Azure/ALZ-Bicep v0.20.0

on GitHub

Summary

In this release, the primary update is alignment with the Q1 2025 Policy Refresh.

We've also fixed several bugs, one of which results in some breaking changes, so please see the Breaking Changes section below for additional information.

What's Changed

• feat: Policy Refresh Q1 FY25 by @oZakari in #806
• feat: Update Policy Library (automated) by @cae-pr-creator in #894
• fix: Private DNS Zones Bug (#695) by @jtracey93 in #891
• fix: Resolve a variety of bugs and update api version of private dns zone links resource by @oZakari in https://github.com/Azure/ALZ-
• chore: artifact workflow trigger fix by @jaredfholgate in #872
• chore: [StepSecurity] Apply security best practices by @step-security-bot in #876
• build: Bump github/codeql-action from 3.26.10 to 3.26.13 by @dependabot in #879
• build: Bump actions/checkout from 4.1.1 to 4.2.1 by @dependabot in #881
• build: Bump actions/upload-artifact from 4.4.0 to 4.4.3 by @dependabot in #880
• build: Bump softprops/action-gh-release from 2.0.8 to 2.0.9 by @dependabot in #893
• build: Bump github/codeql-action from 3.26.13 to 3.27.0 by @dependabot in #887
• build: Bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in #889
• build: Bump actions/dependency-review-action from 4.3.4 to 4.4.0 by @dependabot in #892
  Bicep/pull/896

Breaking Changes

Private DNS Zones Breaking Changes

The local private DNS zones modules (privateDnsZones.bicep) has been replaced in the networking related modules in this repo with the AVM Pattern module of avm/ptn/network/private-link-private-dns-zones to resolve bug #695.

This has meant some breaking changes to each of the networking modules that are detailed below.

privateDnsZones.bicep

• This module has been removed as of v0.20.0 and replaced with the AVM Pattern Module of avm/ptn/network/private-link-private-dns-zones. Please use this module going forward.

hubNetworking.bicep & hubNetworking-multiRegion.bicep

• parPrivateDnsZones default value changed to an empty array ([])
  • Only enter values in here if you want to override the defaults in the underlying AVM pattern module. See: https://github.com/Azure/bicep-registry-modules/tree/main/avm/ptn/network/private-link-private-dns-zones#parameter-privatelinkprivatednszones
• parPrivateDnsZoneAutoMergeAzureBackupZone removed from module
• parVirtualNetworkResourceIdsToLinkTo added to module, you can prefer to use this parameter instead of parVirtualNetworkIdToLink & parVirtualNetworkIdToLinkFailover if you wish (they are automatically all merged together by the module anyway)
• The value returned in outPrivateDnsZones has changed

From:

[
  {
    "name": "privatelink.api.azureml.ms",
    "id": "/subscriptions/<subID>/resourceGroups/<rgID>/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms"
  },
  {
    "name": "privatelink.notebooks.azure.net",
    "id": "subscriptions/<subID>/resourceGroups/<rgID>/providers/Microsoft.Network/privateDnsZones/privatelink.notebooks.azure.net"
  },
  …
]

To:

[
  {
    "pdnsZoneName": "privatelink.api.azureml.ms",
    "virtualNetworkResourceIdsToLinkTo": [
      "/subscriptions/<subID>/resourceGroups/<rgID>/providers/Microsoft.Network/virtualNetworks/alz-hub-uksouth"
    ]
  },
  {
    "pdnsZoneName": "privatelink.notebooks.azure.net",
    "virtualNetworkResourceIdsToLinkTo": [
      "/subscriptions/<subID>/resourceGroups/<rgID>/providers/Microsoft.Network/virtualNetworks/alz-hub-uksouth"
    ]
  },
  …
]

vwanConnectivity.bicep

• parPrivateDnsZones default value changed to an empty array ([])
  • Only enter values in here if you want to override the defaults in the underlying AVM pattern module. See: https://github.com/Azure/bicep-registry-modules/tree/main/avm/ptn/network/private-link-private-dns-zones#parameter-privatelinkprivatednszones
• parVirtualNetworkIdToLink & parVirtualNetworkIdToLinkFailover removed from module and replaced with parVirtualNetworkResourceIdsToLinkTo
• The value returned in outPrivateDnsZones has changed

From:

[
  {
    "name": "privatelink.api.azureml.ms",
    "id": "/subscriptions/<subID>/resourceGroups/<rgID>/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms"
  },
  {
    "name": "privatelink.notebooks.azure.net",
    "id": "subscriptions/<subID>/resourceGroups/<rgID>/providers/Microsoft.Network/privateDnsZones/privatelink.notebooks.azure.net"
  },
  …
]

To:

[
  {
    "pdnsZoneName": "privatelink.api.azureml.ms",
    "virtualNetworkResourceIdsToLinkTo": [
      "/subscriptions/<subID>/resourceGroups/<rgID>/providers/Microsoft.Network/virtualNetworks/alz-hub-uksouth"
    ]
  },
  {
    "pdnsZoneName": "privatelink.notebooks.azure.net",
    "virtualNetworkResourceIdsToLinkTo": [
      "/subscriptions/<subID>/resourceGroups/<rgID>/providers/Microsoft.Network/virtualNetworks/alz-hub-uksouth"
    ]
  },
  …
]

New Contributors

• @step-security-bot made their first contribution in #876

Full Changelog: v0.19.4...v0.20.0