Highlights
📯 CMK and networking improvements across all modules: Customer-Managed Keys
have been refined across all modules currently supporting them, aiming for this feature to have a consistent interface (input parameters) across the library. Also, networking
capabilities such as private endpoints, private DNS zone integration and public network access have been improved across modules implementing them. For instance, public network access is now disabled by default on the deployed resources when private endpoints are set, unless differently specified.
📯 Simplified token handling & repository configuration: The token replacement feature has been refined by providing a centralized place where to store variables, for both GitHub and Azure DevOps orchestrations, simplifying the CI environment initial setup. The deployment Service Principal object ID, previously required to be set as a secret, is now automatically retrieved by the pipelines, reducing the list of secrets/variables to configure for the validation pipelines to run.
📯 Improved module documentation: Each module ReadMe now lists all local cross-referenced modules
leveraged by their implementation. Deployment examples
are also improved by listing required parameters first, followed by the rest, each in alphabetical order. In addition, a Module overview page has been added to the Wiki, outlining supported features for each module such as Private endpoints, Diagnostic Settings and RBAC.
Modules
- New modules:
- Redis Cache
- Web PubSub
- PowerBIDedicated Capacities
- Synapse Workspaces
- Private Link Services
- Azure Database for PostgreSQL Flexible Servers
- Aligned the CMK implementation across current modules
- Aligned public network access implementation across modules to get automatically disabled if private endpoints are set
- Updated & aligned role assignment implementation across modules
- Added private endpoint support for Batch accounts, DataFactory, Recovery Services Vaults
- Improved default security values for AKS, Log Analytics, Sql Servers
- Updated API version for several modules under ContainerInstance, ContainerService, NetApp, Network, Sql, Storage resource providers
- Removed autogenerated unique name feature from all modules
- Introduced linter-ignore statements for false-positives
CI environment
- [MAJOR/BREAKING] Renamed
arm
folder tomodules
- [MAJOR/BREAKING] Renamed
.parameters
folder to.test
- Token Mechanism Uplift (support tokens as GitHub Secret + Migrate Settings.Json to Settings YAML)
- Autofetch ServicePrincipal Object ID
- Static validation improvements:
- Added integration with private DNS zones to all module tests deploying private endpoints
- Added test case for parameter description
- Moved global Pester tests to utilities
- Extended and improved dependencies pipeline:
- Added private DNS zones dependencies
- Added new dependencies for Private Link Services module
- Use deployment scripts for the
Store VHD to blob container
option
- Added subscription context for supporting MG scope service connections
- Enabled CI environment to handle DeploymentTest (Bicep) files for upcoming self-contained dependencies approach
- Further alignment between ADO pipelines and GH workflows
Wiki
- Added new section
Module overview
outlining all module features for the whole library - Added new section
Fetch latest CARML updates for internalized libraries
- Improved
Solution creation
section with decision support for publishing target locations and updated template-orchestrated solution examples - Updated
Contribution guide
to reference latest project board approach - Improved
Known Issues
section
Utilities
- Improved Module readme generator (
Set-ModuleReadMe
):- Added new section
Cross-referenced modules
- Improved
Deployment examples
section: - Each example lists all the required parameters first, followed by the rest - each in alphabetical order
- Moved Bicep example in front of JSON
- Added quotation for empty allowed values
- Added new section
- Added utility to bulk-run pipelines for a given branch
- Updated DevOps Pipeline Registration
- Added ManagementGroup-Deployment removal script
Fixes
- Fixed several Linter warnings for Natural language
- Extended vscode settings with json specific to align file formatting
- Fixed resource removal stage attempting to remove dependency resources
- Improved CI environment compatibility with Linux & improved robustness
- Fixed failing dependencies pipeline on VHD creation
- Updated private endpoint and user assigned identity readme parameter usage templates
All merged PRs
- [Modules] Added instrumentationKey output variable by @itpropro in #1592
- [Modules] Fix roleAssignments naming and missing rename by @MariusStorhaug in #1596
- [Fixes] ServiceFabric/Clusters - Added correct CI trigger for ADO by @MariusStorhaug in #1601
- [Fixes] Fix format and whitespace by @MariusStorhaug in #1600
- [Utilities] Added utility to bulk-run pipelines for a given branch by @MrMCake in #1609
- [Modules] MongoDB: Removed throughput if database is deployed serverless #1571 by @MrMCake in #1594
- [Modules] Overhauled Disk-Encryption Key handling by @MrMCake in #1591
- [CI Environment] [MAJOR/BREAKING] Renamed
arm
tomodules
by @MariusStorhaug in #1599 - [Fixes] Fix incorrect function reference for GitHub action by @MrMCake in #1615
- [Fixes] Corrected the @mention of teams + cleanup of owners by @MariusStorhaug in #1603
- [Wiki] Fixing several links and casings by @MrMCake in #1613
- [Wiki] Reset some of the feedback from Wiki walkthrough by @MariusStorhaug in #1617
- [Modules] Minimum TLS version for SQL server by @ArielRam99 in #1618
- [Modules] AKS: Updated secure defaults by @MrMCake in #1593
- [Misc] Add automatic assignment to Pull-Requests by @MariusStorhaug in #1619
- [Modules] Recovery Services Vaults: Add private endpoint support with updated parameters file. by @kavishshivhare in #1623
- [CI Environment] MAJOR/BREAKING: Rename
.parameters
folder by @MrMCake in #1612 - [Fixes] Fixed incorrect param file ref by @MrMCake in #1626
- [CI environment] Align ADO pipeline trigger paths by @eriqua in #1634
- [Modules] DataFactory: Added private endpoints & customer-managed-key implementation by @MrMCake in #1585
- [Utilities] Updated DevOps Registration by @MrMCake in #1611
- [Modules] Aligned privateEndpoints description metadata across modules by @eriqua in #1636
- [Utilities] Added ManagementGroup-Deployment removal script by @MrMCake in #1622
- [Modules] Aligned the CMK implementation across current modules by @MrMCake in #1589
- [Fixes] Fixed DiskEncryption Dependency Parameters by @MrMCake in #1637
- [Modules] MachineLearningWorkspace: Updated Customer-Managed-Key implementation by @MrMCake in #1584
- [Modules] Service bus private networking ACL by @ChrisSidebotham in #1453
- [Modules] Added CosmosDB Gremlin API & updated mongodb to current version by @MrMCake in #1638
- [Fixes] ServiceBus regenerate readme by @eriqua in #1646
- [Fixes] Role Assignment output by @eriqua in #1649
- [Modules] Batch accounts: Add private endpoint support with updated parameters file. by @ishita-malik1 in #1654
- [Modules] LogAnalytics: Setting secure value & add linked storage accounts child module by @MrMCake in #1588
- [Modules] Policy assignment updated nonCompliance messages by @ahmadabdalla in #1644
- [Modules] Servicebus: Added Customer-Managed-Key & additional resource type handling for removal by @MrMCake in #1586
- [Wiki] Fix incorrect statement about Bicep not being GA by @eriqua in #1657
- [Modules] Redis cache module by @MrMCake in #1635
- [Modules] Leave out not supported throughput field in Cosmos by @itpropro in #1658
- [Modules] Align public network access implementation across modules by @eriqua in #1661
- [Modules] Recovery Services Vault: Updated API and added new feature properties by @prasanjeets in #1572
- [Modules] Added Web PubSub module by @MrMCake in #1621
- [CI environment] Static validation: move global Pester tests to utilities by @eriqua in #1647
- [Fixes] Replaced non ASCII characters by @MrMCake in #1667
- [Fixes] SQL - Changed login away from secret as user name is not defined as secure() by @MrMCake in #1668
- [Modules] Adding private DNS zones dependencies by @eriqua in #1670
- [Modules] Updated
DeploymentExamples
title & moved Bicep in front of JSON by @MrMCake in #1632 - [Modules] Update private endpoint to optionally deploy only one private DNS zone group by @eriqua in #1673
- [Fixes] VM - Update NIC IP Address handover by @chris5287 in #1677
- [Utilities] Added quotation for empty allowed values & added sorting by @MrMCake in #1683
- [Modules] Configure privateDnsZoneGroups on app config by @eriqua in #1689
- [Modules] Configure privateDnsZoneGroups on storage account by @eriqua in #1690
- [Fixes] Linter fixes by @eriqua in #1679
- [Modules] NIC: Updated subnetID to subnetResourceId for consistency by @MrMCake in #1684
- [Modules] Configure privateDnsZoneGroups on automation account by @eriqua in #1693
- [Fixes] Update platform workflow title and filename by @eriqua in #1697
- [CI Environment] Removed temporal no-restore flag following the CLI fix by @MrMCake in #1686
- [Modules] Configure privateDnsZoneGroups on Web PubSub Service by @eriqua in #1696
- [Wiki] Update contribution guide to reference latest board approach by @MrMCake in #1685
- [Wiki] Decision support for publishing target locations by @MrMCake in #1681
- [Modules] Configure privateDnsZoneGroups on servicebus and networking restructuring by @eriqua in #1700
- [Modules] WebApp: Set serverfarm resource ID as required & minor formatting update for serverfarm module by @MrMCake in #1682
- [Modules] ApplicationGateway: Updated descriptions of security relevant parameters by @MrMCake in #1699
- [Modules] Add Synapse Workspace module by @renepajta in #928
- [CI Environment] Diverse updates to deployments & removal by @MrMCake in #1678
- [CI Environment] Added test case for parameter description by @MrMCake in #1687
- [CI Environment] Refactored pipelines by @MrMCake in #1694
- [Wiki] Updated template-orchestrated solution examples by @MrMCake in #1706
- [Utilities] Created utility to get an outline of all module features by @MrMCake in #1641
- [Fixes] Update ReadMe Module Tables Workflow by @eriqua in #1713
- [Modules] Fixed several metadata & API issues by @MrMCake in #1707
- [Modules] Configure privateDnsZoneGroups on eventhub namespace by @eriqua in #1702
- [Fixes] Further fixes for static validation failures by @eriqua in #1714
- [Fixes] Added .DS_Store to .gitignore by @segraef in #1719
- [Modules] Updated Network Interface module API Version by @ahmadabdalla in #1722
- [Wiki] Fetch latest CARML updates for internalized libraries by @elanzel in #1587
- [Fixes] VNet Replace json('null') -> null by @JulienFloris in #1723
- [Fixes] Dependencies pipeline VM by @eriqua in #1725
- [Fixes] Update VM domainJoin parameter usage by @jriekse5555 in #1711
- [Fixes] Fixed param example for ContainerGroup by @JulienFloris in #1731
- [Modules] Update Microsoft.Storage modules API version by @eriqua in #1734
- [CI Environment] Several pipeline fixes, updated naming & minor improvements by @MrMCake in #1724
- [Fixes] ADO pipeline typo fix by @MrMCake in #1738
- [Utilities] Small update to management group deployments removal script to better handle small number of deployments by @MrMCake in #1733
- [Modules] Microsoft.Network API version update by @eriqua in #1730
- [Fixes] Restored CARML Settings by @ahmadabdalla in #1739
- [Modules] Update the Application Gateway test parameter files to support mandatory properties after an API version update by @ahmadabdalla in #1743
- [Modules] Uplifted ADF module to support managed Private endpoints by @ahmadabdalla in #1721
- [Fixes] Fixing ADO removal for role assignments by @krbar in #1746
- [Fixes] Ensure $profile is always available by @MrMCake in #1747
- [Modules] Adding more log types to AKS by @rahalan in #1749
- [CI environment] Template orchestration for dependencies pipeline - Store VHD to blob container by @eriqua in #1726
- [Modules] Update App config tests by @eriqua in #1758
- [Modules] Remove autogenerated unique name from KV by @eriqua in #1757
- [CI Environment] Autofetch ServicePrincipal Object ID by @MrMCake in #1752
- [Fixes] Extend vscode settings with json specific by @eriqua in #1759
- [Wiki] Home page updates to documentation by @Dost2010 in #1640
- [Modules] VM: Added proximityPlacementGroup test + changed param format by @MrMCake in #1760
- [Utilities] Updated Dependency fetch script & added references to the module docs by @MrMCake in #1680
- [Fixes] Removed duplicated line by @ahmadabdalla in #1767
- [Fixes] Updated helper to reference the new script for cross reference by @ahmadabdalla in #1768
- [Modules] Adds zoneRedundant property to serverfarms module by @DanielLarsenNZ in #1771
- [Fixes] Fixed subscription ID reference in dependency construct by @MrMCake in #1776
- [Modules] Updated & aligned role assignment implementation by @MrMCake in #1765
- [Fixes] VMSS enabledAcceleratedNetworking fix by @lsnoddy in #1777
- [CI environment] Added subscription context for supporting MG scope service connections by @ChrisSidebotham in #1775
- [CI Environment] Token Mechanism Uplift (support tokens as GitHub Secret + Migrate Settings.Json to Settings YAML) by @ahmadabdalla in #1516
- [Fixes] Resource removal stage attempts to remove dependency resources by @ahmadabdalla in #1780
- [Fixes] Improved compatibility with Linux & improved robustness by @MrMCake in #1783
- [Fixes] Small working fixes and updates to quotation by @MrMCake in #1785
- [Modules]: Azure Database for PostgreSQL Flexible Servers Module by @ahmadabdalla in #1779
- [CI Environment] Align
Join-Path
usage + minor formatting updates by @MrMCake in #1761 - [Modules]: Bug fix for Automation account using uniqueString() instead of newGuid() for the job schedule name by @ahmadabdalla in #1794
- [Modules] Azure Firewall change name of first IP config by @rahalan in #1748
- [Modules] Update automationAccounts API Version & Include
disableLocalAuth
by @ChrisSidebotham in #1790 - [Modules] Fixed Bug Bastion Host remove additional PIP by @elbatane in #1778
- [Modules] Adds defaultHostname output to Microsoft.Web/sites and Microsoft.Web/staticSites modules by @DanielLarsenNZ in #1789
- [Modules] logic apps default values#784 by @prasanjeets in #1774
- [Modules] Adding Standard SKU Options to bastionHosts by @ChrisSidebotham in #1801
- [Modules] Private Link Services: Add module. by @kavishshivhare in #1763
- [CI environment] Added new dependencies and updated pls resources references by @ahmadabdalla in #1804
- [Fixes] Corrected Private Endpoint Parameter Usage documentation by @ahmadabdalla in #1805
- [Modules] Default value for IpConfiguration name by @milescattini in #1806
- [CI Environment] Enabled CI environment to handle DeploymentTest (bicep) files for new self-contained dependency approach by @MrMCake in #1624
- [CI Environment] Several general improvements by @MrMCake in #1808
- [Modules] Removed name generation from diverse modules by @MrMCake in #1766
- [Modules] Updated network watcher resource group by @prasanjeets in #1843
- [Modules] Introduced several linter-ignore statements for false-positives by @MrMCake in #1770
- [Fixes] CognitiveServices: Updated MSI ref & docs by @MrMCake in #1846
- [Modules] SQL server API version update by @eriqua in #1855
- [Fixes] Regenerating Synapse Workspaces module readme by @eriqua in #1854
- [Fixes] Updated KeyVault min test name to resolve conflict by @MrMCake in #1857
- [Modules] Upgraded AKS API version to latest non-review by @MrMCake in #1845
- [Fixes] Fixed Logic App Readme by @MrMCake in #1859
- [Modules] Updated ACR name to bypass 'stuck' Azure resource by @MrMCake in #1863
- [Modules] Updated container instance API version by @MrMCake in #1852
- [Modules] SQLMI API version update by @eriqua in #1861
- [Modules] Update ContainerService/managedClusters add enableRBAC parameter for multiple authentication options by @JPEasier in #1866
- [Modules] SQLMI Added min param by @eriqua in #1892
- [Modules] Configure privateDnsZoneGroups on sqlServer by @eriqua in #1900
- [Modules] Configure privateDnsZoneGroups on RSV by @eriqua in #1894
- [CI Environment] Updated 'fetchDepth' for Checkout issue in git 2.3.3 by @ChrisSidebotham in #1903
- [Modules] Clean up not used baseTime parameter by @eriqua in #1967
- [Modules] Configure privateDnsZoneGroups on privateLinkScopes by @eriqua in #1970
- [Modules] Configure privateDnsZoneGroups on ML by @eriqua in #1968
- [Modules] Configure privateDnsZoneGroups on Synapse privateLinkHubs by @eriqua in #1973
- [Modules] Configure privateDnsZoneGroups on redisCache by @eriqua in #1927
- [Modules] Microsoft.PowerBIDedicated/capacities module by @ChrisSidebotham in #1978
- [Fixes] Updated PowerBIDedicated workflow name in env vars by @ChrisSidebotham in #1984
- [Modules] Configure privateDnsZoneGroups on batchAccount by @eriqua in #1981
- [Utilities] Reduced the
Set-ModuleReadMe
script's dependency on the CARML folder structure + smaller logical improvments by @MrMCake in #1989 - [Modules] Configure privateDnsZoneGroups on cognitiveservices by @eriqua in #1985
- [Modules] Configure privateDnsZoneGroups on web staticSites by @eriqua in #2007
- [Modules] Configure privateDnsZoneGroups on web sites by @eriqua in #2005
- [Modules] Configure privateDnsZoneGroups on eventgrid by @eriqua in #2003
- [Modules] Configure privateDnsZoneGroups on ACR by @eriqua in #1999
- [Modules] Fixed ADF IntegrationRuntime Bug from Required to Optional and changed to Array instead of Object by @ahmadabdalla in #1988
- [Fixes] Update private endpoint and user assigned identity readme parameter usage templates by @eriqua in #2017
- [Fixes] Fixed incorrect Set-ReadMe pipeline template by @MrMCake in #2018
- [Fixes] Fix failing PowerBIDedicated Capacities workflow by @eriqua in #2021
- [Fixes] Fix failing dependencies pipeline on VHD creation by @MrMCake in #2027
- [Wiki] Document known issue with DES redeployment in dependencies pipeline by @eriqua in #2028
- [Wiki] Added Synapse Workspace to Known Issues by @MrMCake in #2033
- [Modules] Update NetApp API version by @eriqua in #2030
- [Wiki] Add
Limited job execution time
section toKnown Issues
by @eriqua in #2035
New Contributors
- @kavishshivhare made their first contribution in #1623
- @ChrisSidebotham made their first contribution in #1453
- @ishita-malik1 made their first contribution in #1654
- @chris5287 made their first contribution in #1677
- @JulienFloris made their first contribution in #1723
- @jriekse5555 made their first contribution in #1711
- @krbar made their first contribution in #1746
- @Dost2010 made their first contribution in #1640
- @DanielLarsenNZ made their first contribution in #1771
- @milescattini made their first contribution in #1806
Full Changelog: v0.6.0...v0.7.0