v0.11.1

Highlights

📯Fixed issue with Resource Type resolution in ReadMe script.
📯Fixed issue with pipeline name resolution

---

Modules

• New Modules
  • cache/redis-enterprise
• MySQL Flexible Server: Added support for Azure AD authentication
• DB for Postgre-SQL Flexible Server:
  • Enabled AAD authentication
  • Added 15 as additional allowed version (& default)
• Maintenance Configuration: Added support for inGuest Patch support

CI Environment

• Fixed ADO Publish Job for Bicep Registry ordering for prerelease and feature branch publishing

Fixes

• Implement fixes to correctly identify resource type & pipeline
• Log Analytics Workspace: Fixed Saved Search module typo
• Redis Cache: Updated the API Versions and fixed private endpoint test bug
• Storage Account: Fixed NFSv3 bug that limited idempotency

Tested with version(s)

• Bicep: 0.20.4
• Powershell: 7.3.6
• Az CLI: 2.51.0

New Contributors

• @jdrepo made their first contribution in #3956

All merged PRs

• [Modules] Update allowed version values by @ppotturi in #3951
• [Modules] Enable AAD authentication (#3952) by @AlexanderSehr in #3953
• [CI environment] Fixed ADO Publish Job for Bicep Registry ordering for prerelease and feature branch publishing by @ahmadabdalla in #3957
• [Modules] Support for inGuest Patch support with Azure Update Manager by @jdrepo in #3956
• [Modules] Updated Log Analytics Workspace - Saved Search module typo by @ahmadabdalla in #3979
• [Modules] Updated the Redis Cache Module API Version and bug fixes for the module by @ahmadabdalla in #3981
• [Fixes] Implement fixes to correctly identify resource type & pipeline by @AlexanderSehr in #3980
• [Fixes] Adjusted case-handling for NFSv3 to improve idempotency by @AlexanderSehr in #3983
• [Modules] Added support for Azure AD Authentication for MySQL Flexible Server by @ahmadabdalla in #3982
• [Modules] Added module for Redis Cache Enterprise and Database by @ahmadabdalla in #3984
• [Modules] Added known issues to the Redis Cache Enterprise Module by @ahmadabdalla in #3986
• [AVM] Added disclaimer draft by @AlexanderSehr in #3958
• [Fixes] Readme updates for updated resource type url ref by @eriqua in #3991

New Contributors

• @jdrepo made their first contribution in #3956

Full Changelog: v0.11.0...v0.11.1

v0.11.0

Highlights

📯BREAKING CHANGE: Update to the name with which modules are published
As per the alignment with the Public Bicep Registry described below, the identifier for published modules changes.

❗ Note: To keep the disruption for users of the CI environment at a minimum, we introduced a new setting useApiSpecsAlignedName in the settings.yml. By default, a new naming will be used. To keep on using the previous naming, you must switch this setting to true.

📯BREAKING CHANGE: Public Bicep Registry focused file & folders changes

• Renamed deploy.bicep to main.bicep
• Renamed deploy.test.bicep to main.test.bicep
• Renamed readme.md to README.md
• Renamed all module names to singular & lower case
• Removed the Microsoft. prefix from the provider namespace folders
• Added metadata content to module templates
• Added main.json template
• Updated version.json schema to the Public Bicep Registry standard

📯BREAKING CHANGE: Retired Diagnostic Logs Retention Policy across all modules (ref)

---

Modules

• New modules:
  • compute/ssh-public-key
  • digital-twins/digital-twins-instance
  • insights/webtest
  • network/dns-zone (public DNS Zone)
  • network/express-route-gateway
  • network/front-door-web-application-firewall-policy
  • network/service-endpoint-policies
  • relay/namespace
  • network/dns-forwarding-ruleset
  • resource-graph/query
  • search/search-service
• Several new child modules, including:
  • sql/server/encryption-protector
  • synapse/workspace/integration-runtime
  • web/site/basic-publishing-credentials-policy
  • container-registry/registry/cache-rule
  • managed-identity/user-assigned-identity/federatedIdentity-credential
• API Management: Added additional types graphql & websocket
• Application Gateway: Adjusted sslPolicy based on policy type
• Application Insights: Added Diagnostic Settings
• Azure Container Registry: Updated test case to support Paired region dependencies
• Azure Data Factory:
  • Added support for GitHub Enterprise Server
  • Added gitDisablePublish parameter
• Azure Firewall: Added Basic SKU support
• Azure Front Door: Added missing SKUs
• Azure Kubernetes Cluster:
  • Added ingressProfile support
  • Added support to provide a Private DNS Zone for usage
  • Added support for additional parameters
• Bastion: Added new parameters
• Cosmos DB:
  • Enabled free tier
  • Added additional parameters to SQL API container
  • Added private endpoint support
• Databricks: Enabled Customer-Managed-Keys, Private Endpoints & additional parameters
• Deployment Script
  • Added support for using existing storage account
  • Added environment variables parameter & added support for outputs
• DNS Forwarding RuleSet: Simplified DNS Forwarding Rule Input Parameter
• EventHub: Added additional parameters
• Health Bot: Added support for user-assigned identities
• Storage Account:
  • Added new feature sasPolicy to Storage Account module
  • Added accessTier parameter for file shares
• Redis Cache: Added parameters to specify zone redundancy and availability zones
• NetApp Account: Added support for user-assigned identities
• Synapse Workspace:
  • Added workspaceRepositoryConfiguration property
  • Updated CMK interface
• SQL Server: Expanded test to support dynamic location parameter for Maintenance Configuration
• Virtual Machine:
  • Enabled tags on extensions
  • Added support for custom computer name
  • Simplified LAW reference
• User-Assigned Identity: Added clientId output
• Network Connection: Added support for authorizationKey
• Operational Insights Workspace: Added support for Capacity Reservation

• Azure Virtual Desktop Host Pool: Expanded agentUpdate interface

• Diverse: Updated modules to latest API Version
• Diverse: Streamlined several parameter names (e.g., shortened the name if parts of the name were self-evident)
• Diverse: Enabled null on DiagnosticLogCategoriesToEnable parameter to enable no logs to be collected.
• Diverse: Added new test features (e.g., cidrSubnet() function)
• Diverse: Addressed serveral PSRule findings
• Diverse: Support both location input and subnet location reference in modules using the Private Endpoint module

CI Environment

• Added Deploy to Azure button targeting the now required main.json templates
• Added cross-module reference pipeline triggers, added corresponding Pester test & aligned API Management module
• Introduce custom Pester results section to GitHub workflow runs
• Removed the logic retrieving the deployment SP object ID and replacing it in <> token occurrences. The logic is not needed anymore since tests are now using a dependency msi.
• Removed Az login step from Pester static validation jobs
• Updated SetEnvironment action to avoid setting up runners twice
• Renamed linter pipeline to show it is optional
• Introduced a test that tests that a main.json exists and is aligned with the latest main.bicep
• Replaced default namePrefix to align with latest GitHub syntax requirements
• Updated the module table generation
• Fixed Pester test result output table
• Added logic to retrieve main resource type leveraging API Specs JSON
• Improved robustness of registry publishing logic
• Added Azure context configuration to diverse tasks
• Enabled the usage of both the old published module name, as well as the new PBR-aligned

Fixes

• App Service Environment: Fixed issue where ASE subsequent deployments fail after initial successful one
• Application Gateway:
  • Fixed max length validation of name
  • Fixed globalConfiguration property logic
• Automation Account: Fixed variables value bug
• Cognitive Services: Fix for Customer Managed Keys
• Databricks: Improved test robustness by auto-fetching paired regions
• DNS Resolver: Fixed references of RBAC resource
• Event Grid:
  • Enabled Event Subscriptions for both topics & system topics
  • Fixed incorrect eventSubscription passthrough
• Event Hub:
  • Fixed role assignment naming issues
  • Fixed excess character in nested_roleAssignments.bicep
• ExpressRouteGateway:
  • Updated pipeline name to align with naming convention
  • Fixed RBAC handling, added lock capability & added min test
• Firewall Policy: Removed unsupported system-assigned identity
• Purview: Aligned target location with currently supported set
• Recover Services Vault: Fixed protection-container child reference
• NAT Gateway: Fixed dependsOn condition
• Service Bus Namespace: Fixed bug in test case
• Storage Account: Fixed isNfsV3Enabled parameter handling
• SQL Server:
  • Fixed location param passthrough
  • Updated minCapacity default value for elasticpools
• Synapse Workspace: Update Storage Account input parameter storageAccountName to storageAccountResourceId
• Virtual Machine: Updated cross reference to updated Recovery Services Vault module
• Virtual Network Gateway: Fixed parameter handling for vpnAuthenticationTypes & vpnClientProtocols
• VPN Gateway: Fixed vpnConnections child reference
• Diverse: Fixed diverse link references
• Machine Learning Workspace:
  • Added missing purge to test instance removal
  • Added waiting on Private Endpoints before creating compute instances
• CI: Fixed that a pre-release publishing won't cause actual versions to be published if there has not been any previous release
• CI: Align GH removal conditions with ADO
• CI: Addressed latest name changes in module table generation script
• CI: Fixed module overview table generation
• CI: Updated deployment search to not prematurely throw an exception
• CI: Updated ADO pipeline conditions to make it impossible to publish on canceled job
• CI: Fixed issues when both main.bicep & main.json exist

Utilities

• Updated token handling for readme examples
• Updated Bicep to ARM conversion script
• Added 'required module' to Set-ModuleReadMe.ps1 script
• Aligned with latest file & folder changes
• Added logic to pull module names & descriptions from metadata in template

Wiki

• Added a step by step "how to create a solution"
• Added guidelines to troubleshoot outdated Bicep versions
• Incorporated feedback of contributors
• Updated all wiki sections to latest changes (e.g., naming convention)
• Fix typos

Tested with version(s)

• Bicep: 0.20.4
• Powershell: 7.3.6
• Az CLI: 2.51.0

New Contributors

• @mVermaat made their first contribution in #3046
• @jhueppauff made their first contribution in #3025
• @samuelya made their first contribution in #3128
• @SvenAelterman made their first contribution in #3199
• @Robbertbbb made their first contribution in #3290
• @paggarwalmsft made their first contribution in #3348
• @clarked-msft made their first contribution in #3266
• @jeremytbrun made their first contribution in #3307
• @Ellestad1995 made their first contribution in #3376
• @suspand made their first contribution in #3380
• @algattik made their first contribution in #3420
• @hip9k made their first contribution in #342...

v0.10.0

Highlights

📯6 new modules and several extensions to existing modules with child resources and additional features, bringing the number of covered service modules to 124 and the total of resource type templates to 313
📯Enabled reusable workflows in GitHub module validation pipelines, avoiding code duplication
📯Improved user experience running module validation pipelines, allowing users to control which jobs they want to run
📯Integrated PSRule pre-flight checks with GitHub module validation workflows
📯Automated documentation of Pester tests

Modules

• New modules:
  • Microsoft.Insights/dataCollectionRules
  • Microsoft.Insights/dataCollectionEndpoints
  • Microsoft.Purview/accounts
  • Microsoft.HealthcareApis/workspaces
  • Microsoft.App/containerApps
  • Microsoft.App/managedEnvironments
• Several new child modules, including:
  • Microsoft.OperationalInsights/workspaces/tables
  • Microsoft.OperationalInsights/workspaces/dataExports
  • Microsoft.EventGrid/domains/topics
• Updated API version and extended parameters for several modules including those under Storage, Compute, Network, KeyVault, DesktopVirtualization resource providers
• PSRule - Aligned modules with rule 'Azure.Resource.UseTags'
• Reduce parameter names to necessary baseline
• Removed the parameters of those properties that allow a single value only & updated docs
• Addressed Bicep Update about null-checks
• Update builtInRoleNames for nested RBAC modules
• Add premium option to StorageAccount tier with test
• Included OIDC issuer URL as output to the AKS module
• Compute Gallery Image Definition update
• Added min test to managedClusters
• Enabled RBAC role assignment for disk encryption set key
• Extend managedCluster and K8s extensions with flux config
• Support for configuring backup retention policies for Azure SQL Database
• Key Vault - Added support for key auto-rotation
• Add support for ADF GlobalParameter
• Added Database for MySQL Flexible Server Module
• Added restrictOutboundNetworkAccess to Microsoft.Sql/servers
• Added missing 'enableDefaultTelemetry' param in test files
• Simplify roleAssignment implementation for Resource Group
• Reduced permissions of ML encryption test
• Updated Encryption Set module conditions for Managed Identities
• Updated SKU options and added generation parameter for VNET Gateways
• ManagedClusters - Fix a bug for addonprofiles
• ManagedCluster - Add support for enabling Open Service Mesh
• SQL server databases added support for createMode
• Added test cases to Azure Firewall
• Update diagnostic settings name approach
• Updated SKU for the Managed Environment Test
• Microsoft.Synapse/workspaces - adding 'systemAssignedPrincipalId' as output

CI Environment

• Integrate PSRule action with GH module workflows
• Added controls to enable only Pester and or only deployment tests
• Added automation to update the Static Validation Tests documentation
• GitHub Reusable workflows for module validation pipelines
• Moved test scripts to shared folder & renamed shared templates folder
• Increased Azure DevOps timeout for Microsoft.Web/hostingEnvironments
• Use GITHUB_TOKEN for manage issue platform pipeline
• Remove assign issue to project GitHub workflow

Fixes

• Update Resource Group roleAssignments name (GUID) to use Resource Group resourceID instead of Resource Group name
• Remove JSON function from modules not requiring it
• Disable referenced modules telemetry for a few modules missing the functionality
• Replace 'adp' naming prefix across modules
• Align ADO module pipeline input parameters
• Updated documentation references from docs.microsoft.com - to learn.microsoft.com
• Replace missing occurrences of learn.microsoft.com links and regenerated readmes
• Automation account fix parameter names
• Fix filter for excluded workflows in manage issue pipeline
• Fix target-path reference for Universal Package Publish
• Regenerate readmes after PSRule tags PR
• Diskencryptionsets and Eventgridsubscriptions tags update
• Automation account schedule frequency update
• Updated tags of SignalRService Resource Provider
• Storage Account Local User : Pass on correct parameter
• Fixed a minor utility issue due to a parameter type change
• Small documentation fixes
• Removed child resource that may not be used in the applied context

Utilities

• New condition for adding examples in module readme
• Updated regex to remove top-level dependsOn statements
• Enforce PowerShell version 7.3 where required

Wiki

• Add further details to identity bug of Recovery Services Vault to its documentation
• Removed outdated 'upgrade release' page in favor of our general upgrade guidelines
• Added disclaimer/guidance on which version of the code to leverage
• Added a PowerShell script example to frontload all supported publish locations with all modules

New Contributors

• @lapellaniz made their first contribution in #2398
• @ElYusubov made their first contribution in #2691
• @davidkarlsen made their first contribution in #2893

Tested with version(s)

• Bicep: 0.15.31
• Powershell: 7.3.2
• Az CLI: 2.46.0

All merged PRs

Full Changelog: v0.9.0...v0.10.0

• [Modules] Bump StorageAccount and add params by @MariusStorhaug in #2617
• [Modules] Update KeyVault API Versions by @fblix in #2623
• [Modules] Adding new module for Microsoft.Insights/dataCollectionRules by @krbar in #2614
• [Modules] Adding new module for Microsoft.Insights/dataCollectionEndpoints by @krbar in #2620
• [CI Environment] Added controls to enable only Pester and or only deployment tests by @AlexanderSehr in #2590
• [Fixes] CI environment - Skip static and deployment validation feature by @eriqua in #2627
• [Fixes] CI environment - Skip deployment if static failing by @eriqua in #2628
• [Modules] Updated Disk Encryption Set to latest published API version (2022-07-02) by @ahmadabdalla in #2636
• [Fixes] Update rg roleAssignments name (guid) to use rg resourceID instead of rg name by @eriqua in #2642
• [CI Environment] Added automation to update the Static Validation Tests documentation by @AlexanderSehr in #2591
• [Fixes] Added space workaround by @AlexanderSehr in #2645
• [Modules] Added Microsoft Purview Account module by @tyconsulting in #2646
• [Modules] Add premium option to StorageAccount tier with test by @MariusStorhaug in #2643
• [Fixes] Remove json function from modules not requiring it by @eriqua in #2661
• [Modules] Update PIP API version and modules cross referencing it by @eriqua in #2663
• [Fixes] Disable referenced modules telemetry for a few modules missing the functionality by @eriqua in #2664
• [Fixes] Replace 'adp' naming prefix across modules by @eriqua in #2665
• [Modules] Included OIDC issuer URL as output to the AKS module by @akata72 in #2654
• [Modules] New Module - Add Health Data Services Bicep modules by @lapellaniz in #2398
• [Modules] Compute gallery image definition update by @shawntmeyer in #2674
• [Modules] Regenerated all docs to account for new Bicep update by @AlexanderSehr in #2682
• [Modules] Added min test to managedClusters by @MariusStorhaug in #2680
• [Modules] Updated Virtual Network Gateway Module API Version (2022-07-01) by @ahmadabdalla in #2685
• [Modules] Enabled RBAC role assignment for disk encrpytion set key by @AlexanderSehr in #2684
• [Modules] Reduce parameter names to necessary baseline by @AlexanderSehr in #2686
• [Fixes] Align ADO module pipeline input parameters by @eriqua in #2687
• [Fixes] Updated documentation references from docs.microsoft.com - to learn by @ElYusubov in #2691
• [CI Environment] GH Reusable workflows PoC by @eriqua in #2637
• [Fixes] Replace missing occurrences of docs.microsoft.com links and regenerated readmes by @eriqua in #2697
• [Modules] Extend managedCluster and K8s extensions with flux config by @MariusStorhaug in #2679
• [Fixes] Automation account fix parameter names by @eriqua in #2723
• [Modules] Updated Application Gateway module to the latest API Version (2022-07-01) by @MariusStorhaug in #2725
• [Modules] Updated...

v0.9.0

Highlights

📯7 new modules and several extensions to existing modules with child resources and additional features, bringing the number of covered service modules to 117 and the total of resource type templates to 291
📯Enabled concurrency feature in GitHub workflows that ensures there are no 2 concurrent runs of the same workflow
📯Improved publishing with 'Publish if not exists' feature and shortening for Template Specs artifacts
📯Improved static validation through the AzureAPICrawler PowerShell module for API versions tests
📯Added scheduled workflow to validate PSRule pre-flight checks on the whole library

Modules

• New modules:
  • Microsoft.EventGrid/domains
  • Microsoft.EventGrid/subscriptions
  • Microsoft.DevTestLab/labs
  • Microsoft.CDN/profiles
  • Microsoft.Network/networkManagers
  • Microsoft.SignalRService/signalR
  • Microsoft.PolicyInsights/remediations
• Several new child modules, including:
  • Microsoft.Sql/servers/keys
  • Microsoft.Compute/galleries/applications
  • Microsoft.Web/sites/slots
• Updated API version for several modules: Locks, Tags, Resource Groups, DocumentDB DatabaseAccounts, Consumption Budgets, Recovery Services, Azure Policy Assignments, Machine Learning Workspaces, DBforPostgreSQL Flexible Servers, Web Sites, AVD Scaling Plans
• Enabled 'AllLogs' as diagnostic category
• Updated Private Endpoint Config to Allows Static IP on Parent Modules
• Improved CMK implementation for Cognitive Services and Container Instances
• Azure Cosmos DB SQL Container Indexing policy
• Added ContainerRegistry anonymousPullEnabled property
• Added support for Virtual Machine Automatic VM Guest Patching
• Added Storage Accounts SFTP and LargeFileShares features
• Updated VNET Gateway to reference Public IP module
• Added Virtual Machines AADJoin Extension feature
• Dependencies approach fixes and updates: variable usage, deployment names, template formatting
• Updated Azure Policy Definitions - mode to support 'Microsoft.Network.Data'
• Updated Recovery Services Vaults publicNetworkAccess property
• Added Virtual Machine Images named Staging Resource Group VM User-Assigned IDs and SIG Image parameters
• Added Compute gallery Images SecurityType property and extended test coverage
• Connect Azure Firewall to a VirtualHub

CI Environment

• Enabled concurrency feature in GitHub workflows that ensures there are no 2 concurrent runs of the same workflow
• Improved publishing with 'Publish if not exists' feature and identifier shortening for TemplateSpecs artifacts
• Improved static validation through the AzureAPICrawler PowerShell module for API versions tests
• Added scheduled workflow to validate PSRule pre-flight checks on the whole library
• Automated creation and closure of GitHub issues for failing pipelines
• Migrated 'Issue to Project' assignment automation from GitHub project (classic) to GitHub projects
• Added platform pipelines status badge to the main readme

Wiki

• Update telemetry article
• Added sorting to wiki module table
• Updated dependencies approach guidelines in module design
• Added initial version of troubleshooting guidance
• Updated Network Manager documentation and Wiki known issues

Utilities

• Improved deployment example for Register-AzureDevOpsPipeline utility
• Improved API version tests through the AzureAPICrawler PowerShell module

Fixes

• Fixed removal of Maintenance Configurations and Log Analytics Workspaces
• Improve removal of resources in a retry scenario
• Privatelink ADO pipeline name fix
• Cleanup hardcoded nameprefix references
• Update builtInRoleNames list for nested_roleAssignments modules
• Switch from az bicep build to bicep build to avoid rate limits
• Fixed hardcoded artifacts-rg reference
• Fixed VNET Peering test
• Update link to code examples in module design Wiki
• Several minor fixes for the Publishing logic
• Solve issue with WAF config in Application Gateway

New Contributors

• @shawntmeyer made their first contribution in #2465
• @ladlavj made their first contribution in #2499
• @shaban-khan made their first contribution in #2545
• @Sdelausnay made their first contribution in #2582

Tested with version(s)

• Bicep: 0.13.1
• Powershell: 7.3.2
• Az CLI: 2.44.1

All merged PRs

Full Changelog: v0.8.0...v0.9.0

• [Modules] Azure Cosmos DB SQL Container Indexing policy by @fblix in #1578
• [Modules] Update all inner resource locks to latest documented API version by @eriqua in #2355
• [Fixes] Fix removal of maintenance config by @eriqua in #2399
• [Fixes] Privatelink ADO pipeline name fix by @eriqua in #2408
• [Fixes] Cleanup hardcoded nameprefix ref by @eriqua in #2409
• [Fixes] Improve removal of resources in a retry scenario by @AlexanderSehr in #2406
• [Modules] Align CMK implementation for Cognitive Services & cleaned up several allowed values by @AlexanderSehr in #2402
• [CI Environment] Enable concurrency in GHW by @eriqua in #2422
• [Fixes] Update project URL by @rahalan in #2434
• [Modules] Added property anonymousPullEnabled by @AlexanderSehr in #2424
• [CI Environment] Change code to updated logic to add issues to new projects by @rahalan in #2437
• [Fixes] fixing variable reference by @rahalan in #2440
• [Fixes] Update builtInRoleNames format by @eriqua in #2431
• [Fixes] use new token for assigning issues by @rahalan in #2446
• [Utilities] Improve deployment example for Register-AzureDevOpsPipeline utility by @AlexanderSehr in #2452
• [Modules] Added closing dot in all descriptions of any bicep file by @SeSeicht in #2447
• [Wiki] Update telemetry article by @matebarabas in #2466
• [Fixes] Telemetry language update by @matebarabas in #2467
• [Modules] Added Key Module to SQL Server by @fabmas in #2438
• [Modules] Enable 'AllLogs' as diagnostic category by @SeSeicht in #2443
• [Utilities] Improve API version tests through the AzureAPICrawler PowerShell module by @AlexanderSehr in #2344
• [Modules] New Child Module Gallery Application by @shawntmeyer in #2465
• [Modules] Updated Tags API version by @AlexanderSehr in #2320
• [Modules] ResourceGroup: Added new optional parameter & updated API version by @AlexanderSehr in #2319
• [Modules]: Microsoft.Network/frontdoors - Fix for Static Validation by @ChrisSidebotham in #2489
• [Fixes] Update LAW force delete by @eriqua in #2490
• [Modules] Add support for Virtual Machine Automatic VM Guest Patching by @tyconsulting in #2429
• [Fixes] Switch from az bicep build to bicep build to avoid rate limits by @AlexanderSehr in #2492
• [Fixes] Update gallery app readme and customAction parameter type by @eriqua in #2474
• Added more options to Microsoft.ContainerInstances/containergroups module by @fblix in #2175
• [Modules] Updated Private Endpoint Config to Allows Static IP on Parent Modules by @ChrisSidebotham in #2480
• [Modules]: Updating readme's from generator - whitespace errors fix by @ChrisSidebotham in #2497
• [CI Environment] Enable 'Publish if not exists' + Fix for 'Publish latest' by @AlexanderSehr in #2410
• [Modules] Updated API versions for Microsoft.DocumentDB/databaseAccounts by @krbar in #2516
• [Modules] DevTest Lab Module (API Version: 2018-09-15) by @ahmadabdalla in #2513
• [Modules] Storage Accounts : Add SFTP feature to storage account module # 2378 by @karthikvenkat17 in #2514
• [Modules] Updated VNET Gateway to reference PIP module by @lsnoddy in https://github....

v0.8.0

Highlights

📯Self-contained dependencies approach to module deployment validation: All tests are now deploying their own resource dependencies together with the target test resource in a dedicated resource group and removed afterwards. In addition, module test JSON parameter files have been converted to Bicep test files:

When you onboarded CARML in version 0.7.0 and before, you had to first run a dependency pipeline that would deploy a set of 'persistent' Azure services we'd then use in subsequent module tests as references (for example to deploy a VM into a VNET) as seen in the following image.

Now, from version 0.8.0 onward, these dependencies (if any) are deployed as part of each module's test. This means, the VM test would deploy itself the aforementioned VNET and all resources would be removed after:

📯Deployment history cleanup: A scheduled pipeline has been introduced to automatically cleanup deployment history for Management Group and Subscription scopes.
📯Alignment with latest Bicep linter rules: Fixes have been implemented throughout the library to comply with decompiler-cleanup and prefer-unquoted-property-names linter rules. In particular, a new utility Update-RoleAssignmentList allows to update latest available Role Definitions for each module nested Role Assignments while complying with the prefer-unquoted-property-names linter rule.

Modules

• Update all modules' tests to new dependencies approach
• New modules:
  • Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies
  • Microsoft.Network/dnsResolvers
  • Microsoft.Maintenance/maintenanceConfigurations
• Updated API version for several modules: ACR, RSV, VMSS, AKS, ML Workspaces, Private Endpoints, Virtual Hubs, Locks, Compute Images, Policy Exemptions, Role Definitions, Proximity Placement Groups
• Extend modules with child resources and new features:
  • Multi additions to staticSites
  • Add TLS setting support to SQLMI
  • Extend Web Sites with kvrefidentity
  • Updated virtualNetworkGateways to support AAD VPN
  • Enable Key Vault Purge Protection per default (disable in tests)
  • Update ubuntu and windows OS images used for tests to latest versions
  • Added Elastic Pool support to SQL Server
  • Added replication alerts to Recovery Services Vault
  • Allow upgrading all node pools in an AKS cluster to the same Kubernetes version
  • Allow creating a ContainerGroup with one or more containers
• Add missing tags to Key Vaults, User Assigned Identities and Web Server Farms common test
• Align networkAcls implementation for StorageAccounts, KeyVaults and CognitiveServices modules
• Update nested_roleAssignment to comply with prefer-unquoted-property-names linter rule
• Fixing linter warning decompiler-cleanup
• Replacing hardcoded environment URLs with the environment() function
• Updated MS.AuthZ namespace modules to use .id for ResourceID outputs

CI environment

• Added scheduled pipelines for Subscription & Management-Group Deployment history cleanup
• Updated the deployment name generation to be more detailed
• Broken links pipeline update
• Updated GitHub workflows to use actions-checkout@v3
• Replace set-output commands with GH environment file $env:GITHUB_OUTPUT
• Update static validation result publish version to v2
• Update removal to support Azure Security Center module
• Updated RBAC tests to be more explicit about the principal type
• Extend and optimize resource removal of nested deployments with higher scope than the parent
• Remove support to previous deployment validation approach

Wiki

• Solution creation section: Azure DevOps example for pipeline-orchestration
• Update Fetch latest updates section and fix broken links
• Additional cleanup after converted test files

Utilities

• Added utility Update-RoleAssignmentList
• Updated compatability of Set-ModuleReadMe utility to new dependencies approach, handle inline quotations and improved function identification regex
• Updated compatability of Test-NamePrefixAvailability utility to new dependencies approach
• Updated compatability of ConvertTo-ARMTemplate utility to new dependencies approach

Fixes

• Improve disk encryption options to VM and VMSS
• Fix typo in readmes and parameter files: privateDnsZoneGroups to privateDnsZoneGroup
• Fixed RBAC File Names & Roles accross multiple modules
• Key Vault - Fix parameter usage section
• Fixed usage of deployment name in Test-Deployment script
• Update Linter pipeline filename and trigger
• Updated the way child module readmes are referenced
• Fixed location of settings

New Contributors

• @tyconsulting made their first contribution in #2037
• @cjnova made their first contribution in #2092
• @oliverlabs made their first contribution in #2120
• @ehanlon made their first contribution in #2164
• @coolhome made their first contribution in #2262

All merged PRs

Full Changelog: v0.7.0...v0.8.0

• [Modules] Updated KeyVault vaults to new dependencies approach by @AlexanderSehr in #2002
• [Utilities] Update script to generate custom release notes by @eriqua in #2063
• [Modules] Updated Resources ResourceGroups to new dependencies approach by @AlexanderSehr in #2062
• [Modules] Updated VirtualNetwork to new dependency approach by @AlexanderSehr in #1884
• [Modules] Update ACR module api version to 2022-02-01-preview by @tyconsulting in #2037
• [Modules] Updated API reference (Microsoft.Authorization/roleDefinition) to the newest one. Issue #1998 by @cjnova in #2092
• [Fixes] Fixed Readme files and Pester tests after recent new line change by @ahmadabdalla in #2132
• [Utilities] Increased flexibility on parameter table search by @AlexanderSehr in #2133
• [Fixes] Virtual Machine - fixed the subnetId (should be subnetResourceId) old reference for the… by @oliverlabs in #2120
• [Modules] Updated KubernetesConfiguration/Extensions to new dependency approach by @AlexanderSehr in #1827
• [Modules] Updated KubernetesConfiguration/FluxConfigurations to new dependency approach by @AlexanderSehr in #1828
• [Modules] Updated Consumption budgets to new dependencies approach by @AlexanderSehr in #1962
• [Modules] Updated Insight MetricAlertsto new dependencies approach by @AlexanderSehr in #2108
• [Utilities] Enabled no-param blocks by @AlexanderSehr in #2134
• [Modules] Updated Web/StaticSites to new dependencies approach by @AlexanderSehr in #1898
• [Modules] Updated Network/Connections to new dependency approach by @AlexanderSehr in #1829
• [Fixes] Fix typo in readmes and parameter files: "privateDnsZoneGroups" to "privateDnsZoneGroup" by @rahalan in #2137
• [Wiki] Azure DevOps example for pipeline-orchestration by @segraef in #1862
• [Modules] Update Network Public IP Addresses to new dependencies approach by @AlexanderSehr in #2080
• [Modules] Add new module: WAF policy by @rahalan in #2138
• [Fixes] Consumption Budget readme update by @eriqua in #2141
• [Fixes] Fix WAF policy readme by @rahalan in #2145
• [Fixes] Fixed incorrect depenency variable reference by @AlexanderSehr in #2146
• [Fixes] Fixed ADO Pipeline & Readme for AppGW WAF Policy by @AlexanderSehr in #2147
• [Modules] Updated Network/VPNSites to new dependency approach by @AlexanderSehr in #1834
• [Modules] Updated Network/VirtualHubs to new dependency approach by @AlexanderSehr in #1831
• [CI environment] Extend and optimize resource removal of nested deployments with higher scope than the parent by @eriqua in #2148
• [CI environment] Removed checkout repository leftovers by @AlexanderSehr in #2155
• [Modules] Updated web connection to new dependencies approach by @elanzel in #2154
• [Fixes] Fixed RBAC File Names & Roles accross multiple modules by @AlexanderSehr in #2158
• [Modules] Updated DataProtection Backup Vaults to new dependency approach by @AlexanderSehr in #1876
• [Modules] Updated RecoveryServices Vault to new dependency approach by @Ale...

v0.7.0

Highlights

📯 CMK and networking improvements across all modules: Customer-Managed Keys have been refined across all modules currently supporting them, aiming for this feature to have a consistent interface (input parameters) across the library. Also, networking capabilities such as private endpoints, private DNS zone integration and public network access have been improved across modules implementing them. For instance, public network access is now disabled by default on the deployed resources when private endpoints are set, unless differently specified.
📯 Simplified token handling & repository configuration: The token replacement feature has been refined by providing a centralized place where to store variables, for both GitHub and Azure DevOps orchestrations, simplifying the CI environment initial setup. The deployment Service Principal object ID, previously required to be set as a secret, is now automatically retrieved by the pipelines, reducing the list of secrets/variables to configure for the validation pipelines to run.
📯 Improved module documentation: Each module ReadMe now lists all local cross-referenced modules leveraged by their implementation. Deployment examples are also improved by listing required parameters first, followed by the rest, each in alphabetical order. In addition, a Module overview page has been added to the Wiki, outlining supported features for each module such as Private endpoints, Diagnostic Settings and RBAC.

Modules

• New modules:
  • Redis Cache
  • Web PubSub
  • PowerBIDedicated Capacities
  • Synapse Workspaces
  • Private Link Services
  • Azure Database for PostgreSQL Flexible Servers
• Aligned the CMK implementation across current modules
• Aligned public network access implementation across modules to get automatically disabled if private endpoints are set
• Updated & aligned role assignment implementation across modules
• Added private endpoint support for Batch accounts, DataFactory, Recovery Services Vaults
• Improved default security values for AKS, Log Analytics, Sql Servers
• Updated API version for several modules under ContainerInstance, ContainerService, NetApp, Network, Sql, Storage resource providers
• Removed autogenerated unique name feature from all modules
• Introduced linter-ignore statements for false-positives

CI environment

• [MAJOR/BREAKING] Renamed arm folder to modules
• [MAJOR/BREAKING] Renamed .parameters folder to .test
• Token Mechanism Uplift (support tokens as GitHub Secret + Migrate Settings.Json to Settings YAML)
• Autofetch ServicePrincipal Object ID
• Static validation improvements:
  • Added integration with private DNS zones to all module tests deploying private endpoints
  • Added test case for parameter description
  • Moved global Pester tests to utilities
• Extended and improved dependencies pipeline:
  • Added private DNS zones dependencies
  • Added new dependencies for Private Link Services module
  • Use deployment scripts for the Store VHD to blob container option
• Added subscription context for supporting MG scope service connections
• Enabled CI environment to handle DeploymentTest (Bicep) files for upcoming self-contained dependencies approach
• Further alignment between ADO pipelines and GH workflows

Wiki

• Added new section Module overview outlining all module features for the whole library
• Added new section Fetch latest CARML updates for internalized libraries
• Improved Solution creation section with decision support for publishing target locations and updated template-orchestrated solution examples
• Updated Contribution guide to reference latest project board approach
• Improved Known Issues section

Utilities

• Improved Module readme generator (Set-ModuleReadMe):
  • Added new section Cross-referenced modules
  • Improved Deployment examples section:
  • Each example lists all the required parameters first, followed by the rest - each in alphabetical order
  • Moved Bicep example in front of JSON
  • Added quotation for empty allowed values
• Added utility to bulk-run pipelines for a given branch
• Updated DevOps Pipeline Registration
• Added ManagementGroup-Deployment removal script

Fixes

• Fixed several Linter warnings for Natural language
• Extended vscode settings with json specific to align file formatting
• Fixed resource removal stage attempting to remove dependency resources
• Improved CI environment compatibility with Linux & improved robustness
• Fixed failing dependencies pipeline on VHD creation
• Updated private endpoint and user assigned identity readme parameter usage templates

All merged PRs

• [Modules] Added instrumentationKey output variable by @itpropro in #1592
• [Modules] Fix roleAssignments naming and missing rename by @MariusStorhaug in #1596
• [Fixes] ServiceFabric/Clusters - Added correct CI trigger for ADO by @MariusStorhaug in #1601
• [Fixes] Fix format and whitespace by @MariusStorhaug in #1600
• [Utilities] Added utility to bulk-run pipelines for a given branch by @MrMCake in #1609
• [Modules] MongoDB: Removed throughput if database is deployed serverless #1571 by @MrMCake in #1594
• [Modules] Overhauled Disk-Encryption Key handling by @MrMCake in #1591
• [CI Environment] [MAJOR/BREAKING] Renamed arm to modules by @MariusStorhaug in #1599
• [Fixes] Fix incorrect function reference for GitHub action by @MrMCake in #1615
• [Fixes] Corrected the @mention of teams + cleanup of owners by @MariusStorhaug in #1603
• [Wiki] Fixing several links and casings by @MrMCake in #1613
• [Wiki] Reset some of the feedback from Wiki walkthrough by @MariusStorhaug in #1617
• [Modules] Minimum TLS version for SQL server by @ArielRam99 in #1618
• [Modules] AKS: Updated secure defaults by @MrMCake in #1593
• [Misc] Add automatic assignment to Pull-Requests by @MariusStorhaug in #1619
• [Modules] Recovery Services Vaults: Add private endpoint support with updated parameters file. by @kavishshivhare in #1623
• [CI Environment] MAJOR/BREAKING: Rename .parameters folder by @MrMCake in #1612
• [Fixes] Fixed incorrect param file ref by @MrMCake in #1626
• [CI environment] Align ADO pipeline trigger paths by @eriqua in #1634
• [Modules] DataFactory: Added private endpoints & customer-managed-key implementation by @MrMCake in #1585
• [Utilities] Updated DevOps Registration by @MrMCake in #1611
• [Modules] Aligned privateEndpoints description metadata across modules by @eriqua in #1636
• [Utilities] Added ManagementGroup-Deployment removal script by @MrMCake in #1622
• [Modules] Aligned the CMK implementation across current modules by @MrMCake in #1589
• [Fixes] Fixed DiskEncryption Dependency Parameters by @MrMCake in #1637
• [Modules] MachineLearningWorkspace: Updated Customer-Managed-Key implementation by @MrMCake in #1584
• [Modules] Service bus private networking ACL by @ChrisSidebotham in #1453
• [Modules] Added CosmosDB Gremlin API & updated mongodb to current version by @MrMCake in #1638
• [Fixes] ServiceBus regenerate readme by @eriqua in #1646
• [Fixes] Role Assignment output by @eriqua in #1649
• [Modules] Batch accounts: Add private endpoint support with updated parameters file. by @ishita-malik1 in #1654
• [Modules] LogAnalytics: Setting secure value & add linked storage accounts child module by @MrMCake in #1588
• [Modules] Policy assignment updated nonCompliance messages by @ahmadabdalla in #1644
• [Modules] Servicebus: Added Customer-Managed-Key & additional resource type handling for removal by @MrMCake in #1586
• [Wiki] Fix incorrect statement about Bicep not being GA by @eriqua in #1657
• [Modules] Redis cache module by @MrMCake in #1635
• [Modules] Leave out not supported throughput field in Cosmos by @itpropro in #1658
• [Modules] Align public network access implementation across modules by @eriqua in #1661
• [Modules] Recovery Services Vault: Updated API and added new feature properties by @prasanjeets in #1572
• [Modules] Added Web PubSub module ...

v0.6.0

Highlights

📯 Cross-Module reference alignment: To increase consistency and avoid code duplication, all modules previously leveraging nested templates for resources of a different resource type are now referencing the same CARML module
📯 Added Bicep + JSON deployment examples to all module readme files
📯 Added CARML logical layers and personas Wiki page

Modules

• New modules:
  • App Configuration Stores with Key Values
  • Compute NetworkInterfaces
  • DataProtection Backupvaults
  • OperationsManagement Solutions
  • Authorization Locks
• Improved modules:
  • Cognitive Services: Set secure defaults
  • EventGrid: Set secure defaults
  • Storage Accounts: Implemented Customer-Managed Keys
  • SQL Server: Added private endpoint and vulnerability assessments
  • Private DNS records: Added Role assignments
  • VirtualMachine: Configure boot diagnostics with managed storage account
  • Eventhub: Added Network Rules
  • VMSS: Added Condition to EncryptionAtHost
  • OperationalInsights: Added etag parameter to SavedSearches
  • Azure Firewall: Added Public IP
  • Bastion Hosts: Added Public IP
  • ACR: Added webhooks and updated ACR CMK implementation
  • BatchAccounts: Added configuration options
  • AKS: Added Application Gateway Ingress Controler (AGIC) addon
  • Updated API version for Role assignments, ML Workspace, Eventhub, Recovery Services Vault, Compute Galleries
• Improved parameter metadata descriptions & module readmes:
  • Updated parent-child resource conditional description
  • Improved parameter description formatting
  • Update conditional parameters descriptions to include the condition under which they are required
  • Merged Azure Resource Reference documentation links with the list of deployed resource types
• Changed telemetry implementation to only deploy a single PID: Disabled telemetry on child resources and on cross-referenced resources
• Added location output to all templates supporting it
• Added multiple VM deployment example

CI Environment

• Improved robustness and duration of environment setup task on agents
• Improved resource removal logic:
  • Implemented purge for AppConfiguration
  • Added role assignment removal
  • Added registrationDefinitions removal
  • Improved lock removal
  • Cleanup custom removal logic for VWan
• Improved GitHub workflows:
  • Updated GitHub Workflows to use Azure/PowerShell action
• Improved ADO pipelines:
  • Fixed ADO publishing to Bicep registry
  • Fixed ADO triggerpath
  • Updated conditions for ADO dependency pipeline
• Created Issue-Assignment pipeline to automate assignment of new issues to the intended project

Static Validation

• New Pester tests:
  • All parameter descriptions should end with a period
  • Conditional parameters description should contain the condition under which they are required
• Added exception handling for resources not having standard outputs
• Reworked tests to not use HTML & shared functions
• Expanded Pester test output

Wiki

• Overarching review and lingo update
• Improved solution examples
• Extended Contribution flow section
• Updated required GitHub settings to successfully run static validation
• Added Management Group module notes to known issues

Utilities

• Enabled generation script to add Bicep + JSON deployment examples to module readmes
• Added Get-FormattedGitHubRelease function to support release highlights (these highlights :) )
• Improved Set-ModuleReadMe utility when called w/ relative path

Fixes

• Workaround for Az CLI bug introduced by latest CLI version (2.37.0) used by the ubuntu-20.04 agents
• Replace space with %20 in the ADO projectname
• Fixed pipeline name parsing in Register-AzureDevOpsPipeline utility
• Update casing for IPsec connections
• Added missing output to Tags module
• Fixed all parameter descriptions to comply with updated static validation
• Fixed KeyVault reference for Bicep example in ReadMes
• Updated references to the global variables file
• Fixed typo in global test
• Swapped the values for tenantId and deploymentSpId
• Corrected AVD Host pool parameter for dependency pipeline
• Added principalType to RSV param
• Fixed ApplicationGateway pipeline deployment by updating the keyvault reference

All merged PRs

• [CI Environment] Change Task Type for ADO in the publishing to bicep registry by @SeSeicht in #1340
• [Fixes] Fixed broken SQL-MI link by @fblix in #1350
• [Modules] Switched from resource name to resource ID in RBAC deployment by @MrMCake in #1352
• [Modules] Merged resource references with types table + renewed readmes by @MrMCake in #1354
• [Modules] Added configuration options to Microsoft.Batch/batchAccounts by @fblix in #1348
• [Modules] Add RBAC to Private DNS records by @simonbMS in #1344
• [Modules] Added Application Gateway Ingress Controler (AGIC) addon to AKS by @JPEasier in #1345
• [CI Environment] Added role assignment removal to removal logic by @MrMCake in #1343
• [Modules] Downgrade RBAC API version by @eriqua in #1358
• [Modules] Update ML Workspace to latest API by @MrMCake in #1359
• [Modules] Allowed User assigned identity deployments by @ahmadabdalla in #1361
• [Fixes] Set-ModuleReadMe when called w/ relative path by @MrRoundRobin in #1366
• [Modules] Update parent-child resource conditional description & updated format by @MrMCake in #1355
• [Modules] Update Conditional descriptions by @eriqua in #1376
• [Modules] Added multiple vm deployment example by @MrMCake in #1369
• [Modules] Fixing typos across Rbac descriptions by @eriqua in #1377
• [Modules] Added SQL Server Vulnerability Assessments by @MrRoundRobin in #1374
• [Fixes] Fixed some missing parts to pipelines and a mistake in wiki by @MariusStorhaug in #1381
• [Modules] VirtualMachine: Configure boot diagnostics with managed storage account by @lsnoddy in #1365
• [Modules] Added location output to templates by @MrMCake in #1371
• [Static Validation] Pester structural tests by @MrMCake in #1373
• [Modules] EventGrid: Set default values to a secure value by @lsnoddy in #1384
• [Modules] SQL-Server: Added private endpoint by @MrMCake in #1367
• [Wiki] picture fix: changing to by @segraef in #1391
• [CI Environment] Fixed location output test for global resources by @MrRoundRobin in #1390
• [Modules] allow 0 as min capacity by @rahalan in #1398
• [CI Environment] Set Az Context in Removal Stage in ADO by @SeSeicht in #1389
• [Modules] Update Eventhub Network Rules + latest APIs by @ahmadabdalla in #1387
• [Fixes] Update casing for IPsec connections by @luisarnauth in #1407
• [Static Validation] Ending parameter description with a dot by @eriqua in #1394
• [Fixes] Added missing output to tags module by @MrMCake in #1408
• [Modules] Fixed Inconsistent naming of NSGs IDs #1323 by @prasanjeets in #1406
• [Modules] Added telemetry to AAD module & description to docs by @MrMCake in #1393
• [Modules] VMSS add Condition to EncryptionAtHost by @SeSeicht in #1414
• [Modules] Update Recovery Services Vault API to latest by @SeSeicht in #1411
• [Modules] New App Configuration Stores module by @ArielRam99 in #1404
• [Modules] Added NetworkInterface module by @MrMCake in #1400
• [Fixes] Fixing ending dots for parameter descriptions by @eriqua in #1419
• [Modules] update parameter paths of Deployment Scripts by @SeSeicht in #1412
• [Fixes] Fixing ending dots for parameter descriptions continued by @eriqua in #1420
• [Modules] OperationalInsights add etag parameter to SavedSearches by @SeSeicht in #1413
• [Modules] Added private endpoint to application config by @MrMCake in #1418
• [Utilities]: Enabled generation script to add Bicep + JSON deployment examples t...

v 0.5.0

Highlights

Modules

• New modules:
  • Tags
  • VPN gateways
  • VPN sites
  • Static Web Apps
  • Azure Active Directory Domain Services (Azure ADDS)
  • Network security groups
  • Azure Virtual Desktop Scaling plans
  • Front Door
  • AKS extensions and flux configurations
  • Event Grid system topics child module
  • Service Bus topics and topics authorizationRules child modules
  • Recovery services vault child modules for configuring Azure Site Recovery for A2A DR
  • Private DNS zones child modules
• Extensively updated modules:
  • Application gateways
  • Kubernetes services
  • Container registries
  • Web sites
  • Virtual WANs
• Extended test coverage
• Updated diagnostic settings and RBAC extensions across all modules using them
• Enabled solution telemetry for all modules (Note: The ID is only used to gain insights into the library's usage. It can be disabled in the settings.json.)

CI Environment

• Consolidated Azure DevOps and GitHub Actions to use a single variable file for environment variables
• Added automatic fetch of parameter files to GitHub actions
• Added documentation to GitHub composite actions
• Improved static validation: Extended tests to make sure that tokens are leveraged in parameter files and that the module readme's matches the Set-ModuleReadMe utility's output
• Improved deployment validation: Optimized deployment, removal and login scripts
• Improved publishing: Support to multiple scopes and cascading version update (publishing major and major.minor versions together with major.minor.patch versions)
• Aligned pipeline UI stages/jobs display names with Wiki and diagrams
• Added pipeline trigger when updating global tests
• Removed Azure DevOps pipeline trigger on PRs

Tools

• Module readme generator (Set-ModuleReadMe) updates:
  • Automated parameter table categories
  • Automated table of contents
  • Added support for multi-line metadata
• Added script to check namePrefix availability (Test-NamePrefixAvailability)
• Added bicepconfig.json to disable Linter location warning
• Improved Broken Links Check pipeline
• Improved main home readme generator pipeline for both Azure DevOps and GitHub
• Added Yaml templates for PRs, Bugs and Feature Requests

Wiki

• Extensive wiki restructuring to highlight different repo usage scenarios and provided functionality (module library and CI enviroment)
• Added and updated image diagrams across all sections
• Improved step-by-step contribution guide flow
• Improved documentation on Known issues
• Added Solution creation page with deployment examples leveraging published modules
• Added guidelines for multi-repo orchestration
• Added migration guidelines section for release updates
• Document prerequisites for Azure DevOps Universal Artifact Feed

Fixes

• Aligned Azure DevOps and GitHub pipelines for dependencies and soft deleted resource purge
• Updating general removal sequence to fix private endpoint removal for all modules
• Unique name generation for event hub namespace
• Removed serial deployment (batch) from virtual network subnets, NetApp capacity pools, operational insights solutions
• Fixed broken links across documentation and Wiki

---

What's Changed

• Keyvaults - Securing secrets parameter by using object by @vgaupset in #1022
• Update ServiceBus module to use topics and topics authorizationRules by @eriqua in #1028
• Rewrite of the AppGW module by @rahalan in #1026
• Simplify VM availability zone parameters by @MariusStorhaug in #1030
• removed form template by @segraef in #1039
• Update deploy.bicep by @zaidmohd in #1041
• Added tags module by @MrMCake in #1029
• Publish: Cascading version update by @MariusStorhaug in #978
• Wiki restructuring - empty side by side toc by @eriqua in #1051
• Fix incorrect parameter handling in Automation Account by @MrMCake in #1037
• Align all nested_privateEndpoint to the same API version by @eriqua in #1053
• Storage Account: Parameterized support for HTTPs by @MariusStorhaug in #1052
• Resource Removal: Add resource Group support for mg level deployments by @ahmadabdalla in #1043
• Fix accelerated networking on VM by @MariusStorhaug in #1055
• Add dedicated LAW for automation account test by @eriqua in #1059
• Update networking API versions by @eriqua in #1060
• Microsoft.Authorization: Publish templates on different scopes by @MrMCake in #1033
• Wiki restructuring - known issues by @eriqua in #1064
• Update REDAMEs from ADO pipelines added by @Msanzdelrio in #1067
• Adding event grid system topics by @rahalan in #1045
• Add new properties to AKS by @rahalan in #1056
• Dependency-VM: Disable accelerated networking to support small size by @MrMCake in #1066
• Fixed issue with Azure DevOps pipeline to have it fail on failed Pester tests by @MrMCake in #1036
• Extend Bastion Host Module by @senavar in #1071
• Publishing: Improve diff comparison when on custom branch by @MariusStorhaug in #1058
• Adding private dns zones children by @rahalan in #1044
• KeyVault: Updated roles by @MrMCake in #1065
• VPN Gateway: Added module by @MrMCake in #1068
• Wiki restructuring - interoperability by @eriqua in #1074
• SQL MI Update by @senavar in #1076
• Fix typo for new module workflows by @eriqua in #1080
• VNET: Removed subnet property from main deployment by @MrMCake in #1081
• Wiki restructuring - Contribution guide by @eriqua in #1084
• Enabling NFS 4.1 Fileshares by @MariusStorhaug in #1078
• Wiki restructure - The library by @eriqua in #1087
• Updated pipeline default values from string to boolean to match type by @MrMCake in #1091
• StorageAccount: Cleanup + add publicNetworkAccess parameter by @MariusStorhaug in #1086
• VPN Site: Created new module by @MrMCake in #1088
• vWAN: Moved resources to corresponding modules and removed duplicates by @MrMCake in #1090
• Adding properties to Azure Container Registry by @rahalan in #1079
• Microsoft.AnalysisServices-Servers-Max param file by @SaumilkumarShah in #1100
• New module: MS.Web/StaticSites by @MariusStorhaug in #1093
• Wiki restructure - Add test module locally utility to contribution guide by @eriqua in #1104
• Load Balancer: Add better support for privateLB by @MariusStorhaug in #1089
• Bug fix: Update ADO Dependency Pipeline to support new policy assignment parameter file names, point to the root template instead of child by @ahmadabdalla in #1110
• Microsoft.ApiManagement-service Min Param File Added by @SaumilkumarShah in #1108
• add Azure Active Directory as sql server admin authentication by @mvbugge in #1106
• Added private endpoint deployment to container registry by @MrMCake in #1118
• Replaced CuaID implementation (to be discussed) by @MrMCake in #895
• Added cua ID to several templates by @MrMCake in #1119
• NSG: Moved NSG Security Rules into its own child-module by @MrMCake in #1102
• Further CUA ID fixes by @MrMCake in #1121
• Added additional test case for SQL Server by @MrMCake in #1116
• Virtual Network - Subnet Child Resource Remediation by @ahmadabdalla in #1112
• Follow Up to CuaID deployment by @MrMCake in #1122
• RBAC Role Assignments: Added description parameter by @lsnoddy in #1115
• Make some parameters optional by @rahalan in #1123
• Adding new properties to AKS by @r...

v 0.4.0

Highlights

Modules

• Added versioning via version.json file in each module
• Added Synapse Private Link Hubs
• Added Compute Disks module
• Added Service Fabric Cluster module
• Added Virtual Hub module
• Added Load Balancer Child modules
• Standardized naming of diagnostic settings parameters
• Deprecated AutoManage module and migrated it to VM module
• Update KeyVault, Virtual Machine, Virtual Machine Scale Set, Event Hub and Storage Account to default secure values
• Aligned all outputs to name, resourceGroup & resourceId where applicable
• VNET subnets parameter now optional
• Aligned AppInsights module with template reference property names

CI Environment

• Enabled local <<namePrefix>> in the settings.json file
• Dependency pipeline
  • Added Azure DevOps counterpart
  • Added additional resources: Proximity Placement Group, Image Template
  • Improved end-to-end flow by improving value pass-over
• Improved error details
• Aligned stage names of GitHub & Azure DevOps
• Added additional test files
• Enabled ManagementGroup level removal
• Added publishing of child modules
• Introduced grouping of logs on GitHub

Tools

• Improved flexibility of the Test-ModuleLocally function

Wiki

• Added utilities in addition to the documentation inside the scripts
• Updated Module Usage examples to latest Bicep features & added bicepconfig.json examples
• Updated dependencies section to latest token solution

Fixes

• VMs now cleanup their attachments correctly
• Azure DevOps pipelines can now be canceled properly
• VNETs idempotency now consistent
• Fixed issue for ConvertTo-ARMTemplate utility
• Policy Assignment now explicitly specifies the principal type, fixing an issue where the API would not properly work for subsequent deployments

What's Changed

• Added missing ADO artifacts reference in wiki by @MrMCake in #851
• Added deleteOption to VM by @MrMCake in #850
• LoadBalancer: Added child resources + test cases by @MrMCake in #848
• VNET: Fixed indempotency bug with subnet deployment by @MrMCake in #845
• Added missing removal condition to avoid uncancelable pipeline by @MrMCake in #854
• Fix Recovery Services Vault MI Issue by @MariusStorhaug in #862
• Update global.variables.yml by @SeSeicht in #863
• Added utilities wiki entry by @MrMCake in #847
• Fix Storage Account MI Issue by @MariusStorhaug in #861
• Added an additional note to the wiki to better explain the MSI role assignment by @MrMCake in #855
• Added support for Synapse Private Link Hubs (#856) by @renepajta in #858
• Change startTime of "Linux_ZeroDay" by @SeSeicht in #864
• Added improved error fetching for failed deployments by @MrMCake in #866
• Align MI outputs by @MariusStorhaug in #872
• Specify set of PS modules for different actions by @eriqua in #874
• Implemented dependency pipeline for ADO by @MrMCake in #846
• web.hostingenvironment to defaultJobTimeoutInMinutes: 360 by @SeSeicht in #879
• Mapping module deployment outputs to github action output by @eriqua in #878
• Fix dependency storage diagnostic name by @eriqua in #884
• Users/alsehr/881 rsv fix by @MrMCake in #885
• Replace test storage name by @eriqua in #888
• Standardizing naming of diagnostic settings + API version update for locks and RBAC by @rahalan in #886
• Updated error output for Test-AzDeployment by @MrMCake in #889
• fix VM parameter file with additional parameter by @rahalan in #892
• update PIP by @rahalan in #898
• Update Analysis Service and API Management Outputs by @senavar in #875
• Fixed & updated automanage deployment by @MrMCake in #825
• Enable budget removal by @MrMCake in #904
• Update Key vault with security recommendation by @elbatane in #896
• Fix Compute Images by @eriqua in #907
• Dependency pipeline Replace msiPrincipalId at runtime by @eriqua in #893
• Updated outputs for namespace [c], [d], [e], [h] by @MrMCake in #915
• update FW by @rahalan in #899
• Added disks module by @Msanzdelrio in #917
• Updated outputs of namespace starting with [n] by @MrMCake in #913
• Updated outputs for namespaces starting with [r], [o] by @MrMCake in #912
• Updated outputs for namespace [m], [l], [k], [i] by @MrMCake in #914
• Fixed wrong Publish condition by @segraef in #919
• Updated outputs for namespace [s], [v], [w] by @MrMCake in #911
• Updated ADO pipeline names & update GitHub workflow conditions to not skip over tests by @MrMCake in #925
• Default secure values for storage accounts by @elanzel in #920
• Users/sogangul/bicep service fabric clusters by @SomilGanguly in #537
• RSV: Removed unused param from parameter file by @MrMCake in #926
• VNET: Removed requirement for default subnet by @MrMCake in #930
• Enabled ManagementGroup-Level removal by @MrMCake in #903
• remove unused workflow/pipeline file by @MariusStorhaug in #933
• Users/elanzelm/security eventhub by @elanzel in #939
• Bug fix for ConvertTo-ARMTemplate by @MariusStorhaug in #944
• Update dependency pipeline with image template and vhd copy by @eriqua in #929
• Publishing and versioning of child-resources and parents by @MariusStorhaug in #744
• Service Fabric: Fix incorrect parameter file references in pipeline by @MrMCake in #934
• Fix proximityPlacementGroup bug by @simonbMS in #950
• Bugfix - Publishing modules by @MariusStorhaug in #952
• Enabled <> token across modules and dependency pipeline resources by @ahmadabdalla in #945
• Virtual Hub : Create module by @MrMCake in #921
• tokenize vhub dependency by @MariusStorhaug in #958
• Added token replacement to removal by @MrMCake in #956
• API version update by @eriqua in #959
• Fix publishing prerelease tag by @MariusStorhaug in #955
• Added fix for galleries module failure by @Msanzdelrio in #962
• Fixed vHub ref by @MrMCake in #964
• Switch description outputs by @modbase in #963
• Remove unknown character from run names by @thepaulmacca in #969
• Update globally unique names for kv, ase and apim by @eriqua in #970
• Fixing typo occurrences by @eriqua in #977
• Incomplete title on wiki home by @MariusStorhaug in #979
• Added missing ADO pipeline for disks by @MariusStorhaug in #976
• Fix publishing template for firewall policies in ADO by @MariusStorhaug in #975
• Introduce grouping of logs by @MariusStorhaug in #972
• vm adp token and description fix by @eriqua in #980
• Users/alsehr/849 local test by @MrMCake in #968
• Fixed both Load Balancer & AKS by @MrMCake in #985
• Trigger all pipelines after environment cleanup by @eriqua in #986
• Quick fix for Local Test Script and Documentation by @ahmadabdalla in https://github.com/Azure...

v 0.3.1

Highlights

• Modules
  • Aligning deployment names for all modules
  • Aligning to the same diagnostic settings API version for all modules
  • Aligning deployed resource names to the same convention
  • Adding missing diagnostic settings input parameters for several modules
  • Adding multiple testing parameter files to several modules
• Platform
  • Adding first version of ADO pipelines
  • Refactoring the GitHub workflow design to
    • leverage a single GitHub action for all Pester tests
    • leverage a single GitHub action to test module deployments end-to-end (validation, deployment, removal)
  • Improving dependency pipeline for GitHub workflows
  • Improving testing for child resources
  • Improving removal procedure to leverage deployments instead of resource tags
  • Adding removal procedure (purge) for resources for which soft-deletion is enforced
  • Adding trigger on common scripts' changes for GitHub workflows
• Tools
  • Improving the Bicep to ARM Templates conversion script
  • Adding Broken Link Check Action to validate all URLs inside the repository
• Wiki
  • Improving docs for Pipelines, Modules & Testing sections
  • Updating information for the Support section
  • Extending docs for removal procedure
  • Adding documentation for utility scripts

Merged PRs

• Depedency pipeline cleanup by @MrMCake in #699
• Updated kind & added param file by @MrMCake in #701
• [666] Update dependency pipeline with policy assignment by @eriqua in #708
• Microsoft.VirtualMachineImages deployment names by @eriqua in #709
• MS.Web deployment names by @eriqua in #710
• Align MS.Sql deployment names by @eriqua in #712
• Align Microsoft.Resources deployment names by @eriqua in #716
• Align Microsoft.OperationalInsights deployment names by @eriqua in #717
• Added RBAC to secret & key child modules by @MrMCake in #706
• Align Microsoft.Logic deployment names by @eriqua in #723
• Align Microsoft.MachineLearningServices deployment names by @eriqua in #722
• Align Microsoft.RecoveryServices deployment names by @eriqua in #715
• Align Microsoft.Network deployment names by @eriqua in #718
• Align Microsoft.ManagedIdentity deployment names by @eriqua in #720
• Align Microsoft.ManagedServices deployment names by @eriqua in #719
• Align Microsoft.Management deployment names by @eriqua in #721
• Align Microsoft.KeyVault deployment names by @eriqua in #724
• Align Microsoft.HealthBot deployment names by @eriqua in #726
• Align Microsoft.EventHub deployment names by @eriqua in #727
• Align Microsoft.DesktopVirtualization deployment names by @eriqua in #729
• Align Microsoft.DataFactory deployment names by @eriqua in #732
• Align Microsoft.Databricks deployment names by @eriqua in #733
• Align Microsoft.ContainerService deployment names by @eriqua in #734
• Align Microsoft.CognitiveServices deployment names by @eriqua in #737
• Align Microsoft.Automanage deployment names by @eriqua in #739
• Align Microsoft.Authorization deployment names by @eriqua in #740
• Align Microsoft.AnalysisServices deployment names by @eriqua in #741
• Align Microsoft.ApiManagement deployment names by @eriqua in #742
• Fixed missing optional check in RSV by @MrMCake in #743
• Align Ms.Storage deployment names by @eriqua in #711
• Align Microsoft.Automation deployment names by @eriqua in #738
• Align Microsoft.Compute deployment names by @eriqua in #736
• Align Microsoft.ContainerRegistry deployment names by @eriqua in #735
• Align Microsoft.EventGrid deployment names by @eriqua in #728
• Align Microsoft.Insights deployment names by @eriqua in #725
• Target NSGs in seperate resource group by @jceval in #713
• Added backup config to rsv module by @MrMCake in #755
• update API version for diagnostic settings by @rahalan in #760
• Role Assignments: Principal Type Update + Uplift API Version for Module by @ahmadabdalla in #714
• Modules Design update by @eriqua in #769
• Add Missing Diagnostic Settings to Modules by @senavar in #765
• Users/simonb/517 automation account removal by @simonbMS in #761
• Add Azure firewall policy module by @rahalan in #748
• Create subnet child-resource by @MrMCake in #707
• Update SUPPORT.md by @alex-lee-microsoft in #802
• Pipeline: Streamlining & improvements by @MrMCake in #768
• Fixed dependency ref by @MrMCake in #804
• Align fw policy workflow by @eriqua in #805
• Updated deployed resource names in parameter files by @MrMCake in #801
• Create ADO pipelines for validate, deploy, remove & publish by @MrMCake in #476
• Added Broken Link Check Action by @ahmadabdalla in #746
• Update deployment code for Diagnostic Settings by @senavar in #811
• Extended removal logic to be more robust and in-depth by @MrMCake in #767
• Updated the use dependency filter to work with just a resourceId by @MrMCake in #814
• Update action path in dependency pipeline by @eriqua in #817
• Expand Microsoft.ContainerService/managedClusters/agentPool properties object by @lsnoddy in #806
• Created trigger on pipeline file changes by @MrMCake in #816
• Feature update ConvertTo-ARMTemplates - Parallelism, skips and Child Resource handling by @MariusStorhaug in #818
• Update the global tests invocation to also consider child resources by @MrMCake in #798
• Users/lsnoddy/remove preview feature by @lsnoddy in #822
• Fixing PrivateDnsZone removal by @eriqua in #824
• Updated ACR name + added min param file by @MrMCake in #827
• Allow peering to target remoteVnet in different subscription by @jefe-maven in #829
• Fixing disk encryption set module by @eriqua in #831
• Adding tests and documentation for conversion script by @rahalan in #821
• #763 wiki update for removal step by @simonbMS in #833
• Fix Log analytics workspace removal by @eriqua in #841
• Added RG-Location to bicep registry by @MrMCake in #839
• Added further utilities readme files to Wiki by @MrMCake in #840

New Contributors

• @alex-lee-microsoft made their first contribution in #802
• @jefe-maven made their first contribution in #829

Full Changelog: v0.3.0...v0.3.1