Overview/Summary
A huge thanks to @rjygraham for all his efforts on this PR and to the rest of the
ALZ-Bicepcore team for testing and reviewing 👏
This release includes PR #227 which focuses on code/file hygiene and consistency across modules. This includes ensuring file names, parameters, outputs are camelCased and changes to readability of parameters and outputs to ensure ALZ-Bicep is user-friendly and approachable to new users.
NOTE: The likelihood of experiencing breaking changes is high since this release touches nearly every file. Please carefully review the Breaking Changes section below for details on what's changed and suggestions for migrating to this release.
Breaking Changes
The breaking changes fall into two categories:
- File/module name changes/moves
- Parameter/output name changes
Bicep Template File Name Changes
The following Bicep files/modules have had their names changed:
| Module | Old File Name | New File Name |
|---|---|---|
| customRoleDefinitions | definitions/caf-subscription-owner-role.bicep | definitions/cafSubscriptionOwnerRole.bicep |
| customRoleDefinitions | definitions/caf-application-owner-role.bicep | definitions/cafApplicationOwnerRole.bicep |
| customRoleDefinitions | definitions/caf-network-management-role.bicep | definitions/cafNetworkManagementRole.bicep |
| customRoleDefinitions | definitions/caf-security-operations-role.bicep | definitions/cafSecurityOperationsRole.bicep |
| customRoleDefinitions | definitions/china/mc-caf-network-management-role.bicep | definitions/china/mc-cafNetworkManagementRole.bicep |
| customRoleDefinitions | definitions/china/mc-caf-security-operations-role.bicep | definitions/china/mc-cafSecurityOperationsRole.bicep |
| customPolicyDefinitions | definitions/custom-policy-definitions.bicep | definitions/customPolicyDefinitions.bicep |
| customPolicyDefinitions | definitions/mc-custom-policy-definitions.bicep | definitions/mc-customPolicyDefinitions.bicep |
| hubSpoke | orchestration/hubSpoke/orch-HubSpoke.bicep | orchestration/hubSpoke/orchHubSpoke.bicep |
Bicep Parameter File Name Changes
All modules have had their parameter files moved and names changed. Rather than detail each change individually, the guidance below illustrates how the parameter file names have changed and the changes made to the location of the parameter files for each module.
- Each module has had its parameter files moved into a new
/parameterssub-folder inside the module folder - Parameter files are now named according to the convention:
<module>.<parameterSet>.parameters.<min|all>.json
-<module>denotes the current module (and scope when necessary), for example:roleAssignmentManagementGroup
-<parameterSet>denotes a set of parameters with similar characteristics, for example:securityGroup
-parametersconstant to denote file as a parameters file
-<min|all>.jsondenotes whether a parameter file contains all possible parameters or only minimum necessary for deployment (more onmin.jsonin What's Changed section below)
Examples of how parameter file locations and names have changed:
| Module | Old File Name | New File Name |
|---|---|---|
| hubNetworking | hubNetworking.parameters.example.json | parameters/hubNetworking.parameters.all.json |
| policyAssignment | assignments/policyAssignmentManagementGroup.parameters.example-deny.json | assignments/parameters/policyAssignmentManagementGroup.deny.parameters.all.json |
| roleAssignments | roleAssignmentManagementGroup.securityGroup.parameters.all.json | parameters/roleAssignmentManagementGroup.securityGroup.parameters.all.json |
Bicep Parameter/Output Name Changes
Most modules have had changes to their parameter, variable, resource, module, and output symbolic names to ensure:
- Strict
camelCasing, for example:parDNSServerIPArraybecomesparDnsServerIpArray - Readability: update to all
parandoutvalues in Bicep templates to include full product name instead of camelCased abbreviation:
-parExpressRouteGwNameinstead ofparErGwName
- Services with "Azure" in the name are abbreviated "Az", for example:parBastionNamebecomesparAzBastionName
- In the case of VPN, since it is not product name and instead a generally understood industry acronym, it remains:parVpnGatewayConfig - Except in instances where a switch aligns with an ARM property name, switches have been renamed with intended effect as last segment of the name
- Since variable, resource, module constructs are not part of the "API" surface area (i.e. input/output), they were merely
camelCasedand not necessarily renamed per readability point above.
Added Parameters
The following module parameters were added:
| Module | File Name | New Parameter Name |
|---|---|---|
| customRoleDefinitions | mc-customRoleDefinitions.bicep | parTelemetryOptOut |
| customPolicyDefinitions | mc-customPolicyDefinitions.bicep | parTelemetryOptOut |
| roleAssignments | roleAssignmentManagementGroupMany.bicep | parTelemetryOptOut |
| roleAssignments | roleAssignmentSubscriptionMany.bicep | parTelemetryOptOut |
Changed Parameters
The following module parameter names have changed:
Please use the scroll bar at the bottom of the table
| Module | File Name | Old Parameter Name | New Parameter Name |
|---|---|---|---|
| hubNetworking | hubNetworking.bicep | parDNSServerIPArray | parDnsServerIps |
| hubNetworking | hubNetworking.bicep | parPublicIPSku | parPublicIpSku |
| hubNetworking | hubNetworking.bicep | parBastionEnabled | parAzBastionEnabled |
| hubNetworking | hubNetworking.bicep | parBastionName | parAzBastionName |
| hubNetworking | hubNetworking.bicep | parBastionSku | parAzBastionSku |
| hubNetworking | hubNetworking.bicep | parAzureFirewallEnabled | parAzFirewallEnabled |
| hubNetworking | hubNetworking.bicep | parAzureFirewallName | parAzFirewallName |
| hubNetworking | hubNetworking.bicep | parFirewallPoliciesName | parAzFirewallPoliciesName |
| hubNetworking | hubNetworking.bicep | parAzureFirewallTier | parAzFirewallTier |
| hubNetworking | hubNetworking.bicep | parAzureFirewallAvailabilityZones | parAzFirewallAvailabilityZones |
| hubNetworking | hubNetworking.bicep | parNetworkDNSEnableProxy | parAzFirewallDnsProxyEnabled |
| hubNetworking | hubNetworking.bicep | parDisableBGPRoutePropagation | parDisableBgpRoutePropagation |
| policy | assignments/alzDefaults/alzDefaultPolicyAssignments.bicep | parPolicyAssignmentDefinitionID | parPolicyAssignmentDefinitionId |
| policy | assignments/alzDefaults/alzDefaultPolicyAssignments.bicep | parPolicyAssignmentIdentityRoleAssignmentsAdditionalMGs | parPolicyAssignmentIdentityRoleAssignmentsAdditionalMgs |
| policy | assignments/alzDefaults/alzDefaultPolicyAssignments.bicep | parPolicyAssignmentIdentityRoleDefinitionIDs | parPolicyAssignmentIdentityRoleDefinitionIds |
| policy | assignments/policyAssignmentManagementGroup.bicep | parPolicyAssignmentDefinitionID | parPolicyAssignmentDefinitionId |
| policy | assignments/policyAssignmentManagementGroup.bicep | parPolicyAssignmentIdentityRoleAssignmentsAdditionalMGs | parPolicyAssignmentIdentityRoleAssignmentsAdditionalMgs |
| policy | assignments/policyAssignmentManagementGroup.bicep | parPolicyAssignmentIdentityRoleDefinitionIDs | parPolicyAssignmentIdentityRoleDefinitionIds |
| policy | definitions/customPolicyDefinitions.bicep | parTargetManagementGroupID | parTargetManagementGroupId |
| policy | definitions/mc-customPolicyDefinitions.bicep | parTargetManagementGroupID | parTargetManagementGroupId |
| publicIp | publicIp.bicep | parPublicIPName | parPublicIpName |
| publicIp | publicIp.bicep | parPublicIPSku | parPublicIpSku |
| spokeNetworking | spokeNetworking.bicep | parBGPRoutePropagation | parDisableBgpRoutePropagation |
| spokeNetworking | spokeNetworking.bicep | parDnsServerIPs | parDnsServerIps |
| spokeNetworking | spokeNetworking.bicep | parNextHopIPAddress | parNextHopIpAddress |
| vnetPeeringVwan | hubVirtualNetworkConnection.bicep | parVirtualHubResourceId | parVirtualWanHubResourceId |
| vnetPeeringVwan | vnetPeeringVwan.bicep | parVirtualHubResourceId | parVirtualWanHubResourceId |
| vwanConnectivity | vwanConnectivity.bicep | parVhubAddressPrefix | parVirtualHubAddressPrefix |
| vwanConnectivity | vwanConnectivity.bicep | parAzureFirewallTier | parAzFirewallTier |
| vwanConnectivity | vwanConnectivity.bicep | parVPNGatewayEnabled | parVpnGatewayEnabled |
| vwanConnectivity | vwanConnectivity.bicep | parERGatewayEnabled | parExpressRouteGatewayEnabled |
| vwanConnectivity | vwanConnectivity.bicep | parAzureFirewallEnabled | parAzFirewallEnabled |
| vwanConnectivity | vwanConnectivity.bicep | parNetworkDNSEnableProxy | parAzFirewallDnsProxyEnabled |
| vwanConnectivity | vwanConnectivity.bicep | parVWanName | parVirtualWanName |
| vwanConnectivity | vwanConnectivity.bicep | parVHubName | parVirtualWanHubName |
| vwanConnectivity | vwanConnectivity.bicep | parVPNGwName | parVpnGatewayName |
| vwanConnectivity | vwanConnectivity.bicep | parERGwName | parExpressRouteGatewayName |
| vwanConnectivity | vwanConnectivity.bicep | parAzureFirewallName | parAzFirewallName |
| vwanConnectivity | vwanConnectivity.bicep | parAzureFirewallAvailabilityZones | parAzFirewallAvailabilityZones |
| vwanConnectivity | vwanConnectivity.bicep | parVPNGwScaleUnit | parVpnGatewayScaleUnit |
| vwanConnectivity | vwanConnectivity.bicep | parERGwScaleUnit | parExpressRouteGatewayScaleUnit |
| orchestration | hubPeeredSpoke/hubPeeredSpoke.bicep | parDnsServerIpArray | parDnsServerIps |
| orchestration | hubPeeredSpoke/hubPeeredSpoke.bicep | parBgpRoutePropagation | parDisableBgpRoutePropagation |
| orchestration | hubPeeredSpoke/hubPeeredSpoke.bicep | parSpoketoHubRouteTableName | parSpokeToHubRouteTableName |
Changed Outputs
The following module output names have changed:
Please use the scroll bar at the bottom of the table
| Module | File Name | Old Output Name | New Output Name |
|---|---|---|---|
| hubNetworking | hubNetworking.bicep | outAzureFirewallPrivateIP | outAzFirewallPrivateIp |
| hubNetworking | hubNetworking.bicep | outAzureFirewallName | outAzFirewallName |
| hubNetworking | hubNetworking.bicep | outDdosPlanResourceID | outDdosPlanResourceId |
| hubNetworking | hubNetworking.bicep | outHubVirtualNetworkID | outHubVirtualNetworkId |
| managementGroups | managementGroups.bicep | outTopLevelMGId | outTopLevelManagementGroupId |
| managementGroups | managementGroups.bicep | outPlatformMGId | outPlatformManagementGroupId |
| managementGroups | managementGroups.bicep | outPlatformManagementMGId | outPlatformManagementManagementGroupId |
| managementGroups | managementGroups.bicep | outPlatformConnectivityMGId | outPlatformConnectivityManagementGroupId |
| managementGroups | managementGroups.bicep | outPlatformIdentityMGId | outPlatformIdentityManagementGroupId |
| managementGroups | managementGroups.bicep | outLandingZonesMGId | outLandingZonesManagementGroupId |
| managementGroups | managementGroups.bicep | outLandingZonesCorpMGId | outLandingZonesCorpManagementGroupId |
| managementGroups | managementGroups.bicep | outLandingZonesOnlineMGId | outLandingZonesOnlineManagementGroupId |
| managementGroups | managementGroups.bicep | outSandboxMGId | outSandboxManagementGroupId |
| managementGroups | managementGroups.bicep | outDecommissionedMGId | outDecommissionedManagementGroupId |
| managementGroups | managementGroups.bicep | outTopLevelMGName | outTopLevelManagementGroupName |
| managementGroups | managementGroups.bicep | outPlatformMGName | outPlatformManagementGroupName |
| managementGroups | managementGroups.bicep | outPlatformManagementMGName | outPlatformManagementManagementGroupName |
| managementGroups | managementGroups.bicep | outPlatformConnectivityMGName | outPlatformConnectivityManagementGroupName |
| managementGroups | managementGroups.bicep | outPlatformIdentityMGName | outPlatformIdentityManagementGroupName |
| managementGroups | managementGroups.bicep | outLandingZonesMGName | outLandingZonesManagementGroupName |
| managementGroups | managementGroups.bicep | outLandingZonesCorpMGName | outLandingZonesCorpManagementGroupName |
| managementGroups | managementGroups.bicep | outLandingZonesOnlineMGName | outLandingZonesOnlineManagementGroupName |
| managementGroups | managementGroups.bicep | outSandboxMGName | outSandboxManagementGroupName |
| managementGroups | managementGroups.bicep | outDecommissionedMGName | outDecommissionedManagementGroupName |
| publicIp | publicIp.bicep | outPublicIPID | outPublicIpId |
| vwanConnectivity | vwanConnectivity.bicep | outVirtualWANName | outVirtualWanName |
| vwanConnectivity | vwanConnectivity.bicep | outVirtualWANID | outVirtualWanId |
| vwanConnectivity | vwanConnectivity.bicep | outVirtualHubID | outVirtualHubId |
| vwanConnectivity | vwanConnectivity.bicep | outDdosPlanResourceID | outDdosPlanResourceId |
| orchestration | hubPeeredSpoke/hubPeeredSpoke.bicep | outSpokeVirtualNetworkid | outSpokeVirtualNetworkId |
Updating to this Release
- Pull in the latest from the
ALZ-Biceprepo main branch or release/tagv.0.9.0into your fork/clone/repo - Update module parameter files
- Update parameter names in existing parameters files
- Or adopt the new...all.jsonor...min.jsonparameter files and update with your desired values - Update any existing pipelines to correctly point to renamed Bicep and/or parameter files
- You can review the wiki pages on ALZ GitHub Actions and ALZ Azure DevOps Pipelines for examples
- Update pipelines to account for changes to module output names
What's Changed
- Bicep parameter, variable, resource, module, and output naming hygiene and consistency across modules
- File naming hygiene and consistency across modules
- Each module has had parameter files moved into a
parameterssub-folder' - Introduction of
min.jsonparameter files which include the minimum common sense set of parameters needed to deploy a module. - Parameter files are now named according to the convention:
<module>.<parameterSet>.parameters.<min|all>.json
New PRs For This Release
- Add policy expansion guidance to wiki by @jtracey93 in #243
- Update Wiki Docs with Orchestration Modules Section & Add
hubPeeredSpoketo Networking Docs by @jtracey93 in #251 - Module Bicep template and parameter file hygiene by @rjygraham in #227
Full Changelog: v0.8.1...v0.9.0