Merge pull request #223459 from mumian/0109-bicepconfig-profiles

add currentProfile to the bicepConfig

Author: jborsecnik

articles/azure-resource-manager/bicep/bicep-cli.md

@@ -2,7 +2,7 @@
 title: Bicep CLI commands and overview
 description: Describes the commands that you can use in the Bicep CLI. These commands include building Azure Resource Manager templates from Bicep.
 ms.topic: conceptual
-ms.date: 09/14/2022
+ms.date: 01/10/2023
 ---
 
 # Bicep CLI commands
@@ -130,7 +130,7 @@ The command returns an array of available versions.
 
 ## publish
 
-The `publish` command adds a module to a registry. The Azure container registry must exist and the account publishing to the registry must have the correct permissions. For more information about setting up a module registry, see [Use private registry for Bicep modules](private-module-registry.md).
+The `publish` command adds a module to a registry. The Azure container registry must exist and the account publishing to the registry must have the correct permissions. For more information about setting up a module registry, see [Use private registry for Bicep modules](private-module-registry.md). To publish a module, the account must have the correct profile and permissions to access the registry. You can configure the profile and credential precedence for authenticating to the registry in the [Bicep config file](./bicep-config-modules.md#configure-profiles-and-credentials).
 
 After publishing the file to the registry, you can [reference it in a module](modules.md#file-in-registry).
 
@@ -157,7 +157,7 @@ The `publish` command doesn't recognize aliases that you've defined in a [bicepc
 
 When your Bicep file uses modules that are published to a registry, the `restore` command gets copies of all the required modules from the registry. It stores those copies in a local cache. A Bicep file can only be built when the external files are available in the local cache. Typically, you don't need to run `restore` because it's called automatically by `build`.
 
-To restore external modules to the local cache, the account must have the correct permissions to access the registry. You can configure the credential precedence for authenticating to the registry in the [Bicep config file](./bicep-config-modules.md#credentials-for-publishingrestoring-modules).
+To restore external modules to the local cache, the account must have the correct profile and permissions to access the registry. You can configure the profile and credential precedence for authenticating to the registry in the [Bicep config file](./bicep-config-modules.md#configure-profiles-and-credentials).
 
 To use the restore command, you must have Bicep CLI version **0.4.1008 or later**. This command is currently only available when calling the Bicep CLI directly. It's not currently available through the Azure CLI command.
 

articles/azure-resource-manager/bicep/bicep-config-modules.md

@@ -2,14 +2,14 @@
 title: Module setting for Bicep config
 description: Describes how to customize configuration values for modules in Bicep deployments.
 ms.topic: conceptual
-ms.date: 04/08/2022
+ms.date: 01/11/2023
 ---
 
 # Add module settings in the Bicep config file
 
-In a **bicepconfig.json** file, you can create aliases for module paths and configure credential precedence for restoring a module.
+In a **bicepconfig.json** file, you can create aliases for module paths and configure profile and credential precedence for publishing and restoring modules.
 
-This article describes the settings that are available for working with [modules](modules.md).
+This article describes the settings that are available for working with [Bicep modules](modules.md).
 
 ## Aliases for modules
 
@@ -120,9 +120,54 @@ You can override the public module registry alias definition in the bicepconfig.
 }
 ```
 
-## Credentials for publishing/restoring modules
+## Configure profiles and credentials
 
-To [publish](bicep-cli.md#publish) modules to a private module registry or to [restore](bicep-cli.md#restore) external modules to the local cache, the account must have the correct permissions to access the registry. You can configure the credential precedence for authenticating to the registry. By default, Bicep uses the credentials from the user authenticated in Azure CLI or Azure PowerShell. To customize the credential precedence, see [Add credential precedence to Bicep config](bicep-config.md#credential-precedence).
+To [publish](bicep-cli.md#publish) modules to a private module registry or to [restore](bicep-cli.md#restore) external modules to the local cache, the account must have the correct permissions to access the registry. You can configure the profile and the credential precedence for authenticating to the registry. By default, Bicep uses the `AzureCloud` profile and the credentials from the user authenticated in Azure CLI or Azure PowerShell. You can customize `currentProfile` and `credentialPrecedence` in the config file.
+
+```json
+{
+  "cloud": {
+    "currentProfile": "AzureCloud",
+    "profiles": {
+      "AzureCloud": {
+        "resourceManagerEndpoint": "https://management.azure.com",
+        "activeDirectoryAuthority": "https://login.microsoftonline.com"
+      },
+      "AzureChinaCloud": {
+        "resourceManagerEndpoint": "https://management.chinacloudapi.cn",
+        "activeDirectoryAuthority": "https://login.chinacloudapi.cn"
+      },
+      "AzureUSGovernment": {
+        "resourceManagerEndpoint": "https://management.usgovcloudapi.net",
+        "activeDirectoryAuthority": "https://login.microsoftonline.us"
+      }
+    },
+    "credentialPrecedence": [
+      "AzureCLI",
+      "AzurePowerShell"
+    ]
+  }
+}
+```
+
+The available profiles are:
+
+- AzureCloud
+- AzureChinaCloud
+- AzureUSGovernment
+
+You can customize these profiles, or add new profiles for your on-premises environments.
+
+The available credential types are:
+
+- AzureCLI
+- AzurePowerShell
+- Environment
+- ManagedIdentity
+- VisualStudio
+- VisualStudioCode
+
+[!INCLUDE [vscode authentication](../../../includes/resource-manager-vscode-authentication.md)]
 
 ## Next steps
 

articles/azure-resource-manager/bicep/bicep-config.md

@@ -2,7 +2,7 @@
 title: Bicep config file
 description: Describes the configuration file for your Bicep deployments
 ms.topic: conceptual
-ms.date: 12/06/2022
+ms.date: 01/09/2023
 ---
 
 # Configure your Bicep environment
@@ -17,38 +17,10 @@ To create a `bicepconfig.json` file in Visual Studio Code, open the Command Pale
 
 ## Available settings
 
-When working with [modules](modules.md), you can add aliases for module paths. These aliases simplify your Bicep file because you don't have to repeat complicated paths. For more information, see [Add module settings to Bicep config](bicep-config-modules.md).
+When working with [modules](modules.md), you can add aliases for module paths. These aliases simplify your Bicep file because you don't have to repeat complicated paths. You can also configure cloud profile and  credential precedence for authenticating to Azure from Bicep CLI and Visual Studio Code. The credentials are used to publish modules to registries and to restore external modules to the local cache when using the insert resource function.For more information, see [Add module settings to Bicep config](bicep-config-modules.md).
 
 The [Bicep linter](linter.md) checks Bicep files for syntax errors and best practice violations. You can override the default settings for the Bicep file validation by modifying `bicepconfig.json`. For more information, see [Add linter settings to Bicep config](bicep-config-linter.md).
 
-You can also configure the credential precedence for authenticating to Azure from Bicep CLI and Visual Studio Code. The credentials are used to publish modules to registries and to restore external modules to the local cache when using the insert resource function.
-
-## Credential precedence
-
-You can configure the credential precedence for authenticating to the registry. By default, Bicep uses the credentials from the user authenticated in Azure CLI or Azure PowerShell. To customize the credential precedence, add `cloud` and `credentialPrecedence` elements to the config file.
-
-```json
-{
-  "cloud": {
-    "credentialPrecedence": [
-      "AzureCLI",
-      "AzurePowerShell"
-    ]
-  }
-}
-```
-
-The available credential types are:
-
-- AzureCLI
-- AzurePowerShell
-- Environment
-- ManagedIdentity
-- VisualStudio
-- VisualStudioCode
-
-[!INCLUDE [vscode authentication](../../../includes/resource-manager-vscode-authentication.md)]
-
 ## Intellisense
 
 The Bicep extension for Visual Studio Code supports intellisense for your `bicepconfig.json` file. Use the intellisense to discover available properties and values.

articles/azure-resource-manager/bicep/private-module-registry.md

@@ -2,7 +2,7 @@
 title: Create private registry for Bicep module
 description: Learn how to set up an Azure container registry for private Bicep modules
 ms.topic: conceptual
-ms.date: 04/01/2022
+ms.date: 01/10/2023
 ---
 
 # Create private registry for Bicep modules
@@ -45,7 +45,7 @@ A Bicep registry is hosted on [Azure Container Registry (ACR)](../../container-r
 
 1. To publish modules to a registry, you must have permission to **push** an image. To deploy a module from a registry, you must have permission to **pull** the image. For more information about the roles that grant adequate access, see [Azure Container Registry roles and permissions](../../container-registry/container-registry-roles.md).
 
-1. Depending on the type of account you use to deploy the module, you may need to customize which credentials are used. These credentials are needed to get the modules from the registry. By default, credentials are obtained from Azure CLI or Azure PowerShell. You can customize the precedence for getting the credentials in the **bicepconfig.json** file. For more information, see [Credentials for restoring modules](bicep-config-modules.md#credentials-for-publishingrestoring-modules).
+1. Depending on the type of account you use to deploy the module, you may need to customize which credentials are used. These credentials are needed to get the modules from the registry. By default, credentials are obtained from Azure CLI or Azure PowerShell. You can customize the precedence for getting the credentials in the **bicepconfig.json** file. For more information, see [Credentials for restoring modules](bicep-config-modules.md#configure-profiles-and-credentials).
 
 > [!IMPORTANT]
 > The private container registry is only available to users with the required access. However, it's accessed through the public internet. For more security, you can require access through a private endpoint. See [Connect privately to an Azure container registry using Azure Private Link](../../container-registry/container-registry-private-link.md).

includes/resource-manager-vscode-authentication.md

@@ -2,9 +2,9 @@
 author: mumian
 ms.service: azure-resource-manager
 ms.topic: include
-ms.date: 12/06/2022
+ms.date: 01/10/2023
 ms.author: jgao
 ---
 
 > [!NOTE]
-> The Bicep deploy command from within vscode uses the [Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account) for authentication. It doesn't use cloud profiles from [bicepconfig.json](../articles/azure-resource-manager/bicep/bicep-config.md#credential-precedence).
+> The Bicep deploy command from within vscode uses the [Azure Account extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account) for authentication. It doesn't use cloud profiles from [bicepconfig.json](../articles/azure-resource-manager/bicep/bicep-config-modules.md#configure-profiles-and-credentials).