VM test would deploy itself the aforementioned VNET and all resources would be removed after:

080carmlpipe

📯Deployment history cleanup: A scheduled pipeline has been introduced to automatically cleanup deployment history for Management Group and Subscription scopes. 📯Alignment with latest Bicep linter rules: Fixes have been implemented throughout the library to comply with decompiler-cleanup and prefer-unquoted-property-names linter rules. In particular, a new utility Update-RoleAssignmentList allows to update latest available Role Definitions for each module nested Role Assignments while complying with the prefer-unquoted-property-names linter rule.

Modules

  • Update all modules' tests to new dependencies approach
  • New modules:
    • Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies
    • Microsoft.Network/dnsResolvers
    • Microsoft.Maintenance/maintenanceConfigurations
  • Updated API version for several modules: ACR, RSV, VMSS, AKS, ML Workspaces, Private Endpoints, Virtual Hubs, Locks, Compute Images, Policy Exemptions, Role Definitions, Proximity Placement Groups
  • Extend modules with child resources and new features:
    • Multi additions to staticSites
    • Add TLS setting support to SQLMI
    • Extend Web Sites with kvrefidentity
    • Updated virtualNetworkGateways to support AAD VPN
    • Enable Key Vault Purge Protection per default (disable in tests)
    • Update ubuntu and windows OS images used for tests to latest versions
    • Added Elastic Pool support to SQL Server
    • Added replication alerts to Recovery Services Vault
    • Allow upgrading all node pools in an AKS cluster to the same Kubernetes version
    • Allow creating a ContainerGroup with one or more containers
  • Add missing tags to Key Vaults, User Assigned Identities and Web Server Farms common test
  • Align networkAcls implementation for StorageAccounts, KeyVaults and CognitiveServices modules
  • Update nested_roleAssignment to comply with prefer-unquoted-property-names linter rule
  • Fixing linter warning decompiler-cleanup
  • Replacing hardcoded environment URLs with the environment() function
  • Updated MS.AuthZ namespace modules to use .id for ResourceID outputs

CI environment

  • Added scheduled pipelines for Subscription & Management-Group Deployment history cleanup
  • Updated the deployment name generation to be more detailed
  • Broken links pipeline update
  • Updated GitHub workflows to use actions-checkout@v3
  • Replace set-output commands with GH environment file $env:GITHUB_OUTPUT
  • Update static validation result publish version to v2
  • Update removal to support Azure Security Center module
  • Updated RBAC tests to be more explicit about the principal type
  • Extend and optimize resource removal of nested deployments with higher scope than the parent
  • Remove support to previous deployment validation approach

Wiki

  • Solution creation section: Azure DevOps example for pipeline-orchestration
  • Update Fetch latest updates section and fix broken links
  • Additional cleanup after converted test files

Utilities

  • Added utility Update-RoleAssignmentList
  • Updated compatability of Set-ModuleReadMe utility to new dependencies approach, handle inline quotations and improved function identification regex
  • Updated compatability of Test-NamePrefixAvailability utility to new dependencies approach
  • Updated compatability of ConvertTo-ARMTemplate utility to new dependencies approach

Fixes

  • Improve disk encryption options to VM and VMSS
  • Fix typo in readmes and parameter files: privateDnsZoneGroups to privateDnsZoneGroup
  • Fixed RBAC File Names & Roles accross multiple modules
  • Key Vault - Fix parameter usage section
  • Fixed usage of deployment name in Test-Deployment script
  • Update Linter pipeline filename and trigger
  • Updated the way child module readmes are referenced
  • Fixed location of settings

New Contributors

All merged PRs

Full Changelog: https://github.com/Azure/ResourceModules/compare/v0.7.0...v0.8.0

v0.7.0

1 year ago

Highlights

📯 CMK and networking improvements across all modules: Customer-Managed Keys have been refined across all modules currently supporting them, aiming for this feature to have a consistent interface (input parameters) across the library. Also, networking capabilities such as private endpoints, private DNS zone integration and public network access have been improved across modules implementing them. For instance, public network access is now disabled by default on the deployed resources when private endpoints are set, unless differently specified. 📯 Simplified token handling & repository configuration: The token replacement feature has been refined by providing a centralized place where to store variables, for both GitHub and Azure DevOps orchestrations, simplifying the CI environment initial setup. The deployment Service Principal object ID, previously required to be set as a secret, is now automatically retrieved by the pipelines, reducing the list of secrets/variables to configure for the validation pipelines to run. 📯 Improved module documentation: Each module ReadMe now lists all local cross-referenced modules leveraged by their implementation. Deployment examples are also improved by listing required parameters first, followed by the rest, each in alphabetical order. In addition, a Module overview page has been added to the Wiki, outlining supported features for each module such as Private endpoints, Diagnostic Settings and RBAC.

Modules

  • New modules:
    • Redis Cache
    • Web PubSub
    • PowerBIDedicated Capacities
    • Synapse Workspaces
    • Private Link Services
    • Azure Database for PostgreSQL Flexible Servers
  • Aligned the CMK implementation across current modules
  • Aligned public network access implementation across modules to get automatically disabled if private endpoints are set
  • Updated & aligned role assignment implementation across modules
  • Added private endpoint support for Batch accounts, DataFactory, Recovery Services Vaults
  • Improved default security values for AKS, Log Analytics, Sql Servers
  • Updated API version for several modules under ContainerInstance, ContainerService, NetApp, Network, Sql, Storage resource providers
  • Removed autogenerated unique name feature from all modules
  • Introduced linter-ignore statements for false-positives

CI environment

  • [MAJOR/BREAKING] Renamed arm folder to modules
  • [MAJOR/BREAKING] Renamed .parameters folder to .test
  • Token Mechanism Uplift (support tokens as GitHub Secret + Migrate Settings.Json to Settings YAML)
  • Autofetch ServicePrincipal Object ID
  • Static validation improvements:
    • Added integration with private DNS zones to all module tests deploying private endpoints
    • Added test case for parameter description
    • Moved global Pester tests to utilities
  • Extended and improved dependencies pipeline:
    • Added private DNS zones dependencies
    • Added new dependencies for Private Link Services module
    • Use deployment scripts for the Store VHD to blob container option
  • Added subscription context for supporting MG scope service connections
  • Enabled CI environment to handle DeploymentTest (Bicep) files for upcoming self-contained dependencies approach
  • Further alignment between ADO pipelines and GH workflows

Wiki

  • Added new section Module overview outlining all module features for the whole library
  • Added new section Fetch latest CARML updates for internalized libraries
  • Improved Solution creation section with decision support for publishing target locations and updated template-orchestrated solution examples
  • Updated Contribution guide to reference latest project board approach
  • Improved Known Issues section

Utilities

  • Improved Module readme generator (Set-ModuleReadMe):
    • Added new section Cross-referenced modules
    • Improved Deployment examples section:
    • Each example lists all the required parameters first, followed by the rest - each in alphabetical order
    • Moved Bicep example in front of JSON
    • Added quotation for empty allowed values
  • Added utility to bulk-run pipelines for a given branch
  • Updated DevOps Pipeline Registration
  • Added ManagementGroup-Deployment removal script

Fixes

  • Fixed several Linter warnings for Natural language
  • Extended vscode settings with json specific to align file formatting
  • Fixed resource removal stage attempting to remove dependency resources
  • Improved CI environment compatibility with Linux & improved robustness
  • Fixed failing dependencies pipeline on VHD creation
  • Updated private endpoint and user assigned identity readme parameter usage templates

All merged PRs

New Contributors

Full Changelog: https://github.com/Azure/ResourceModules/compare/v0.6.0...v0.7.0

v0.6.0

1 year ago

Highlights

📯 Cross-Module reference alignment: To increase consistency and avoid code duplication, all modules previously leveraging nested templates for resources of a different resource type are now referencing the same CARML module 📯 Added Bicep + JSON deployment examples to all module readme files 📯 Added CARML logical layers and personas Wiki page

Modules

  • New modules:
    • App Configuration Stores with Key Values
    • Compute NetworkInterfaces
    • DataProtection Backupvaults
    • OperationsManagement Solutions
    • Authorization Locks
  • Improved modules:
    • Cognitive Services: Set secure defaults
    • EventGrid: Set secure defaults
    • Storage Accounts: Implemented Customer-Managed Keys
    • SQL Server: Added private endpoint and vulnerability assessments
    • Private DNS records: Added Role assignments
    • VirtualMachine: Configure boot diagnostics with managed storage account
    • Eventhub: Added Network Rules
    • VMSS: Added Condition to EncryptionAtHost
    • OperationalInsights: Added etag parameter to SavedSearches
    • Azure Firewall: Added Public IP
    • Bastion Hosts: Added Public IP
    • ACR: Added webhooks and updated ACR CMK implementation
    • BatchAccounts: Added configuration options
    • AKS: Added Application Gateway Ingress Controler (AGIC) addon
    • Updated API version for Role assignments, ML Workspace, Eventhub, Recovery Services Vault, Compute Galleries
  • Improved parameter metadata descriptions & module readmes:
    • Updated parent-child resource conditional description
    • Improved parameter description formatting
    • Update conditional parameters descriptions to include the condition under which they are required
    • Merged Azure Resource Reference documentation links with the list of deployed resource types
  • Changed telemetry implementation to only deploy a single PID: Disabled telemetry on child resources and on cross-referenced resources
  • Added location output to all templates supporting it
  • Added multiple VM deployment example

CI Environment

  • Improved robustness and duration of environment setup task on agents
  • Improved resource removal logic:
    • Implemented purge for AppConfiguration
    • Added role assignment removal
    • Added registrationDefinitions removal
    • Improved lock removal
    • Cleanup custom removal logic for VWan
  • Improved GitHub workflows:
    • Updated GitHub Workflows to use Azure/PowerShell action
  • Improved ADO pipelines:
    • Fixed ADO publishing to Bicep registry
    • Fixed ADO triggerpath
    • Updated conditions for ADO dependency pipeline
  • Created Issue-Assignment pipeline to automate assignment of new issues to the intended project

Static Validation

  • New Pester tests:
    • All parameter descriptions should end with a period
    • Conditional parameters description should contain the condition under which they are required
  • Added exception handling for resources not having standard outputs
  • Reworked tests to not use HTML & shared functions
  • Expanded Pester test output

Wiki

  • Overarching review and lingo update
  • Improved solution examples
  • Extended Contribution flow section
  • Updated required GitHub settings to successfully run static validation
  • Added Management Group module notes to known issues

Utilities

  • Enabled generation script to add Bicep + JSON deployment examples to module readmes
  • Added Get-FormattedGitHubRelease function to support release highlights (these highlights :) )
  • Improved Set-ModuleReadMe utility when called w/ relative path

Fixes

  • Workaround for Az CLI bug introduced by latest CLI version (2.37.0) used by the ubuntu-20.04 agents
  • Replace space with %20 in the ADO projectname
  • Fixed pipeline name parsing in Register-AzureDevOpsPipeline utility
  • Update casing for IPsec connections
  • Added missing output to Tags module
  • Fixed all parameter descriptions to comply with updated static validation
  • Fixed KeyVault reference for Bicep example in ReadMes
  • Updated references to the global variables file
  • Fixed typo in global test
  • Swapped the values for tenantId and deploymentSpId
  • Corrected AVD Host pool parameter for dependency pipeline
  • Added principalType to RSV param
  • Fixed ApplicationGateway pipeline deployment by updating the keyvault reference

All merged PRs

New Contributors

Full Changelog: https://github.com/Azure/ResourceModules/compare/v0.5.0...v0.6.0

v0.5.0

2 years ago

Highlights

Modules

  • New modules:
    • Tags
    • VPN gateways
    • VPN sites
    • Static Web Apps
    • Azure Active Directory Domain Services (Azure ADDS)
    • Network security groups
    • Azure Virtual Desktop Scaling plans
    • Front Door
    • AKS extensions and flux configurations
    • Event Grid system topics child module
    • Service Bus topics and topics authorizationRules child modules
    • Recovery services vault child modules for configuring Azure Site Recovery for A2A DR
    • Private DNS zones child modules
  • Extensively updated modules:
    • Application gateways
    • Kubernetes services
    • Container registries
    • Web sites
    • Virtual WANs
  • Extended test coverage
  • Updated diagnostic settings and RBAC extensions across all modules using them
  • Enabled solution telemetry for all modules (Note: The ID is only used to gain insights into the library's usage. It can be disabled in the settings.json.)

CI Environment

  • Consolidated Azure DevOps and GitHub Actions to use a single variable file for environment variables
  • Added automatic fetch of parameter files to GitHub actions
  • Added documentation to GitHub composite actions
  • Improved static validation: Extended tests to make sure that tokens are leveraged in parameter files and that the module readme's matches the Set-ModuleReadMe utility's output
  • Improved deployment validation: Optimized deployment, removal and login scripts
  • Improved publishing: Support to multiple scopes and cascading version update (publishing major and major.minor versions together with major.minor.patch versions)
  • Aligned pipeline UI stages/jobs display names with Wiki and diagrams
  • Added pipeline trigger when updating global tests
  • Removed Azure DevOps pipeline trigger on PRs

Tools

  • Module readme generator (Set-ModuleReadMe) updates:
    • Automated parameter table categories
    • Automated table of contents
    • Added support for multi-line metadata
  • Added script to check namePrefix availability (Test-NamePrefixAvailability)
  • Added bicepconfig.json to disable Linter location warning
  • Improved Broken Links Check pipeline
  • Improved main home readme generator pipeline for both Azure DevOps and GitHub
  • Added Yaml templates for PRs, Bugs and Feature Requests

Wiki

  • Extensive wiki restructuring to highlight different repo usage scenarios and provided functionality (module library and CI enviroment)
  • Added and updated image diagrams across all sections
  • Improved step-by-step contribution guide flow
  • Improved documentation on Known issues
  • Added Solution creation page with deployment examples leveraging published modules
  • Added guidelines for multi-repo orchestration
  • Added migration guidelines section for release updates
  • Document prerequisites for Azure DevOps Universal Artifact Feed

Fixes

  • Aligned Azure DevOps and GitHub pipelines for dependencies and soft deleted resource purge
  • Updating general removal sequence to fix private endpoint removal for all modules
  • Unique name generation for event hub namespace
  • Removed serial deployment (batch) from virtual network subnets, NetApp capacity pools, operational insights solutions
  • Fixed broken links across documentation and Wiki

What's Changed

New Contributors

Full Changelog: https://github.com/Azure/ResourceModules/compare/v0.4.0...v0.5.0

v0.4.0

2 years ago

Highlights

Modules

  • Added versioning via version.json file in each module
  • Added Synapse Private Link Hubs
  • Added Compute Disks module
  • Added Service Fabric Cluster module
  • Added Virtual Hub module
  • Added Load Balancer Child modules
  • Standardized naming of diagnostic settings parameters
  • Deprecated AutoManage module and migrated it to VM module
  • Update KeyVault, Virtual Machine, Virtual Machine Scale Set, Event Hub and Storage Account to default secure values
  • Aligned all outputs to name, resourceGroup & resourceId where applicable
  • VNET subnets parameter now optional
  • Aligned AppInsights module with template reference property names

CI Environment

  • Enabled local <<namePrefix>> in the settings.json file
  • Dependency pipeline
    • Added Azure DevOps counterpart
    • Added additional resources: Proximity Placement Group, Image Template
    • Improved end-to-end flow by improving value pass-over
  • Improved error details
  • Aligned stage names of GitHub & Azure DevOps
  • Added additional test files
  • Enabled ManagementGroup level removal
  • Added publishing of child modules
  • Introduced grouping of logs on GitHub

Tools

  • Improved flexibility of the Test-ModuleLocally function

Wiki

  • Added utilities in addition to the documentation inside the scripts
  • Updated Module Usage examples to latest Bicep features & added bicepconfig.json examples
  • Updated dependencies section to latest token solution

Fixes

  • VMs now cleanup their attachments correctly
  • Azure DevOps pipelines can now be canceled properly
  • VNETs idempotency now consistent
  • Fixed issue for ConvertTo-ARMTemplate utility
  • Policy Assignment now explicitly specifies the principal type, fixing an issue where the API would not properly work for subsequent deployments

What's Changed

New Contributors

Full Changelog: https://github.com/Azure/ResourceModules/compare/v0.3.1...v0.4.0

v0.3.1

2 years ago

Highlights

  • Modules
    • Aligning deployment names for all modules
    • Aligning to the same diagnostic settings API version for all modules
    • Aligning deployed resource names to the same convention
    • Adding missing diagnostic settings input parameters for several modules
    • Adding multiple testing parameter files to several modules
  • Platform
    • Adding first version of ADO pipelines
    • Refactoring the GitHub workflow design to
      • leverage a single GitHub action for all Pester tests
      • leverage a single GitHub action to test module deployments end-to-end (validation, deployment, removal)
    • Improving dependency pipeline for GitHub workflows
    • Improving testing for child resources
    • Improving removal procedure to leverage deployments instead of resource tags
    • Adding removal procedure (purge) for resources for which soft-deletion is enforced
    • Adding trigger on common scripts' changes for GitHub workflows
  • Tools
    • Improving the Bicep to ARM Templates conversion script
    • Adding Broken Link Check Action to validate all URLs inside the repository
  • Wiki
    • Improving docs for Pipelines, Modules & Testing sections
    • Updating information for the Support section
    • Extending docs for removal procedure
    • Adding documentation for utility scripts

Merged PRs

New Contributors

Full Changelog: https://github.com/Azure/ResourceModules/compare/v0.3.0...v0.3.1