From 18892e4082ecaa6a133dea8bbe0f7fa92094b0f1 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 2 Feb 2022 17:05:13 +0100 Subject: [PATCH 1/3] Updated Storage Templates --- infra/main.json | 21 +++++++++++++++------ infra/modules/services/storage.bicep | 21 +++++++++++++-------- 2 files changed, 28 insertions(+), 14 deletions(-) diff --git a/infra/main.json b/infra/main.json index d6eaef7..c6ec2c4 100644 --- a/infra/main.json +++ b/infra/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.4.1124.51302", - "templateHash": "3860597727392112976" + "templateHash": "14775315796837903661" } }, "parameters": { @@ -1939,7 +1939,7 @@ "_generator": { "name": "bicep", "version": "0.4.1124.51302", - "templateHash": "16200407904616843158" + "templateHash": "5045548453734883972" } }, "parameters": { @@ -1992,7 +1992,7 @@ "resources": [ { "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2021-04-01", + "apiVersion": "2021-06-01", "name": "[variables('storageNameCleaned')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -2008,6 +2008,7 @@ "allowBlobPublicAccess": false, "allowCrossTenantReplication": false, "allowSharedKeyAccess": true, + "defaultToOAuthAuthentication": true, "encryption": { "keySource": "Microsoft.Storage", "requireInfrastructureEncryption": false, @@ -2030,6 +2031,9 @@ } } }, + "immutableStorageWithVersioning": { + "enabled": false + }, "isHnsEnabled": false, "isNfsV3Enabled": false, "keyPolicy": { @@ -2048,12 +2052,13 @@ "publishInternetEndpoints": false, "publishMicrosoftEndpoints": false }, + "publicNetworkAccess": "Disabled", "supportsHttpsTrafficOnly": true } }, { "type": "Microsoft.Storage/storageAccounts/managementPolicies", - "apiVersion": "2021-02-01", + "apiVersion": "2021-06-01", "name": "[format('{0}/{1}', variables('storageNameCleaned'), 'default')]", "properties": { "policy": { @@ -2097,7 +2102,7 @@ }, { "type": "Microsoft.Storage/storageAccounts/blobServices", - "apiVersion": "2021-02-01", + "apiVersion": "2021-06-01", "name": "[format('{0}/{1}', variables('storageNameCleaned'), 'default')]", "properties": { "containerDeleteRetentionPolicy": { @@ -2106,6 +2111,10 @@ }, "cors": { "corsRules": [] + }, + "deleteRetentionPolicy": { + "enabled": true, + "days": 7 } }, "dependsOn": [ @@ -2118,7 +2127,7 @@ "count": "[length(parameters('storageContainerNames'))]" }, "type": "Microsoft.Storage/storageAccounts/blobServices/containers", - "apiVersion": "2021-02-01", + "apiVersion": "2021-06-01", "name": "[format('{0}/{1}/{2}', variables('storageNameCleaned'), 'default', parameters('storageContainerNames')[copyIndex()])]", "properties": { "publicAccess": "None", diff --git a/infra/modules/services/storage.bicep b/infra/modules/services/storage.bicep index e3b1c52..fbba28f 100644 --- a/infra/modules/services/storage.bicep +++ b/infra/modules/services/storage.bicep @@ -32,7 +32,7 @@ var storagePrivateEndpointNameBlob = '${storage.name}-blob-private-endpoint' var storagePrivateEndpointNameFile = '${storage.name}-file-private-endpoint' // Resources -resource storage 'Microsoft.Storage/storageAccounts@2021-04-01' = { +resource storage 'Microsoft.Storage/storageAccounts@2021-06-01' = { name: storageNameCleaned location: location tags: tags @@ -48,6 +48,7 @@ resource storage 'Microsoft.Storage/storageAccounts@2021-04-01' = { allowBlobPublicAccess: false allowCrossTenantReplication: false allowSharedKeyAccess: true + defaultToOAuthAuthentication: true encryption: { keySource: 'Microsoft.Storage' requireInfrastructureEncryption: false @@ -70,6 +71,9 @@ resource storage 'Microsoft.Storage/storageAccounts@2021-04-01' = { } } } + immutableStorageWithVersioning: { + enabled: false + } isHnsEnabled: false isNfsV3Enabled: false keyPolicy: { @@ -88,11 +92,12 @@ resource storage 'Microsoft.Storage/storageAccounts@2021-04-01' = { publishInternetEndpoints: false publishMicrosoftEndpoints: false } + publicNetworkAccess: 'Disabled' supportsHttpsTrafficOnly: true } } -resource storageManagementPolicies 'Microsoft.Storage/storageAccounts/managementPolicies@2021-02-01' = { +resource storageManagementPolicies 'Microsoft.Storage/storageAccounts/managementPolicies@2021-06-01' = { parent: storage name: 'default' properties: { @@ -155,7 +160,7 @@ resource storageManagementPolicies 'Microsoft.Storage/storageAccounts/management } } -resource storageBlobServices 'Microsoft.Storage/storageAccounts/blobServices@2021-02-01' = { +resource storageBlobServices 'Microsoft.Storage/storageAccounts/blobServices@2021-06-01' = { parent: storage name: 'default' properties: { @@ -172,10 +177,10 @@ resource storageBlobServices 'Microsoft.Storage/storageAccounts/blobServices@202 // retentionInDays: 7 // } // defaultServiceVersion: '' - // deleteRetentionPolicy: { - // enabled: true - // days: 7 - // } + deleteRetentionPolicy: { + enabled: true + days: 7 + } // isVersioningEnabled: true // lastAccessTimeTrackingPolicy: { // name: 'AccessTimeTracking' @@ -192,7 +197,7 @@ resource storageBlobServices 'Microsoft.Storage/storageAccounts/blobServices@202 } } -resource storageContainers 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-02-01' = [for storageContainerName in storageContainerNames: { +resource storageContainers 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-06-01' = [for storageContainerName in storageContainerNames: { parent: storageBlobServices name: storageContainerName properties: { From d8a5acddd8d4c5c8d5289d2d773efe126d00a186 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Fri, 11 Feb 2022 17:05:47 +0100 Subject: [PATCH 2/3] linting --- .github/linters/.arm-ttk.psd1 | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/linters/.arm-ttk.psd1 b/.github/linters/.arm-ttk.psd1 index c2388e1..4610173 100644 --- a/.github/linters/.arm-ttk.psd1 +++ b/.github/linters/.arm-ttk.psd1 @@ -12,5 +12,6 @@ 'apiVersions Should Be Recent' 'Parameters Must Be Referenced' 'Variables Must Be Referenced' + 'URIs Should Be Properly Constructed' ) } From 2d7d7185cf61b286737aa44012a92ffa6bea1531 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Tue, 15 Feb 2022 12:40:13 +0100 Subject: [PATCH 3/3] updated storage to allow creating CIs --- infra/main.json | 76 ++++++++++++++-------------- infra/modules/services/storage.bicep | 2 +- 2 files changed, 39 insertions(+), 39 deletions(-) diff --git a/infra/main.json b/infra/main.json index d8c5c42..9ec8f66 100644 --- a/infra/main.json +++ b/infra/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.1124.51302", - "templateHash": "17837310350816596367" + "version": "0.4.1272.37030", + "templateHash": "10494039121862566339" } }, "parameters": { @@ -346,8 +346,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.1124.51302", - "templateHash": "13895317050613293148" + "version": "0.4.1272.37030", + "templateHash": "5013879991171743096" } }, "parameters": { @@ -519,8 +519,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.1124.51302", - "templateHash": "1475585971495335452" + "version": "0.4.1272.37030", + "templateHash": "5845828490557564924" } }, "parameters": { @@ -867,7 +867,7 @@ "value": "[parameters('synapseDefaultStorageAccountFileSystemId')]" }, "synapseId": { - "value": "[if(equals(parameters('processingService'), 'synapse'), reference(resourceId('Microsoft.Resources/deployments', 'synapse001'), '2020-10-01').outputs.synapseId.value, '')]" + "value": "[if(equals(parameters('processingService'), 'synapse'), reference(resourceId('Microsoft.Resources/deployments', 'synapse001')).outputs.synapseId.value, '')]" } }, "template": { @@ -876,8 +876,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.1124.51302", - "templateHash": "17584063900477479467" + "version": "0.4.1272.37030", + "templateHash": "4535135918647961980" } }, "parameters": { @@ -937,7 +937,7 @@ "value": "[variables('datafactory001Name')]" }, "keyVault001Id": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'keyVault001'), '2020-10-01').outputs.keyvaultId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'keyVault001')).outputs.keyvaultId.value]" }, "privateDnsZoneIdDataFactory": { "value": "[parameters('privateDnsZoneIdDataFactory')]" @@ -955,7 +955,7 @@ "value": "[parameters('purviewManagedEventHubId')]" }, "machineLearning001Id": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'machineLearning001'), '2020-10-01').outputs.machineLearningId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'machineLearning001')).outputs.machineLearningId.value]" } }, "template": { @@ -964,8 +964,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.1124.51302", - "templateHash": "8903592133998705977" + "version": "0.4.1272.37030", + "templateHash": "4658994371289046641" } }, "parameters": { @@ -1355,8 +1355,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.1124.51302", - "templateHash": "14497077229040500861" + "version": "0.4.1272.37030", + "templateHash": "390418905763272326" } }, "parameters": { @@ -1527,8 +1527,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.1124.51302", - "templateHash": "7020391773370407540" + "version": "0.4.1272.37030", + "templateHash": "10783497108252025858" } }, "parameters": { @@ -1693,8 +1693,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.1124.51302", - "templateHash": "15263814874918461179" + "version": "0.4.1272.37030", + "templateHash": "7685666168919205168" } }, "parameters": { @@ -1774,8 +1774,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.1124.51302", - "templateHash": "9462754811042758050" + "version": "0.4.1272.37030", + "templateHash": "10998052295333890969" } }, "parameters": { @@ -1939,8 +1939,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.1124.51302", - "templateHash": "5045548453734883972" + "version": "0.4.1272.37030", + "templateHash": "4700328157546838775" } }, "parameters": { @@ -2043,7 +2043,7 @@ "largeFileSharesState": "Disabled", "minimumTlsVersion": "TLS1_2", "networkAcls": { - "bypass": "Metrics", + "bypass": "AzureServices", "defaultAction": "Deny", "ipRules": [], "virtualNetworkRules": [] @@ -2266,16 +2266,16 @@ "value": "[variables('machineLearning001Name')]" }, "applicationInsightsId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'applicationInsights001'), '2020-10-01').outputs.applicationInsightsId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'applicationInsights001')).outputs.applicationInsightsId.value]" }, "containerRegistryId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'containerRegistry001'), '2020-10-01').outputs.containerRegistryId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'containerRegistry001')).outputs.containerRegistryId.value]" }, "keyVaultId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'keyVault001'), '2020-10-01').outputs.keyvaultId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'keyVault001')).outputs.keyvaultId.value]" }, "storageAccountId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'storage001'), '2020-10-01').outputs.storageId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'storage001')).outputs.storageId.value]" }, "datalakeFileSystemIds": { "value": "[parameters('datalakeFileSystemIds')]" @@ -2293,10 +2293,10 @@ "value": "[parameters('databricksWorkspaceUrl')]" }, "synapseId": { - "value": "[if(equals(parameters('processingService'), 'synapse'), reference(resourceId('Microsoft.Resources/deployments', 'synapse001'), '2020-10-01').outputs.synapseId.value, '')]" + "value": "[if(equals(parameters('processingService'), 'synapse'), reference(resourceId('Microsoft.Resources/deployments', 'synapse001')).outputs.synapseId.value, '')]" }, "synapseBigDataPoolId": { - "value": "[if(equals(parameters('processingService'), 'synapse'), reference(resourceId('Microsoft.Resources/deployments', 'synapse001'), '2020-10-01').outputs.synapseBigDataPool001Id.value, '')]" + "value": "[if(equals(parameters('processingService'), 'synapse'), reference(resourceId('Microsoft.Resources/deployments', 'synapse001')).outputs.synapseBigDataPool001Id.value, '')]" }, "machineLearningComputeInstance001AdministratorObjectId": { "value": "[parameters('machineLearningComputeInstance001AdministratorObjectId')]" @@ -2320,8 +2320,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.1124.51302", - "templateHash": "14064910724988098449" + "version": "0.4.1272.37030", + "templateHash": "2625581626341947011" } }, "parameters": { @@ -2764,7 +2764,7 @@ "value": "[parameters('externalContainerRegistryId')]" }, "machineLearningId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'machineLearning001'), '2020-10-01').outputs.machineLearningId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'machineLearning001')).outputs.machineLearningId.value]" } }, "template": { @@ -2773,8 +2773,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.1124.51302", - "templateHash": "14462268884464265429" + "version": "0.4.1272.37030", + "templateHash": "6095886941970314891" } }, "parameters": { @@ -2827,7 +2827,7 @@ "mode": "Incremental", "parameters": { "machineLearningId": { - "value": "[reference(resourceId('Microsoft.Resources/deployments', 'machineLearning001'), '2020-10-01').outputs.machineLearningId.value]" + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'machineLearning001')).outputs.machineLearningId.value]" }, "storageAccountFileSystemId": { "value": "[parameters('datalakeFileSystemIds')[copyIndex()]]" @@ -2839,8 +2839,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.1124.51302", - "templateHash": "15329536860223583620" + "version": "0.4.1272.37030", + "templateHash": "9185402326525362659" } }, "parameters": { diff --git a/infra/modules/services/storage.bicep b/infra/modules/services/storage.bicep index fbba28f..3ae2c39 100644 --- a/infra/modules/services/storage.bicep +++ b/infra/modules/services/storage.bicep @@ -82,7 +82,7 @@ resource storage 'Microsoft.Storage/storageAccounts@2021-06-01' = { largeFileSharesState: 'Disabled' minimumTlsVersion: 'TLS1_2' networkAcls: { - bypass: 'Metrics' + bypass: 'AzureServices' defaultAction: 'Deny' ipRules: [] virtualNetworkRules: []