fix: module avm/res/network/virtual-network-gateway (Azure#6471)

## Description

Make domainNameLabelScope optional for VNG Public IP DNS settings (plus
API/module reference updates).

Fixes Azure#5733 
Closes Azure#5733


## Pipeline Reference


[![avm.res.network.virtual-network-gateway](https://github.com/fabmas/bicep-registry-modules/actions/workflows/avm.res.network.virtual-network-gateway.yml/badge.svg?branch=vng_5733)](https://github.com/fabmas/bicep-registry-modules/actions/workflows/avm.res.network.virtual-network-gateway.yml)

| Pipeline |
| -------- |


## Type of Change

<!-- Use the checkboxes [x] on the options that are relevant. -->

- Azure Verified Module updates:
- [x] Bugfix containing backwards-compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [x] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [x] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [x] Update to documentation
- [x] Update to CI Environment or utilities (Non-module affecting
changes)

## Checklist

- [x] I'm sure there are no other open Pull Requests for the same
update/change
- [x] I have run `Set-AVMModule` locally to generate the supporting
module files.
- [x] My corresponding pipelines / checks run clean and green without
any errors or warnings
- [x] I have updated the module's CHANGELOG.md file with an entry for
the next version

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>

Author: 2 people

avm/res/network/virtual-network-gateway/CHANGELOG.md

@@ -2,6 +2,18 @@
 
 The latest version of the changelog can be found [here](https://github.com/Azure/bicep-registry-modules/blob/main/avm/res/network/virtual-network-gateway/CHANGELOG.md).
 
+## 0.10.1
+
+### Changes
+
+- Fixed hardcoded Public IP `dnsSettings.domainNameLabelScope` (preview feature) by making it optional/configurable to avoid deployment failures in regions where the feature isn't available.
+- Updated existing `Microsoft.Network/publicIPAddresses` API version to `2025-01-01`.
+- Updated referenced `br/public:avm/res/network/public-ip-address` module version to `0.10.0`.
+
+### Breaking Changes
+
+- None
+
 ## 0.10.0
 
 ### Changes

avm/res/network/virtual-network-gateway/README.md

@@ -27,9 +27,9 @@ For examples, please refer to the [Usage Examples](#usage-examples) section.
 | `Microsoft.Authorization/roleAssignments` | 2022-04-01 | <ul style="padding-left: 0px;"><li>[AzAdvertizer](https://www.azadvertizer.net/azresourcetypes/microsoft.authorization_roleassignments.html)</li><li>[Template reference](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments)</li></ul> |
 | `Microsoft.Insights/diagnosticSettings` | 2021-05-01-preview | <ul style="padding-left: 0px;"><li>[AzAdvertizer](https://www.azadvertizer.net/azresourcetypes/microsoft.insights_diagnosticsettings.html)</li><li>[Template reference](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings)</li></ul> |
 | `Microsoft.Maintenance/configurationAssignments` | 2023-04-01 | <ul style="padding-left: 0px;"><li>[AzAdvertizer](https://www.azadvertizer.net/azresourcetypes/microsoft.maintenance_configurationassignments.html)</li><li>[Template reference](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Maintenance/2023-04-01/configurationAssignments)</li></ul> |
-| `Microsoft.Network/publicIPAddresses` | 2024-05-01 | <ul style="padding-left: 0px;"><li>[AzAdvertizer](https://www.azadvertizer.net/azresourcetypes/microsoft.network_publicipaddresses.html)</li><li>[Template reference](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-05-01/publicIPAddresses)</li></ul> |
-| `Microsoft.Network/virtualNetworkGateways` | 2024-05-01 | <ul style="padding-left: 0px;"><li>[AzAdvertizer](https://www.azadvertizer.net/azresourcetypes/microsoft.network_virtualnetworkgateways.html)</li><li>[Template reference](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-05-01/virtualNetworkGateways)</li></ul> |
-| `Microsoft.Network/virtualNetworkGateways/natRules` | 2024-05-01 | <ul style="padding-left: 0px;"><li>[AzAdvertizer](https://www.azadvertizer.net/azresourcetypes/microsoft.network_virtualnetworkgateways_natrules.html)</li><li>[Template reference](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2024-05-01/virtualNetworkGateways/natRules)</li></ul> |
+| `Microsoft.Network/publicIPAddresses` | 2025-01-01 | <ul style="padding-left: 0px;"><li>[AzAdvertizer](https://www.azadvertizer.net/azresourcetypes/microsoft.network_publicipaddresses.html)</li><li>[Template reference](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2025-01-01/publicIPAddresses)</li></ul> |
+| `Microsoft.Network/virtualNetworkGateways` | 2025-01-01 | <ul style="padding-left: 0px;"><li>[AzAdvertizer](https://www.azadvertizer.net/azresourcetypes/microsoft.network_virtualnetworkgateways.html)</li><li>[Template reference](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2025-01-01/virtualNetworkGateways)</li></ul> |
+| `Microsoft.Network/virtualNetworkGateways/natRules` | 2025-01-01 | <ul style="padding-left: 0px;"><li>[AzAdvertizer](https://www.azadvertizer.net/azresourcetypes/microsoft.network_virtualnetworkgateways_natrules.html)</li><li>[Template reference](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2025-01-01/virtualNetworkGateways/natRules)</li></ul> |
 
 ## Usage examples
 
@@ -1505,6 +1505,7 @@ module virtualNetworkGateway 'br/public:avm/res/network/virtual-network-gateway:
     domainNameLabel: [
       'dm-nvgmax'
     ]
+    domainNameLabelScope: 'TenantReuse'
     enableBgpRouteTranslationForNat: true
     enablePrivateIpAddress: true
     gatewayDefaultSiteLocalNetworkGatewayResourceId: '<gatewayDefaultSiteLocalNetworkGatewayResourceId>'
@@ -1647,6 +1648,9 @@ module virtualNetworkGateway 'br/public:avm/res/network/virtual-network-gateway:
         "dm-nvgmax"
       ]
     },
+    "domainNameLabelScope": {
+      "value": "TenantReuse"
+    },
     "enableBgpRouteTranslationForNat": {
       "value": true
     },
@@ -1795,6 +1799,7 @@ param disableIPSecReplayProtection = true
 param domainNameLabel = [
   'dm-nvgmax'
 ]
+param domainNameLabelScope = 'TenantReuse'
 param enableBgpRouteTranslationForNat = true
 param enablePrivateIpAddress = true
 param gatewayDefaultSiteLocalNetworkGatewayResourceId = '<gatewayDefaultSiteLocalNetworkGatewayResourceId>'
@@ -2494,6 +2499,7 @@ param vpnType = 'RouteBased'
 | [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. |
 | [`disableIPSecReplayProtection`](#parameter-disableipsecreplayprotection) | bool | disableIPSecReplayProtection flag. Used for VPN Gateways. |
 | [`domainNameLabel`](#parameter-domainnamelabel) | array | DNS name(s) of the Public IP resource(s). If you enabled Active-Active mode, you need to provide 2 DNS names, if you want to use this feature. A region specific suffix will be appended to it, e.g.: your-DNS-name.westeurope.cloudapp.azure.com. |
+| [`domainNameLabelScope`](#parameter-domainnamelabelscope) | string | The domain name label scope for the Public IP DNS settings. This property is a preview feature and not available in all regions. If not specified, the property is omitted from the Public IP deployment. |
 | [`enableBgpRouteTranslationForNat`](#parameter-enablebgproutetranslationfornat) | bool | EnableBgpRouteTranslationForNat flag. Can only be used when "natRules" are enabled on the Virtual Network Gateway. |
 | [`enableDnsForwarding`](#parameter-enablednsforwarding) | bool | Whether DNS forwarding is enabled or not and is only supported for Express Route Gateways. The DNS forwarding feature flag must be enabled on the current subscription. |
 | [`enablePrivateIpAddress`](#parameter-enableprivateipaddress) | bool | Whether private IP needs to be enabled on this gateway for connections or not. Used for configuring a Site-to-Site VPN connection over ExpressRoute private peering. |
@@ -3083,6 +3089,22 @@ DNS name(s) of the Public IP resource(s). If you enabled Active-Active mode, you
 - Type: array
 - Default: `[]`
 
+### Parameter: `domainNameLabelScope`
+
+The domain name label scope for the Public IP DNS settings. This property is a preview feature and not available in all regions. If not specified, the property is omitted from the Public IP deployment.
+
+- Required: No
+- Type: string
+- Allowed:
+  ```Bicep
+  [
+    'NoReuse'
+    'ResourceGroupReuse'
+    'SubscriptionReuse'
+    'TenantReuse'
+  ]
+  ```
+
 ### Parameter: `enableBgpRouteTranslationForNat`
 
 EnableBgpRouteTranslationForNat flag. Can only be used when "natRules" are enabled on the Virtual Network Gateway.
@@ -3844,7 +3866,7 @@ This section gives you an overview of all local-referenced module files (i.e., o
 
 | Reference | Type |
 | :-- | :-- |
-| `br/public:avm/res/network/public-ip-address:0.9.0` | Remote reference |
+| `br/public:avm/res/network/public-ip-address:0.10.0` | Remote reference |
 | `br/public:avm/utl/types/avm-common-types:0.5.1` | Remote reference |
 | `br/public:avm/utl/types/avm-common-types:0.6.0` | Remote reference |
 

avm/res/network/virtual-network-gateway/main.bicep

@@ -98,6 +98,9 @@ param publicIpAvailabilityZones int[] = [
 @description('Optional. DNS name(s) of the Public IP resource(s). If you enabled Active-Active mode, you need to provide 2 DNS names, if you want to use this feature. A region specific suffix will be appended to it, e.g.: your-DNS-name.westeurope.cloudapp.azure.com.')
 param domainNameLabel array = []
 
+@description('Optional. The domain name label scope for the Public IP DNS settings. This property is a preview feature and not available in all regions. If not specified, the property is omitted from the Public IP deployment.')
+param domainNameLabelScope ('NoReuse' | 'ResourceGroupReuse' | 'SubscriptionReuse' | 'TenantReuse')?
+
 @description('Required. Specifies the gateway type. E.g. VPN, ExpressRoute.')
 @allowed([
   'Vpn'
@@ -471,23 +474,23 @@ var formattedRoleAssignments = [
   })
 ]
 
-resource primaryPublicIP 'Microsoft.Network/publicIPAddresses@2024-05-01' existing = if (!empty(existingPrimaryPublicIPResourceId)) {
+resource primaryPublicIP 'Microsoft.Network/publicIPAddresses@2025-01-01'existing = if (!empty(existingPrimaryPublicIPResourceId)) {
   name: last(split(existingPrimaryPublicIPResourceId, '/'))
   scope: resourceGroup(
     split(existingPrimaryPublicIPResourceId, '/')[2],
     split(existingPrimaryPublicIPResourceId, '/')[4]
   )
 }
 
-resource secondaryPublicIP 'Microsoft.Network/publicIPAddresses@2024-05-01' existing = if (!empty(clusterSettings.?existingSecondaryPublicIPResourceId)) {
+resource secondaryPublicIP 'Microsoft.Network/publicIPAddresses@2025-01-01' existing = if (!empty(clusterSettings.?existingSecondaryPublicIPResourceId)) {
   name: last(split(clusterSettings.?existingSecondaryPublicIPResourceId, '/'))
   scope: resourceGroup(
     split(clusterSettings.?existingSecondaryPublicIPResourceId, '/')[2],
     split(clusterSettings.?existingSecondaryPublicIPResourceId, '/')[4]
   )
 }
 
-resource tertiaryPublicIP 'Microsoft.Network/publicIPAddresses@2024-05-01' existing = if (!empty(clusterSettings.?existingTertiaryPublicIPResourceId)) {
+resource tertiaryPublicIP 'Microsoft.Network/publicIPAddresses@2025-01-01' existing = if (!empty(clusterSettings.?existingTertiaryPublicIPResourceId)) {
   name: last(split(clusterSettings.?existingTertiaryPublicIPResourceId, '/'))
   scope: resourceGroup(
     split(clusterSettings.?existingTertiaryPublicIPResourceId, '/')[2],
@@ -523,7 +526,7 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableT
 
 // Public IPs
 @batchSize(1)
-module publicIPAddress 'br/public:avm/res/network/public-ip-address:0.9.0' = [
+module publicIPAddress 'br/public:avm/res/network/public-ip-address:0.10.0' = [
   for (virtualGatewayPublicIpName, index) in arrayPipNameVar: {
     name: virtualGatewayPublicIpName
     params: {
@@ -540,7 +543,8 @@ module publicIPAddress 'br/public:avm/res/network/public-ip-address:0.9.0' = [
         domainNameLabel: length(arrayPipNameVar) == length(domainNameLabel)
           ? domainNameLabel[index]
           : virtualGatewayPublicIpName
-        domainNameLabelScope: 'TenantReuse'
+
+        ...(domainNameLabelScope != null ? { domainNameLabelScope: domainNameLabelScope } : {})
       }
       enableTelemetry: enableReferencedModulesTelemetry
     }
@@ -549,7 +553,7 @@ module publicIPAddress 'br/public:avm/res/network/public-ip-address:0.9.0' = [
 
 // VNET Gateway
 // ============
-resource virtualNetworkGateway 'Microsoft.Network/virtualNetworkGateways@2024-05-01' = {
+resource virtualNetworkGateway 'Microsoft.Network/virtualNetworkGateways@2025-01-01' = {
   name: name
   location: location
   tags: tags
@@ -638,6 +642,7 @@ resource virtualNetworkGateway_lock 'Microsoft.Authorization/locks@2020-05-01' =
   scope: virtualNetworkGateway
 }
 
+
 resource virtualNetworkGateway_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = [
   for (diagnosticSetting, index) in (diagnosticSettings ?? []): {
     name: diagnosticSetting.?name ?? '${name}-diagnosticSettings'