diff --git a/.terraform-docs.yml b/.terraform-docs.yml
index c0b4d6019..212b8d53a 100644
--- a/.terraform-docs.yml
+++ b/.terraform-docs.yml
@@ -4,7 +4,7 @@
formatter: "markdown document" # this is required
-version: "0.17.0"
+version: "~> 0.18"
header-from: "_README_header.md"
footer-from: "_README_footer.md"
@@ -13,13 +13,6 @@ recursive:
enabled: true
path: modules
-sections:
- hide: []
- show: []
-
- hide-all: false # deprecated in v0.13.0, removed in v0.15.0
- show-all: true # deprecated in v0.13.0, removed in v0.15.0
-
content: |-
{{ .Header }}
diff --git a/README.md b/README.md
index a94f2c708..512c84cb7 100644
--- a/README.md
+++ b/README.md
@@ -52,7 +52,7 @@ This allows customers to address concerns around managing large state files, or
## Terraform versions
-This module has been tested using Terraform `1.7.0` and AzureRM Provider `3.107.0` as a baseline, and various versions to up the latest at time of release.
+This module has been tested using Terraform `1.7.0` and AzureRM Provider `3.108.0` as a baseline, and various versions to up the latest at time of release.
In some cases, individual versions of the AzureRM provider may cause errors.
If this happens, we advise upgrading to the latest version and checking our [troubleshooting](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/Troubleshooting) guide before [raising an issue](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/issues).
@@ -186,7 +186,7 @@ The following requirements are needed by this module:
- [azapi](#requirement\_azapi) (~> 1.13, != 1.13.0)
-- [azurerm](#requirement\_azurerm) (~> 3.107)
+- [azurerm](#requirement\_azurerm) (~> 3.108)
- [random](#requirement\_random) (~> 3.6)
@@ -654,6 +654,7 @@ object({
log_analytics = optional(object({
enabled = optional(bool, true)
config = optional(object({
+ daily_quota_gb = optional(number, -1)
retention_in_days = optional(number, 30)
enable_monitoring_for_vm = optional(bool, true)
enable_monitoring_for_vmss = optional(bool, true)
@@ -1108,6 +1109,7 @@ The following resources are used by this module:
- [azurerm_resource_group.virtual_wan](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) (resource)
- [azurerm_role_assignment.ama_managed_identity_operator](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
- [azurerm_role_assignment.ama_reader](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
+- [azurerm_role_assignment.deploy_azsqldb_auditing_connectivity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
- [azurerm_role_assignment.enterprise_scale](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
- [azurerm_role_assignment.policy_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
- [azurerm_role_assignment.private_dns_zone_contributor_connectivity](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
@@ -1141,6 +1143,10 @@ The following resources are used by this module:
The following outputs are exported:
+### [ama\_user\_assigned\_identity](#output\_ama\_user\_assigned\_identity)
+
+Description: The user assigned identity for Azure Monitor Agent that is created by this module.
+
### [azurerm\_automation\_account](#output\_azurerm\_automation\_account)
Description: Returns the configuration data for all Automation Accounts created by this module.
@@ -1257,6 +1263,10 @@ Description: Returns the configuration data for all Virtual WANs created by this
Description: Returns the configuration data for all (Virtual WAN) VPN Gateways created by this module.
+### [data\_collection\_rules](#output\_data\_collection\_rules)
+
+Description: A map of the data collection rules created by this module.
+
## Telemetry
diff --git a/_README_header.md b/_README_header.md
index c75d6a732..4f6abee04 100644
--- a/_README_header.md
+++ b/_README_header.md
@@ -51,7 +51,7 @@ This allows customers to address concerns around managing large state files, or
## Terraform versions
-This module has been tested using Terraform `1.7.0` and AzureRM Provider `3.107.0` as a baseline, and various versions to up the latest at time of release.
+This module has been tested using Terraform `1.7.0` and AzureRM Provider `3.108.0` as a baseline, and various versions to up the latest at time of release.
In some cases, individual versions of the AzureRM provider may cause errors.
If this happens, we advise upgrading to the latest version and checking our [troubleshooting](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/Troubleshooting) guide before [raising an issue](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/issues).
diff --git a/docs/wiki/[User-Guide]-Getting-Started.md b/docs/wiki/[User-Guide]-Getting-Started.md
index 37f8d6bce..8f93bffed 100644
--- a/docs/wiki/[User-Guide]-Getting-Started.md
+++ b/docs/wiki/[User-Guide]-Getting-Started.md
@@ -3,7 +3,7 @@
Before getting started with this module, please take note of the following considerations:
-1. This module requires a minimum `azurerm` provider version of `3.107.0`.
+1. This module requires a minimum `azurerm` provider version of `3.108.0`.
1. This module requires a minimum Terraform version `1.7.0`.
diff --git a/docs/wiki/[User-Guide]-Upgrade-from-v5.2.1-to-v6.0.0.md b/docs/wiki/[User-Guide]-Upgrade-from-v5.2.1-to-v6.0.0.md
index d92cc6ef6..fecc69477 100644
--- a/docs/wiki/[User-Guide]-Upgrade-from-v5.2.1-to-v6.0.0.md
+++ b/docs/wiki/[User-Guide]-Upgrade-from-v5.2.1-to-v6.0.0.md
@@ -5,7 +5,7 @@ This is a major release, following the update of Azure Landing Zones with it's m
## ‼️ Breaking Changes
-1. Minimum AzureRM provider version now `3.107.0`
+1. Minimum AzureRM provider version now `3.108.0`
2. Minimum Terraform version now `1.7.0`
3. `var.configure_management_resources` schema change, removing legacy components and adding support for AMA resources
diff --git a/examples/400-multi-with-orchestration/modules/core/main.tf b/examples/400-multi-with-orchestration/modules/core/main.tf
index 48d99f4e6..bfc214842 100644
--- a/examples/400-multi-with-orchestration/modules/core/main.tf
+++ b/examples/400-multi-with-orchestration/modules/core/main.tf
@@ -5,7 +5,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "3.107.0"
+ version = "3.108.0"
}
}
}
diff --git a/modules/archetypes/lib/archetype_definitions/archetype_definition_es_landing_zones.tmpl.json b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_landing_zones.tmpl.json
index 4891d51b1..b6261825c 100644
--- a/modules/archetypes/lib/archetype_definitions/archetype_definition_es_landing_zones.tmpl.json
+++ b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_landing_zones.tmpl.json
@@ -8,7 +8,6 @@
"Deny-Privileged-AKS",
"Deny-Storage-http",
"Deny-Subnet-Without-Nsg",
- "Deploy-AKS-Policy",
"Deploy-AzSqlDb-Auditing",
"Deploy-MDFC-DefSQL-AMA",
"Deploy-SQL-TDE",
@@ -25,6 +24,7 @@
"Enforce-AKS-HTTPS",
"Enforce-ASR",
"Enforce-GR-KeyVault",
+ "Enforce-Subnet-Private",
"Enforce-TLS-SSL-H224"
],
"policy_definitions": [],
diff --git a/modules/archetypes/lib/archetype_definitions/archetype_definition_es_platform.tmpl.json b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_platform.tmpl.json
index 8d6f4e472..44df8988a 100644
--- a/modules/archetypes/lib/archetype_definitions/archetype_definition_es_platform.tmpl.json
+++ b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_platform.tmpl.json
@@ -11,7 +11,8 @@
"Deploy-VMSS-Monitoring",
"Enable-AUM-CheckUpdates",
"Enforce-ASR",
- "Enforce-GR-KeyVault"
+ "Enforce-GR-KeyVault",
+ "Enforce-Subnet-Private"
],
"policy_definitions": [],
"policy_set_definitions": [],
diff --git a/modules/archetypes/lib/archetype_definitions/archetype_definition_es_root.tmpl.json b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_root.tmpl.json
index 888927d5a..e676b1a2c 100644
--- a/modules/archetypes/lib/archetype_definitions/archetype_definition_es_root.tmpl.json
+++ b/modules/archetypes/lib/archetype_definitions/archetype_definition_es_root.tmpl.json
@@ -9,7 +9,7 @@
"Deny-UnmanagedDisk",
"Deploy-ASC-Monitoring",
"Deploy-AzActivity-Log",
- "Deploy-Diag-Logs",
+ "Deploy-Diag-LogsCat",
"Deploy-MDEndpoints",
"Deploy-MDEndpointsAMA",
"Deploy-MDFC-Config-H224",
@@ -200,6 +200,7 @@
"Enforce-Guardrails-APIM",
"Enforce-Guardrails-AppServices",
"Enforce-Guardrails-Automation",
+ "Enforce-Guardrails-BotService",
"Enforce-Guardrails-CognitiveServices",
"Enforce-Guardrails-Compute",
"Enforce-Guardrails-ContainerApps",
diff --git a/modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_diag_logscat.tmpl.json b/modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_diag_logscat.tmpl.json
new file mode 100644
index 000000000..b09d4d3fc
--- /dev/null
+++ b/modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_diag_logscat.tmpl.json
@@ -0,0 +1,28 @@
+{
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "Deploy-Diag-LogsCat",
+ "location": "${default_location}",
+ "dependsOn": [],
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This initiative deploys diagnostic setting using the allLogs category group to route logs to an Event Hub for all supported resources.",
+ "displayName": "Enable category group resource logging for supported resources to Log Analytics",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/f5b29bc4-feca-4cc6-a58a-772dd5e290a5",
+ "enforcementMode": "Default",
+ "nonComplianceMessages": [
+ {
+ "message": "Diagnostic settings {enforcementMode} be deployed to Azure services to forward logs to Log Analytics."
+ }
+ ],
+ "parameters": {
+ "logAnalytics": {
+ "value": "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/${root_scope_id}-mgmt/providers/Microsoft.OperationalInsights/workspaces/${root_scope_id}-la"
+ }
+ },
+ "scope": "${current_scope_resource_id}",
+ "notScopes": []
+ }
+}
diff --git a/modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_private_dns_zones.tmpl.json b/modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_private_dns_zones.tmpl.json
index d36017ea9..f4956f8ae 100644
--- a/modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_private_dns_zones.tmpl.json
+++ b/modules/archetypes/lib/policy_assignments/policy_assignment_es_deploy_private_dns_zones.tmpl.json
@@ -210,13 +210,13 @@
"azureStorageTableSecondaryPrivateDnsZoneId": {
"value": "${private_dns_zone_prefix}privatelink.table.core.windows.net"
},
- "azureSiteRecoveryBackupPrivateDnsZoneID": {
+ "azureSiteRecoveryBackupPrivateDnsZoneId": {
"value": "${private_dns_zone_prefix}privatelink.${connectivity_location_short}.backup.windowsazure.com"
},
- "azureSiteRecoveryBlobPrivateDnsZoneID": {
+ "azureSiteRecoveryBlobPrivateDnsZoneId": {
"value": "${private_dns_zone_prefix}privatelink.blob.core.windows.net"
},
- "azureSiteRecoveryQueuePrivateDnsZoneID": {
+ "azureSiteRecoveryQueuePrivateDnsZoneId": {
"value": "${private_dns_zone_prefix}privatelink.queue.core.windows.net"
}
},
diff --git a/modules/archetypes/lib/policy_assignments/policy_assignment_es_enforce_subnet_private.tmpl.json b/modules/archetypes/lib/policy_assignments/policy_assignment_es_enforce_subnet_private.tmpl.json
new file mode 100644
index 000000000..f2a0da607
--- /dev/null
+++ b/modules/archetypes/lib/policy_assignments/policy_assignment_es_enforce_subnet_private.tmpl.json
@@ -0,0 +1,28 @@
+{
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "Enforce-Subnet-Private",
+ "dependsOn": [],
+ "properties": {
+ "description": "Ensure your subnets are secure by default by preventing default outbound access. For more information go to https://aka.ms/defaultoutboundaccessretirement",
+ "displayName": "Subnets should be private",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7bca8353-aa3b-429b-904a-9229c4385837",
+ "enforcementMode": "Default",
+ "nonComplianceMessages": [
+ {
+ "message": "Subnets {enforcementMode} be private."
+ }
+ ],
+ "parameters": {
+ "effect": {
+ "value": "Audit"
+ }
+ },
+ "scope": "${current_scope_resource_id}",
+ "notScopes": []
+ },
+ "location": "${default_location}",
+ "identity": {
+ "type": "None"
+ }
+}
diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_append_appservice_latesttls.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_append_appservice_latesttls.json
index 628ae5b66..547cca8cd 100644
--- a/modules/archetypes/lib/policy_definitions/policy_definition_es_append_appservice_latesttls.json
+++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_append_appservice_latesttls.json
@@ -9,7 +9,7 @@
"displayName": "AppService append sites with minimum TLS version to enforce.",
"description": "Append the AppService sites object to ensure that min Tls version is set to required minimum TLS version. Please note Append does not enforce compliance use then deny.",
"metadata": {
- "version": "1.1.0",
+ "version": "1.2.0",
"category": "App Service",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
@@ -35,6 +35,7 @@
"type": "String",
"defaultValue": "1.2",
"allowedValues": [
+ "1.3",
"1.2",
"1.0",
"1.1"
@@ -54,7 +55,7 @@
},
{
"field": "Microsoft.Web/sites/config/minTlsVersion",
- "notEquals": "[parameters('minTlsVersion')]"
+ "less": "[parameters('minTlsVersion')]"
}
]
},
diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_append_redis_sslenforcement.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_append_redis_sslenforcement.json
index 817426388..aac286f37 100644
--- a/modules/archetypes/lib/policy_definitions/policy_definition_es_append_redis_sslenforcement.json
+++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_append_redis_sslenforcement.json
@@ -9,7 +9,7 @@
"displayName": "Azure Cache for Redis Append a specific min TLS version requirement and enforce TLS.",
"description": "Append a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
"metadata": {
- "version": "1.0.0",
+ "version": "1.1.0",
"category": "Cache",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
@@ -56,7 +56,7 @@
"anyOf": [
{
"field": "Microsoft.Cache/Redis/minimumTlsVersion",
- "notequals": "[parameters('minimumTlsVersion')]"
+ "less": "[parameters('minimumTlsVersion')]"
}
]
}
diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_eh_mintls.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_eh_mintls.json
index a1e8b33e7..6f7e7a29e 100644
--- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_eh_mintls.json
+++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_eh_mintls.json
@@ -9,7 +9,7 @@
"displayName": "Event Hub namespaces should use a valid TLS version",
"description": "Event Hub namespaces should use a valid TLS version.",
"metadata": {
- "version": "1.0.0",
+ "version": "1.1.0",
"category": "Event Hub",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
@@ -52,7 +52,7 @@
"anyOf": [
{
"field": "Microsoft.EventHub/namespaces/minimumTlsVersion",
- "notEquals": "[parameters('minTlsVersion')]"
+ "less": "[parameters('minTlsVersion')]"
},
{
"field": "Microsoft.EventHub/namespaces/minimumTlsVersion",
diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_mysql_http.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_mysql_http.json
index a8da04389..1c98aa2b4 100644
--- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_mysql_http.json
+++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_mysql_http.json
@@ -9,7 +9,7 @@
"displayName": "MySQL database servers enforce SSL connections.",
"description": "Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
"metadata": {
- "version": "1.0.0",
+ "version": "1.1.0",
"category": "SQL",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
@@ -66,7 +66,7 @@
},
{
"field": "Microsoft.DBforMySQL/servers/minimalTlsVersion",
- "notequals": "[parameters('minimalTlsVersion')]"
+ "less": "[parameters('minimalTlsVersion')]"
}
]
}
diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_redis_http.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_redis_http.json
index 73d491ad7..70055987b 100644
--- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_redis_http.json
+++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_redis_http.json
@@ -9,7 +9,7 @@
"displayName": "Azure Cache for Redis only secure connections should be enabled",
"description": "Audit enabling of only connections via SSL to Azure Cache for Redis. Validate both minimum TLS version and enableNonSslPort is disabled. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking",
"metadata": {
- "version": "1.0.0",
+ "version": "1.1.0",
"category": "Cache",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
@@ -41,7 +41,7 @@
"1.0"
],
"metadata": {
- "displayName": "Select minumum TLS version for Azure Cache for Redis.",
+ "displayName": "Select minimum TLS version for Azure Cache for Redis.",
"description": "Select minimum TLS version for Azure Cache for Redis."
}
}
@@ -61,7 +61,7 @@
},
{
"field": "Microsoft.Cache/Redis/minimumTlsVersion",
- "notequals": "[parameters('minimumTlsVersion')]"
+ "less": "[parameters('minimumTlsVersion')]"
}
]
}
diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_sql_mintls.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_sql_mintls.json
index f859443e7..f9890d9f4 100644
--- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_sql_mintls.json
+++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_sql_mintls.json
@@ -9,7 +9,7 @@
"displayName": "Azure SQL Database should have the minimal TLS version set to the highest version",
"description": "Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not reccomended since they have well documented security vunerabilities.",
"metadata": {
- "version": "1.0.0",
+ "version": "1.1.0",
"category": "SQL",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
@@ -61,7 +61,7 @@
},
{
"field": "Microsoft.Sql/servers/minimalTlsVersion",
- "notequals": "[parameters('minimalTlsVersion')]"
+ "less": "[parameters('minimalTlsVersion')]"
}
]
}
diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_sqlmi_mintls.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_sqlmi_mintls.json
index 951d1ac18..d1d555201 100644
--- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_sqlmi_mintls.json
+++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_sqlmi_mintls.json
@@ -7,9 +7,9 @@
"policyType": "Custom",
"mode": "Indexed",
"displayName": "SQL Managed Instance should have the minimal TLS version set to the highest version",
- "description": "Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not reccomended since they have well documented security vunerabilities.",
+ "description": "Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.",
"metadata": {
- "version": "1.0.0",
+ "version": "1.1.0",
"category": "SQL",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
@@ -61,7 +61,7 @@
},
{
"field": "Microsoft.Sql/managedInstances/minimalTlsVersion",
- "notequals": "[parameters('minimalTlsVersion')]"
+ "less": "[parameters('minimalTlsVersion')]"
}
]
}
diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_vnet_peer_cross_sub.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_vnet_peer_cross_sub.json
index d9d6dd82c..47cf20289 100644
--- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_vnet_peer_cross_sub.json
+++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deny_vnet_peer_cross_sub.json
@@ -9,7 +9,7 @@
"displayName": "Deny vNet peering cross subscription.",
"description": "This policy denies the creation of vNet Peerings outside of the same subscriptions under the assigned scope.",
"metadata": {
- "version": "1.0.1",
+ "version": "1.1.0",
"category": "Network",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
@@ -31,6 +31,14 @@
"Disabled"
],
"defaultValue": "Deny"
+ },
+ "allowedVnets": {
+ "type": "Array",
+ "metadata": {
+ "displayName": "Allowed vNets to peer with",
+ "description": "Array of allowed vNets that can be peered with. Must be entered using their resource ID. Example: /subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}"
+ },
+ "defaultValue": []
}
},
"policyRule": {
@@ -41,8 +49,16 @@
"equals": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings"
},
{
- "field": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id",
- "notcontains": "[subscription().id]"
+ "allOf": [
+ {
+ "field": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id",
+ "notIn": "[parameters('allowedVnets')]"
+ },
+ {
+ "field": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/remoteVirtualNetwork.id",
+ "notLike": "[concat(subscription().id, '/*')]"
+ }
+ ]
}
]
},
diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_mysql_sslenforcement.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_mysql_sslenforcement.json
index 3dca74215..180fb74d1 100644
--- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_mysql_sslenforcement.json
+++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_mysql_sslenforcement.json
@@ -9,7 +9,7 @@
"displayName": "Azure Database for MySQL server deploy a specific min TLS version and enforce SSL.",
"description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
"metadata": {
- "version": "1.1.0",
+ "version": "1.2.0",
"category": "SQL",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
@@ -61,7 +61,7 @@
},
{
"field": "Microsoft.DBforMySQL/servers/minimalTlsVersion",
- "notequals": "[parameters('minimalTlsVersion')]"
+ "less": "[parameters('minimalTlsVersion')]"
}
]
}
diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_postgresql_sslenforcement.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_postgresql_sslenforcement.json
index 3cf45b5ec..e5a74136f 100644
--- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_postgresql_sslenforcement.json
+++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_postgresql_sslenforcement.json
@@ -9,7 +9,7 @@
"displayName": "Azure Database for PostgreSQL server deploy a specific min TLS version requirement and enforce SSL ",
"description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
"metadata": {
- "version": "1.1.0",
+ "version": "1.2.0",
"category": "SQL",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
@@ -61,7 +61,7 @@
},
{
"field": "Microsoft.DBforPostgreSQL/servers/minimalTlsVersion",
- "notEquals": "[parameters('minimalTlsVersion')]"
+ "less": "[parameters('minimalTlsVersion')]"
}
]
}
diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_private_dns_generic.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_private_dns_generic.json
index caf64db9f..580c205cc 100644
--- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_private_dns_generic.json
+++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_private_dns_generic.json
@@ -9,7 +9,7 @@
"displayName": "Deploy-Private-DNS-Generic",
"description": "Configure private DNS zone group to override the DNS resolution for PaaS services private endpoint. See https://aka.ms/pepdnszones for information on values to provide to parameters in this policy.",
"metadata": {
- "version": "1.0.0",
+ "version": "2.0.0",
"category": "Networking",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
@@ -34,8 +34,8 @@
"privateDnsZoneId": {
"type": "String",
"metadata": {
- "displayName": "Private DNS Zone ID for Paas services",
- "description": "The private DNS zone name required for specific Paas Services to resolve a private DNS Zone.",
+ "displayName": "Private DNS Zone ID for PaaS services",
+ "description": "The private DNS zone name required for specific PaaS Services to resolve a private DNS Zone.",
"strongType": "Microsoft.Network/privateDnsZones",
"assignPermissions": true
}
@@ -61,11 +61,24 @@
"description": "The delay in evaluation of the policy. Review delay options at https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effect-deploy-if-not-exists"
},
"defaultValue": "PT10M"
+ },
+ "location": {
+ "type": "String",
+ "metadata": {
+ "displayName": "Location (Specify the Private Endpoint location)",
+ "description": "Specify the Private Endpoint location",
+ "strongType": "location"
+ },
+ "defaultValue": "northeurope"
}
},
"policyRule": {
"if": {
"allOf": [
+ {
+ "field": "location",
+ "equals": "[parameters('location')]"
+ },
{
"field": "type",
"equals": "Microsoft.Network/privateEndpoints"
diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sql_mintls.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sql_mintls.json
index 48909e0ee..51323d520 100644
--- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sql_mintls.json
+++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sql_mintls.json
@@ -9,7 +9,7 @@
"displayName": "SQL servers deploys a specific min TLS version requirement.",
"description": "Deploys a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
"metadata": {
- "version": "1.1.0",
+ "version": "1.2.0",
"category": "SQL",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
@@ -54,7 +54,7 @@
},
{
"field": "Microsoft.Sql/servers/minimalTlsVersion",
- "notequals": "[parameters('minimalTlsVersion')]"
+ "less": "[parameters('minimalTlsVersion')]"
}
]
},
diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sqlmi_mintls.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sqlmi_mintls.json
index a2e4c61ce..fa69bf9b3 100644
--- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sqlmi_mintls.json
+++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_sqlmi_mintls.json
@@ -9,7 +9,7 @@
"displayName": "SQL managed instances deploy a specific min TLS version requirement.",
"description": "Deploy a specific min TLS version requirement and enforce SSL on SQL managed instances. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server.",
"metadata": {
- "version": "1.2.0",
+ "version": "1.3.0",
"category": "SQL",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
@@ -54,7 +54,7 @@
},
{
"field": "Microsoft.Sql/managedInstances/minimalTlsVersion",
- "notequals": "[parameters('minimalTlsVersion')]"
+ "less": "[parameters('minimalTlsVersion')]"
}
]
},
diff --git a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_storage_sslenforcement.json b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_storage_sslenforcement.json
index 6e0531aa6..5b624d427 100644
--- a/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_storage_sslenforcement.json
+++ b/modules/archetypes/lib/policy_definitions/policy_definition_es_deploy_storage_sslenforcement.json
@@ -9,7 +9,7 @@
"displayName": "Azure Storage deploy a specific min TLS version requirement and enforce SSL/HTTPS ",
"description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Storage. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your Azure Storage.",
"metadata": {
- "version": "1.2.0",
+ "version": "1.3.0",
"category": "Storage",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
@@ -60,7 +60,7 @@
},
{
"field": "Microsoft.Storage/storageAccounts/minimumTlsVersion",
- "notEquals": "[parameters('minimumTlsVersion')]"
+ "less": "[parameters('minimumTlsVersion')]"
}
]
}
diff --git a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config_20240319.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config_20240319.tmpl.json
index d256cf21d..78698ddef 100644
--- a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config_20240319.tmpl.json
+++ b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config_20240319.tmpl.json
@@ -8,7 +8,7 @@
"displayName": "Deploy Microsoft Defender for Cloud configuration",
"description": "Deploy Microsoft Defender for Cloud configuration",
"metadata": {
- "version": "1.0.0",
+ "version": "2.1.0",
"category": "Security Center",
"source": "https://github.com/Azure/Enterprise-Scale/",
"replacesPolicy": "Deploy-MDFC-Config",
@@ -59,6 +59,18 @@
"description": "The location where the resource group and the export to Log Analytics workspace configuration are created."
}
},
+ "createResourceGroup": {
+ "type": "Boolean",
+ "metadata": {
+ "displayName": "Create resource group",
+ "description": "If a resource group does not exists in the scope, a new resource group will be created. If the resource group exists and this flag is set to 'true' the policy will re-deploy the resource group. Please note this will reset any Azure Tag on the resource group."
+ },
+ "defaultValue": true,
+ "allowedValues": [
+ true,
+ false
+ ]
+ },
"enableAscForCosmosDbs": {
"type": "String",
"allowedValues": [
@@ -355,7 +367,7 @@
},
{
"policyDefinitionReferenceId": "defenderForCspm",
- "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/72f8cee7-2937-403d-84a1-a4e3e57f3c21",
"parameters": {
"effect": {
"value": "[parameters('enableAscForCspm')]"
@@ -386,6 +398,9 @@
"resourceGroupLocation": {
"value": "[parameters('ascExportResourceGroupLocation')]"
},
+ "createResourceGroup": {
+ "value": "[parameters('createResourceGroup')]"
+ },
"workspaceResourceId": {
"value": "[parameters('logAnalytics')]"
}
diff --git a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.tmpl.json
index 27be37895..f016bc3f5 100644
--- a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.tmpl.json
+++ b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.tmpl.json
@@ -8,7 +8,7 @@
"displayName": "Configure Azure PaaS services to use private DNS zones",
"description": "This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones",
"metadata": {
- "version": "2.2.0",
+ "version": "2.3.0",
"category": "Network",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
@@ -16,6 +16,184 @@
]
},
"parameters": {
+ "dnsZoneSubscriptionId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "Subscription Id",
+ "description": "The subscription id where the private DNS zones are deployed. If this is specified, it will override any individual private DNS zone resource ids specified."
+ }
+ },
+ "dnsZoneResourceGroupName": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "Resource Group Name",
+ "description": "The resource group where the private DNS zones are deployed. If this is specified, it will override any individual private DNS zone resource ids specified."
+ }
+ },
+ "dnsZoneResourceType": {
+ "type": "string",
+ "defaultValue": "Microsoft.Network/privateDnsZones",
+ "metadata": {
+ "displayName": "Resource Type",
+ "description": "The resource type where the private DNS zones are deployed. If this is specified, it will override any individual private DNS zone resource ids specified."
+ }
+ },
+ "dnsZoneRegion": {
+ "type": "string",
+ "defaultValue": "changeme",
+ "metadata": {
+ "displayName": "Region",
+ "description": "The region where the private DNS zones are deployed. If this is specified, it will override any individual private DNS zone resource ids specified."
+ }
+ },
+ "dnzZoneRegionShortNames": {
+ "type": "object",
+ "defaultValue": {
+ "changeme": "changeme",
+ "australiacentral": "acl",
+ "australiacentral2": "acl2",
+ "australiaeast": "ae",
+ "australiasoutheast": "ase",
+ "brazilsoutheast": "bse",
+ "brazilsouth": "brs",
+ "canadacentral": "cnc",
+ "canadaeast": "cne",
+ "centralindia": "inc",
+ "centralus": "cus",
+ "centraluseuap": "ccy",
+ "chilecentral": "clc",
+ "eastasia": "ea",
+ "eastus": "eus",
+ "eastus2": "eus2",
+ "eastus2euap": "ecy",
+ "francecentral": "frc",
+ "francesouth": "frs",
+ "germanynorth": "gn",
+ "germanywestcentral": "gwc",
+ "israelcentral": "ilc",
+ "italynorth": "itn",
+ "japaneast": "jpe",
+ "japanwest": "jpw",
+ "koreacentral": "krc",
+ "koreasouth": "krs",
+ "malaysiasouth": "mys",
+ "malaysiawest": "myw",
+ "mexicocentral": "mxc",
+ "newzealandnorth": "nzn",
+ "northcentralus": "ncus",
+ "northeurope": "ne",
+ "norwayeast": "nwe",
+ "norwaywest": "nww",
+ "polandcentral": "plc",
+ "qatarcentral": "qac",
+ "southafricanorth": "san",
+ "southafricawest": "saw",
+ "southcentralus": "scus",
+ "southeastasia": "sea",
+ "southindia": "ins",
+ "spaincentral": "spc",
+ "swedencentral": "sdc",
+ "swedensouth": "sds",
+ "switzerlandnorth": "szn",
+ "switzerlandwest": "szw",
+ "taiwannorth": "twn",
+ "uaecentral": "uac",
+ "uaenorth": "uan",
+ "uksouth": "uks",
+ "ukwest": "ukw",
+ "westcentralus": "wcus",
+ "westeurope": "we",
+ "westindia": "inw",
+ "westus": "wus",
+ "westus2": "wus2",
+ "westus3": "wus3"
+ },
+ "metadata": {
+ "displayName": "Region Short Name Mapping",
+ "description": "Mapping of region to private DNS zone resource id. If the region is not specified, the default private DNS zone resource id will be used."
+ }
+ },
+ "dnsZoneNames": {
+ "type": "object",
+ "defaultValue": {
+ "azureAcrPrivateDnsZoneId": "privatelink.azurecr.io",
+ "azureAcrDataPrivateDnsZoneId": "{regionName}.data.privatelink.azurecr.io",
+ "azureAppPrivateDnsZoneId": "privatelink.azconfig.io",
+ "azureAppServicesPrivateDnsZoneId": "privatelink.azurewebsites.net",
+ "azureArcGuestconfigurationPrivateDnsZoneId": "privatelink.guestconfiguration.azure.com",
+ "azureArcHybridResourceProviderPrivateDnsZoneId": "privatelink.his.arc.azure.com",
+ "azureArcKubernetesConfigurationPrivateDnsZoneId": "privatelink.dp.kubernetesconfiguration.azure.com",
+ "azureAsrPrivateDnsZoneId": "privatelink.siterecovery.windowsazure.com",
+ "azureAutomationDSCHybridPrivateDnsZoneId": "privatelink.azure-automation.net",
+ "azureAutomationWebhookPrivateDnsZoneId": "privatelink.azure-automation.net",
+ "azureBatchPrivateDnsZoneId": "privatelink.batch.azure.com",
+ "azureBotServicePrivateDnsZoneId": "privatelink.directline.botframework.com",
+ "azureCognitiveSearchPrivateDnsZoneId": "privatelink.search.windows.net",
+ "azureCognitiveServicesPrivateDnsZoneId": "privatelink.cognitiveservices.azure.com",
+ "azureCosmosCassandraPrivateDnsZoneId": "privatelink.cassandra.cosmos.azure.com",
+ "azureCosmosGremlinPrivateDnsZoneId": "privatelink.gremlin.cosmos.azure.com",
+ "azureCosmosMongoPrivateDnsZoneId": "privatelink.mongo.cosmos.azure.com",
+ "azureCosmosSQLPrivateDnsZoneId": "privatelink.documents.azure.com",
+ "azureCosmosTablePrivateDnsZoneId": "privatelink.table.cosmos.azure.com",
+ "azureDataExplorerPrivateDnsZoneId": "privatelink.{regionName}.kusto.windows.net",
+ "azureDataFactoryPortalPrivateDnsZoneId": "privatelink.adf.azure.com",
+ "azureDataFactoryPrivateDnsZoneId": "privatelink.datafactory.azure.net",
+ "azureDatabricksPrivateDnsZoneId": "privatelink.azuredatabricks.net",
+ "azureDiskAccessPrivateDnsZoneId": "privatelink.blob.core.windows.net",
+ "azureEventGridDomainsPrivateDnsZoneId": "privatelink.eventgrid.azure.net",
+ "azureEventGridTopicsPrivateDnsZoneId": "privatelink.eventgrid.azure.net",
+ "azureEventHubNamespacePrivateDnsZoneId": "privatelink.servicebus.windows.net",
+ "azureFilePrivateDnsZoneId": "privatelink.afs.azure.net",
+ "azureHDInsightPrivateDnsZoneId": "privatelink.azurehdinsight.net",
+ "azureIotCentralPrivateDnsZoneId": "privatelink.azureiotcentral.com",
+ "azureIotDeviceupdatePrivateDnsZoneId": "privatelink.azure-devices.net",
+ "azureIotHubsPrivateDnsZoneId": "privatelink.azure-devices.net",
+ "azureIotPrivateDnsZoneId": "privatelink.azure-devices-provisioning.net",
+ "azureKeyVaultPrivateDnsZoneId": "privatelink.vaultcore.azure.net",
+ "azureKubernetesManagementPrivateDnsZoneId": "privatelink.{regionName}.azmk8s.io",
+ "azureMachineLearningWorkspacePrivateDnsZoneId": "privatelink.api.azureml.ms",
+ "azureMachineLearningWorkspaceSecondPrivateDnsZoneId": "privatelink.notebooks.azure.net",
+ "azureManagedGrafanaWorkspacePrivateDnsZoneId": "privatelink.grafana.azure.com",
+ "azureMediaServicesKeyPrivateDnsZoneId": "privatelink.media.azure.net",
+ "azureMediaServicesLivePrivateDnsZoneId": "privatelink.media.azure.net",
+ "azureMediaServicesStreamPrivateDnsZoneId": "privatelink.media.azure.net",
+ "azureMigratePrivateDnsZoneId": "privatelink.prod.migration.windowsazure.com",
+ "azureMonitorPrivateDnsZoneId1": "privatelink.monitor.azure.com",
+ "azureMonitorPrivateDnsZoneId2": "privatelink.oms.opinsights.azure.com",
+ "azureMonitorPrivateDnsZoneId3": "privatelink.ods.opinsights.azure.com",
+ "azureMonitorPrivateDnsZoneId4": "privatelink.agentsvc.azure-automation.net",
+ "azureMonitorPrivateDnsZoneId5": "privatelink.blob.core.windows.net",
+ "azureRedisCachePrivateDnsZoneId": "privatelink.redis.cache.windows.net",
+ "azureServiceBusNamespacePrivateDnsZoneId": "privatelink.servicebus.windows.net",
+ "azureSignalRPrivateDnsZoneId": "privatelink.service.signalr.net",
+ "azureSiteRecoveryBackupPrivateDnsZoneId": "privatelink.{regionCode}.backup.windowsazure.com",
+ "azureSiteRecoveryBlobPrivateDnsZoneId": "privatelink.blob.core.windows.net",
+ "azureSiteRecoveryQueuePrivateDnsZoneId": "privatelink.queue.core.windows.net",
+ "azureStorageBlobPrivateDnsZoneId": "privatelink.blob.core.windows.net",
+ "azureStorageBlobSecPrivateDnsZoneId": "privatelink.blob.core.windows.net",
+ "azureStorageDFSPrivateDnsZoneId": "privatelink.dfs.core.windows.net",
+ "azureStorageDFSSecPrivateDnsZoneId": "privatelink.dfs.core.windows.net",
+ "azureStorageFilePrivateDnsZoneId": "privatelink.file.core.windows.net",
+ "azureStorageQueuePrivateDnsZoneId": "privatelink.queue.core.windows.net",
+ "azureStorageQueueSecPrivateDnsZoneId": "privatelink.queue.core.windows.net",
+ "azureStorageStaticWebPrivateDnsZoneId": "privatelink.web.core.windows.net",
+ "azureStorageStaticWebSecPrivateDnsZoneId": "privatelink.web.core.windows.net",
+ "azureStorageTablePrivateDnsZoneId": "privatelink.table.core.windows.net",
+ "azureStorageTableSecondaryPrivateDnsZoneId": "privatelink.table.core.windows.net",
+ "azureSynapseDevPrivateDnsZoneId": "privatelink.dev.azuresynapse.net",
+ "azureSynapseSQLPrivateDnsZoneId": "privatelink.sql.azuresynapse.net",
+ "azureSynapseSQLODPrivateDnsZoneId": "privatelink.sql.azuresynapse.net",
+ "azureVirtualDesktopHostpoolPrivateDnsZoneId": "privatelink.wvd.microsoft.com",
+ "azureVirtualDesktopWorkspacePrivateDnsZoneId": "privatelink.wvd.microsoft.com",
+ "azureWebPrivateDnsZoneId": "privatelink.webpubsub.azure.com"
+ },
+ "metadata": {
+ "displayName": "DNS Zone Names",
+ "description": "The list of private DNS zone names to be used for the Azure PaaS services."
+ }
+ },
"azureFilePrivateDnsZoneId": {
"type": "string",
"defaultValue": "",
@@ -592,29 +770,29 @@
"description": "Private DNS Zone Identifier"
}
},
- "azureSiteRecoveryBackupPrivateDnsZoneID": {
+ "azureSiteRecoveryBackupPrivateDnsZoneId": {
"type": "string",
"defaultValue": "",
"metadata": {
- "displayName": "azureSiteRecoveryBackupPrivateDnsZoneID",
+ "displayName": "azureSiteRecoveryBackupPrivateDnsZoneId",
"strongType": "Microsoft.Network/privateDnsZones",
"description": "Private DNS Zone Identifier"
}
},
- "azureSiteRecoveryBlobPrivateDnsZoneID": {
+ "azureSiteRecoveryBlobPrivateDnsZoneId": {
"type": "string",
"defaultValue": "",
"metadata": {
- "displayName": "azureSiteRecoveryBlobPrivateDnsZoneID",
+ "displayName": "azureSiteRecoveryBlobPrivateDnsZoneId",
"strongType": "Microsoft.Network/privateDnsZones",
"description": "Private DNS Zone Identifier"
}
},
- "azureSiteRecoveryQueuePrivateDnsZoneID": {
+ "azureSiteRecoveryQueuePrivateDnsZoneId": {
"type": "string",
"defaultValue": "",
"metadata": {
- "displayName": "azureSiteRecoveryQueuePrivateDnsZoneID",
+ "displayName": "azureSiteRecoveryQueuePrivateDnsZoneId",
"strongType": "Microsoft.Network/privateDnsZones",
"description": "Private DNS Zone Identifier"
}
@@ -650,7 +828,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureFilePrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureFilePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureFilePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -663,7 +841,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureAutomationWebhookPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAutomationWebhookPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAutomationWebhookPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"privateEndpointGroupId": {
"value": "Webhook"
@@ -679,7 +857,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAutomationDSCHybridPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAutomationDSCHybridPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"privateEndpointGroupId": {
"value": "DSCAndHybridWorker"
@@ -695,7 +873,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureCosmosSQLPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCosmosSQLPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCosmosSQLPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"privateEndpointGroupId": {
"value": "SQL"
@@ -711,7 +889,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureCosmosMongoPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCosmosMongoPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCosmosMongoPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"privateEndpointGroupId": {
"value": "MongoDB"
@@ -727,7 +905,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureCosmosCassandraPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCosmosCassandraPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCosmosCassandraPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"privateEndpointGroupId": {
"value": "Cassandra"
@@ -743,7 +921,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureCosmosGremlinPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCosmosGremlinPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCosmosGremlinPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"privateEndpointGroupId": {
"value": "Gremlin"
@@ -759,7 +937,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureCosmosTablePrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCosmosTablePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCosmosTablePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"privateEndpointGroupId": {
"value": "Table"
@@ -775,7 +953,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureDataFactoryPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureDataFactoryPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureDataFactoryPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"listOfGroupIds": {
"value": [
@@ -793,7 +971,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureDataFactoryPortalPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureDataFactoryPortalPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureDataFactoryPortalPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"listOfGroupIds": {
"value": [
@@ -811,7 +989,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureDatabricksPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureDatabricksPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureDatabricksPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"groupId": {
"value": "databricks_ui_api"
@@ -827,7 +1005,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0eddd7f3-3d9b-4927-a07a-806e8ac9486c",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureDatabricksPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureDatabricksPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureDatabricksPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"groupId": {
"value": "browser_authentication"
@@ -843,7 +1021,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureHDInsightPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureHDInsightPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureHDInsightPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"groupId": {
"value": "cluster"
@@ -859,7 +1037,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7590a335-57cf-4c95-babd-ecbc8fafeb1f",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureMigratePrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMigratePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMigratePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -872,7 +1050,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureStorageBlobPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageBlobPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageBlobPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -885,7 +1063,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureStorageBlobSecPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageBlobSecPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageBlobSecPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -898,7 +1076,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureStorageQueuePrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageQueuePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageQueuePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -911,7 +1089,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureStorageQueueSecPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageQueueSecPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageQueueSecPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -924,7 +1102,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureStorageFilePrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageFilePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageFilePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -937,7 +1115,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureStorageStaticWebPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageStaticWebPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageStaticWebPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -950,7 +1128,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageStaticWebSecPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageStaticWebSecPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -963,7 +1141,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureStorageDFSPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageDFSPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageDFSPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -976,7 +1154,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureStorageDFSSecPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageDFSSecPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageDFSSecPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -989,7 +1167,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureSynapseSQLPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSynapseSQLPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSynapseSQLPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"targetSubResource": {
"value": "Sql"
@@ -1005,7 +1183,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureSynapseSQLODPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSynapseSQLODPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSynapseSQLODPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"targetSubResource": {
"value": "SqlOnDemand"
@@ -1021,7 +1199,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureSynapseDevPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSynapseDevPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSynapseDevPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"targetSubResource": {
"value": "Dev"
@@ -1037,7 +1215,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureMediaServicesKeyPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMediaServicesKeyPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMediaServicesKeyPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"groupId": {
"value": "keydelivery"
@@ -1053,7 +1231,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureMediaServicesLivePrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMediaServicesLivePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMediaServicesLivePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"groupId": {
"value": "liveevent"
@@ -1069,7 +1247,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4a7f6c1-585e-4177-ad5b-c2c93f4bb991",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureMediaServicesStreamPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMediaServicesStreamPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMediaServicesStreamPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"groupId": {
"value": "streamingendpoint"
@@ -1085,19 +1263,19 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365",
"parameters": {
"privateDnsZoneId1": {
- "value": "[parameters('azureMonitorPrivateDnsZoneId1')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMonitorPrivateDnsZoneId1'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMonitorPrivateDnsZoneId1, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"privateDnsZoneId2": {
- "value": "[parameters('azureMonitorPrivateDnsZoneId2')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMonitorPrivateDnsZoneId2'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMonitorPrivateDnsZoneId2, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"privateDnsZoneId3": {
- "value": "[parameters('azureMonitorPrivateDnsZoneId3')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMonitorPrivateDnsZoneId3'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMonitorPrivateDnsZoneId3, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"privateDnsZoneId4": {
- "value": "[parameters('azureMonitorPrivateDnsZoneId4')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMonitorPrivateDnsZoneId4'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMonitorPrivateDnsZoneId4, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"privateDnsZoneId5": {
- "value": "[parameters('azureMonitorPrivateDnsZoneId5')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMonitorPrivateDnsZoneId5'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMonitorPrivateDnsZoneId5, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1110,7 +1288,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureWebPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureWebPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureWebPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1123,7 +1301,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureBatchPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureBatchPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureBatchPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1136,7 +1314,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureAppPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAppPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAppPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1149,7 +1327,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureAsrPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAsrPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAsrPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1162,7 +1340,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureIotPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureIotPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureIotPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1175,7 +1353,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureKeyVaultPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureKeyVaultPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureKeyVaultPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1188,7 +1366,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureSignalRPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSignalRPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSignalRPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1201,7 +1379,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureAppServicesPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAppServicesPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAppServicesPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1214,7 +1392,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureEventGridTopicsPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureEventGridTopicsPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureEventGridTopicsPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect1')]"
@@ -1227,7 +1405,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureDiskAccessPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureDiskAccessPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureDiskAccessPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1240,7 +1418,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureCognitiveServicesPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCognitiveServicesPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCognitiveServicesPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1253,7 +1431,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureIotHubsPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureIotHubsPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureIotHubsPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect1')]"
@@ -1266,7 +1444,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureEventGridDomainsPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureEventGridDomainsPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureEventGridDomainsPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect1')]"
@@ -1279,7 +1457,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureRedisCachePrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureRedisCachePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureRedisCachePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1292,7 +1470,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureAcrPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureAcrPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureAcrPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1305,7 +1483,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureEventHubNamespacePrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureEventHubNamespacePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureEventHubNamespacePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1318,10 +1496,10 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMachineLearningWorkspacePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMachineLearningWorkspacePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"secondPrivateDnsZoneId": {
- "value": "[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureMachineLearningWorkspaceSecondPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1334,7 +1512,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureServiceBusNamespacePrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureServiceBusNamespacePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureServiceBusNamespacePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1347,7 +1525,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureCognitiveSearchPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureCognitiveSearchPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureCognitiveSearchPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1360,7 +1538,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6a4e6f44-f2af-4082-9702-033c9e88b9f8",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureBotServicePrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureBotServicePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureBotServicePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1373,7 +1551,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4c8537f8-cd1b-49ec-b704-18e82a42fd58",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureManagedGrafanaWorkspacePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureManagedGrafanaWorkspacePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1386,7 +1564,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureVirtualDesktopHostpoolPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"privateEndpointGroupId": {
"value": "connection"
@@ -1402,7 +1580,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureVirtualDesktopWorkspacePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"privateEndpointGroupId": {
"value": "feed"
@@ -1418,7 +1596,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a222b93a-e6c2-4c01-817f-21e092455b2a",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureIotDeviceupdatePrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureIotDeviceupdatePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureIotDeviceupdatePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1431,13 +1609,13 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/55c4db33-97b0-437b-8469-c4f4498f5df9",
"parameters": {
"privateDnsZoneIDForGuestConfiguration": {
- "value": "[parameters('azureArcGuestconfigurationPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureArcGuestconfigurationPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureArcGuestconfigurationPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"privateDnsZoneIDForHybridResourceProvider": {
- "value": "[parameters('azureArcHybridResourceProviderPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureArcHybridResourceProviderPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureArcHybridResourceProviderPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"privateDnsZoneIDForKubernetesConfiguration": {
- "value": "[parameters('azureArcKubernetesConfigurationPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureArcKubernetesConfigurationPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureArcKubernetesConfigurationPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1450,7 +1628,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d627d7c6-ded5-481a-8f2e-7e16b1e6faf6",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureIotCentralPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureIotCentralPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureIotCentralPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1463,7 +1641,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureStorageTablePrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageTablePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageTablePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1476,7 +1654,7 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f",
"parameters": {
"privateDnsZoneId": {
- "value": "[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureStorageTableSecondaryPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureStorageTableSecondaryPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
@@ -1489,13 +1667,13 @@
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820",
"parameters": {
"privateDnsZone-Backup": {
- "value": "[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSiteRecoveryBackupPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSiteRecoveryBackupPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"privateDnsZone-Blob": {
- "value": "[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSiteRecoveryBlobPrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSiteRecoveryBlobPrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"privateDnsZone-Queue": {
- "value": "[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]"
+ "value": "[if(equals(parameters('dnsZoneSubscriptionId'), ''), parameters('azureSiteRecoveryQueuePrivateDnsZoneId'), format('/subscriptions/{0}/resourceGroups/{1}/providers/{2}/{3}', parameters('dnsZoneSubscriptionId'), toLower(parameters('dnsZoneResourceGroupName')), parameters('dnsZoneResourceType'), replace(replace(parameters('dnsZoneNames').azureSiteRecoveryQueuePrivateDnsZoneId, '{regionName}', parameters('dnsZoneRegion')), '{regionCode}', parameters('dnzZoneRegionShortNames')[parameters('dnsZoneRegion')])))]"
},
"effect": {
"value": "[parameters('effect')]"
diff --git a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.tmpl.json
index a51b7de08..7b07b46bd 100644
--- a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.tmpl.json
+++ b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.tmpl.json
@@ -8,7 +8,7 @@
"displayName": "Deny or Audit resources without Encryption with a customer-managed key (CMK)",
"description": "Deny or Audit resources without Encryption with a customer-managed key (CMK)",
"metadata": {
- "version": "3.0.0",
+ "version": "3.1.0",
"category": "Encryption",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
@@ -329,6 +329,18 @@
"Deny",
"Disabled"
]
+ },
+ "botServiceCmk": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "audit",
+ "Deny",
+ "deny",
+ "Disabled",
+ "disabled"
+ ]
}
},
"policyDefinitions": [
@@ -621,6 +633,16 @@
}
},
"groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Deny-BotService-Cmk",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/51522a96-0869-4791-82f3-981000c2c67f",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('botServiceCmk')]"
+ }
+ },
+ "groupNames": []
}
],
"policyDefinitionGroups": null
diff --git a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_botservice.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_botservice.tmpl.json
new file mode 100644
index 000000000..e27021b39
--- /dev/null
+++ b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_botservice.tmpl.json
@@ -0,0 +1,107 @@
+{
+ "name": "Enforce-Guardrails-BotService",
+ "type": "Microsoft.Authorization/policySetDefinitions",
+ "apiVersion": "2021-06-01",
+ "scope": null,
+ "properties": {
+ "policyType": "Custom",
+ "displayName": "Enforce recommended guardrails for Bot Service",
+ "description": "This policy initiative is a group of policies that ensures Bot Service is compliant per regulated Landing Zones.",
+ "metadata": {
+ "version": "1.0.0",
+ "category": "Bot Service",
+ "source": "https://github.com/Azure/Enterprise-Scale/",
+ "alzCloudEnvironments": [
+ "AzureCloud",
+ "AzureChinaCloud",
+ "AzureUSGovernment"
+ ]
+ },
+ "parameters": {
+ "botServiceValidUri": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "audit",
+ "Deny",
+ "deny",
+ "Disabled",
+ "disabled"
+ ]
+ },
+ "botServiceIsolatedMode": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "audit",
+ "Deny",
+ "deny",
+ "Disabled",
+ "disabled"
+ ]
+ },
+ "botServiceLocalAuth": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "botServicePrivateLink": {
+ "type": "string",
+ "defaultValue": "Audit",
+ "allowedValues": [
+ "Audit",
+ "Disabled"
+ ]
+ }
+ },
+ "policyDefinitions": [
+ {
+ "policyDefinitionReferenceId": "Deny-BotService-Valid-Uri",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6164527b-e1ee-4882-8673-572f425f5e0a",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('botServiceValidUri')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Deny-BotService-Isolated-Mode",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/52152f42-0dda-40d9-976e-abb1acdd611e",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('botServiceIsolatedMode')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Deny-BotService-Local-Auth",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ffea632e-4e3a-4424-bf78-10e179bb2e1a",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('botServiceLocalAuth')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Audit-BotService-Private-Link",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ad5621d6-a877-4407-aa93-a950b428315e",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('botServicePrivateLink')]"
+ }
+ },
+ "groupNames": []
+ }
+ ],
+ "policyDefinitionGroups": null
+ }
+}
\ No newline at end of file
diff --git a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_cognitiveservices.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_cognitiveservices.tmpl.json
index a10aab0ab..a846b06a0 100644
--- a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_cognitiveservices.tmpl.json
+++ b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_cognitiveservices.tmpl.json
@@ -8,7 +8,7 @@
"displayName": "Enforce recommended guardrails for Cognitive Services",
"description": "This policy initiative is a group of policies that ensures Cognitive Services is compliant per regulated Landing Zones.",
"metadata": {
- "version": "1.0.0",
+ "version": "1.1.0",
"category": "Cognitive Services",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
@@ -44,6 +44,14 @@
"Disabled"
]
},
+ "cognitiveServicesLocalAuth": {
+ "type": "string",
+ "defaultValue": "Modify",
+ "allowedValues": [
+ "Modify",
+ "Disabled"
+ ]
+ },
"modifyCognitiveSearchPublicEndpoint": {
"type": "string",
"defaultValue": "Modify",
@@ -59,6 +67,32 @@
"Modify",
"Disabled"
]
+ },
+ "cognitiveServicesManagedIdentity": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "cognitiveServicesCustomerStorage": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "cognitiveServicesResourceLogs": {
+ "type": "string",
+ "defaultValue": "AuditIfNotExists",
+ "allowedValues": [
+ "AuditIfNotExists",
+ "Disabled"
+ ]
}
},
"policyDefinitions": [
@@ -111,6 +145,46 @@
}
},
"groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Deny-Cognitive-Services-Managed-Identity",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fe3fd216-4f83-4fc1-8984-2bbec80a3418",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('cognitiveServicesManagedIdentity')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Deny-Cognitive-Services-Customer-Storage",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/46aa9b05-0e60-4eae-a88b-1e9d374fa515",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('cognitiveServicesCustomerStorage')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Modify-Cognitive-Services-Local-Auth",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/14de9e63-1b31-492e-a5a3-c3f7fd57f555",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('cognitiveServicesLocalAuth')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Aine-Cognitive-Services-Resource-Logs",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('cognitiveServicesResourceLogs')]"
+ }
+ },
+ "groupNames": []
}
],
"policyDefinitionGroups": null
diff --git a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_machinelearning.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_machinelearning.tmpl.json
index a4a15c22a..1c683c4a2 100644
--- a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_machinelearning.tmpl.json
+++ b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_machinelearning.tmpl.json
@@ -8,7 +8,7 @@
"displayName": "Enforce recommended guardrails for Machine Learning",
"description": "This policy initiative is a group of policies that ensures Machine Learning is compliant per regulated Landing Zones.",
"metadata": {
- "version": "1.0.0",
+ "version": "1.1.0",
"category": "Machine Learning",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
@@ -59,6 +59,80 @@
"Modify",
"Disabled"
]
+ },
+ "mlIdleShutdown": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "mlVirtualNetwork": {
+ "type": "string",
+ "defaultValue": "Audit",
+ "allowedValues": [
+ "Audit",
+ "Disabled"
+ ]
+ },
+ "mlLegacyMode": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "mlPrivateLink": {
+ "type": "string",
+ "defaultValue": "Audit",
+ "allowedValues": [
+ "Audit",
+ "Disabled"
+ ]
+ },
+ "mlResourceLogs": {
+ "type": "string",
+ "defaultValue": "AuditIfNotExists",
+ "allowedValues": [
+ "AuditIfNotExists",
+ "Disabled"
+ ]
+ },
+ "mlAllowedRegistryDeploy": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "mlAllowedModule": {
+ "type": "string",
+ "defaultValue": "enforceSetting",
+ "allowedValues": [
+ "enforceSetting",
+ "disabled"
+ ]
+ },
+ "mlAllowedPython": {
+ "type": "string",
+ "defaultValue": "enforceSetting",
+ "allowedValues": [
+ "enforceSetting",
+ "disabled"
+ ]
+ },
+ "mlAllowedRegistries": {
+ "type": "string",
+ "defaultValue": "enforceSetting",
+ "allowedValues": [
+ "enforceSetting",
+ "disabled"
+ ]
}
},
"policyDefinitions": [
@@ -111,6 +185,96 @@
}
},
"groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Deny-ML-Idle-Shutdown",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/679ddf89-ab8f-48a5-9029-e76054077449",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('mlIdleShutdown')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Audit-ML-Virtual-Network",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7804b5c7-01dc-4723-969b-ae300cc07ff1",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('mlVirtualNetwork')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Deny-ML-Legacy-Mode",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e413671a-dd10-4cc1-a943-45b598596cb7",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('mlLegacyMode')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Audit-ML-Private-Link",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/45e05259-1eb5-4f70-9574-baf73e9d219b",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('mlPrivateLink')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Aine-ML-Resource-Logs",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/afe0c3be-ba3b-4544-ba52-0c99672a8ad6",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('mlResourceLogs')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Deny-ML-Allowed-Registry-Deploy",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/19539b54-c61e-4196-9a38-67598701be90",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('mlAllowedRegistryDeploy')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Deny-ML-Allowed-Module",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/53c70b02-63dd-11ea-bc55-0242ac130003",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('mlAllowedModule')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Deny-ML-Allowed-Python",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/77eeea86-7e81-4a7d-9067-de844d096752",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('mlAllowedPython')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Deny-ML-Allowed-Registries",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5853517a-63de-11ea-bc55-0242ac130003",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('mlAllowedRegistries')]"
+ }
+ },
+ "groupNames": []
}
],
"policyDefinitionGroups": null
diff --git a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_openai.tmpl.json b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_openai.tmpl.json
index f58a16c10..2b6dbbbc5 100644
--- a/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_openai.tmpl.json
+++ b/modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_enforce_guardrails_openai.tmpl.json
@@ -8,7 +8,7 @@
"displayName": "Enforce recommended guardrails for Open AI (Cognitive Service)",
"description": "This policy initiative is a group of policies that ensures Open AI (Cognitive Service) is compliant per regulated Landing Zones.",
"metadata": {
- "version": "1.0.0",
+ "version": "1.1.0",
"category": "Cognitive Services",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
@@ -70,6 +70,47 @@
"Deny",
"Disabled"
]
+ },
+ "azureAiNetworkAccess": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "azureAiPrivateLink": {
+ "type": "string",
+ "defaultValue": "Audit",
+ "allowedValues": [
+ "Audit",
+ "Disabled"
+ ]
+ },
+ "azureAiDisableLocalKey": {
+ "type": "string",
+ "defaultValue": "DeployIfNotExists",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ]
+ },
+ "azureAiDisableLocalKey2": {
+ "type": "string",
+ "defaultValue": "DeployIfNotExists",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ]
+ },
+ "azureAiDiagSettings": {
+ "type": "string",
+ "defaultValue": "AuditIfNotExists",
+ "allowedValues": [
+ "AuditIfNotExists",
+ "Disabled"
+ ]
}
},
"policyDefinitions": [
@@ -132,6 +173,56 @@
}
},
"groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Deny-AzureAI-Network-Access",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('azureAiNetworkAccess')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Audit-AzureAI-Private-Link",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d6759c02-b87f-42b7-892e-71b3f471d782",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('azureAiPrivateLink')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Dine-AzureAI-Local-Key",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d45520cb-31ca-44ba-8da2-fcf914608544",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('azureAiDisableLocalKey')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Dine-AzureAI-Local-Key2",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/55eff01b-f2bd-4c32-9203-db285f709d30",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('azureAiDisableLocalKey2')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Aine-AzureAI-Diag-Settings",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1b4d1c4e-934c-4703-944c-27c82c06bebb",
+ "parameters": {
+ "effect": {
+ "value": "[parameters('azureAiDiagSettings')]"
+ }
+ },
+ "groupNames": []
}
],
"policyDefinitionGroups": null
diff --git a/modules/connectivity/locals.geo_codes.tf.json b/modules/connectivity/locals.geo_codes.tf.json
index d3a720183..e86d829d6 100644
--- a/modules/connectivity/locals.geo_codes.tf.json
+++ b/modules/connectivity/locals.geo_codes.tf.json
@@ -11,6 +11,8 @@
"Australia Southeast": "ase",
"brazilsouth": "brs",
"Brazil South": "brs",
+ "brazilus": "bru",
+ "Brazil US": "bru",
"brazilsoutheast": "bse",
"Brazil Southeast": "bse",
"centraluseuap": "ccy",
@@ -25,6 +27,8 @@
"East Asia": "ea",
"eastus2euap": "ecy",
"East US 2 EUAP": "ecy",
+ "spaincentral": "esc",
+ "Spain Central": "esc",
"eastus": "eus",
"East US": "eus",
"eastus2": "eus2",
@@ -43,6 +47,8 @@
"South India": "ins",
"westindia": "inw",
"West India": "inw",
+ "israelcentral": "ilc",
+ "Israel Central": "ilc",
"italynorth": "itn",
"Italy North": "itn",
"japaneast": "jpe",
@@ -57,6 +63,8 @@
"Korea Central": "krc",
"koreasouth": "krs",
"Korea South": "krs",
+ "mexicocentral": "mxc",
+ "Mexico Central": "mxc",
"northcentralus": "ncus",
"North Central US": "ncus",
"northeurope": "ne",
@@ -65,6 +73,10 @@
"Norway East": "nwe",
"norwaywest": "nww",
"Norway West": "nww",
+ "newzealandnorth": "nzn",
+ "New Zealand North": "nzn",
+ "polandcentral": "plc",
+ "Poland Central": "plc",
"qatarcentral": "qac",
"Qatar Central": "qac",
"southafricanorth": "san",
diff --git a/modules/connectivity/locals.tf b/modules/connectivity/locals.tf
index f12cbee4b..4b0ec888a 100644
--- a/modules/connectivity/locals.tf
+++ b/modules/connectivity/locals.tf
@@ -1934,8 +1934,8 @@ locals {
azureWebPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.webpubsub.azure.com"
azureVirtualDesktopHostpoolPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.wvd.microsoft.com"
azureVirtualDesktopWorkspacePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.wvd.microsoft.com"
- azureSiteRecoveryBlobPrivateDnsZoneID = "${local.private_dns_zone_prefix}privatelink.blob.core.windows.net"
- azureSiteRecoveryQueuePrivateDnsZoneID = "${local.private_dns_zone_prefix}privatelink.queue.core.windows.net"
+ azureSiteRecoveryBlobPrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.blob.core.windows.net"
+ azureSiteRecoveryQueuePrivateDnsZoneId = "${local.private_dns_zone_prefix}privatelink.queue.core.windows.net"
}
}
enforcement_mode = {
diff --git a/modules/management/README.md b/modules/management/README.md
index 33f1c2f0f..1b3f0a0e3 100644
--- a/modules/management/README.md
+++ b/modules/management/README.md
@@ -130,6 +130,7 @@ object({
log_analytics = optional(object({
enabled = optional(bool, true)
config = optional(object({
+ daily_quota_gb = optional(number, -1)
retention_in_days = optional(number, 30)
enable_monitoring_for_vm = optional(bool, true)
enable_monitoring_for_vmss = optional(bool, true)
diff --git a/modules/management/locals.tf b/modules/management/locals.tf
index d4028e5d7..8416c9788 100644
--- a/modules/management/locals.tf
+++ b/modules/management/locals.tf
@@ -107,7 +107,7 @@ locals {
allow_resource_only_permissions = lookup(local.custom_settings_la_workspace, "allow_resource_only_permissions", true) # Available only in v3.36.0 onwards
sku = lookup(local.custom_settings_la_workspace, "sku", "PerGB2018")
retention_in_days = lookup(local.custom_settings_la_workspace, "retention_in_days", local.settings.log_analytics.config.retention_in_days)
- daily_quota_gb = lookup(local.custom_settings_la_workspace, "daily_quota_gb", null)
+ daily_quota_gb = lookup(local.custom_settings_la_workspace, "daily_quota_gb", local.settings.log_analytics.config.daily_quota_gb)
cmk_for_query_forced = lookup(local.custom_settings_la_workspace, "cmk_for_query_forced", null)
internet_ingestion_enabled = lookup(local.custom_settings_la_workspace, "internet_ingestion_enabled", true)
internet_query_enabled = lookup(local.custom_settings_la_workspace, "internet_query_enabled", true)
@@ -616,7 +616,7 @@ locals {
Deploy-AzActivity-Log = {
logAnalytics = local.log_analytics_workspace_resource_id
}
- Deploy-Diag-Logs = {
+ Deploy-Diag-LogsCat = {
logAnalytics = local.log_analytics_workspace_resource_id
}
}
diff --git a/modules/management/variables.tf b/modules/management/variables.tf
index 2f982b168..c216a8efa 100644
--- a/modules/management/variables.tf
+++ b/modules/management/variables.tf
@@ -53,6 +53,7 @@ variable "settings" {
log_analytics = optional(object({
enabled = optional(bool, true)
config = optional(object({
+ daily_quota_gb = optional(number, -1)
retention_in_days = optional(number, 30)
enable_monitoring_for_vm = optional(bool, true)
enable_monitoring_for_vmss = optional(bool, true)
diff --git a/outputs.tf b/outputs.tf
index 3583a5deb..7d8052941 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -271,3 +271,13 @@ output "azurerm_virtual_hub_connection" {
}
description = "Returns the configuration data for all Virtual Hub Connections created by this module."
}
+
+output "data_collection_rules" {
+ value = azapi_resource.data_collection_rule
+ description = "A map of the data collection rules created by this module."
+}
+
+output "ama_user_assigned_identity" {
+ value = azurerm_user_assigned_identity.management
+ description = "The user assigned identity for Azure Monitor Agent that is created by this module."
+}
diff --git a/resources.management_groups.tf b/resources.management_groups.tf
index 1cda6e248..c8cd8a791 100644
--- a/resources.management_groups.tf
+++ b/resources.management_groups.tf
@@ -83,6 +83,7 @@ resource "azapi_resource" "diag_settings" {
type = "Microsoft.Insights/diagnosticSettings@2021-05-01-preview"
name = "toLA"
parent_id = each.key
+ location = "global"
schema_validation_enabled = false
body = {
properties = {
@@ -97,6 +98,7 @@ resource "azapi_resource" "diag_settings" {
enabled = true
}
]
+
workspaceId = local.template_file_variables.log_analytics_workspace_resource_id
}
}
@@ -109,6 +111,11 @@ resource "azapi_resource" "diag_settings" {
azurerm_management_group.level_5,
azurerm_management_group.level_6,
]
+ lifecycle {
+ ignore_changes = [
+ location,
+ ]
+ }
}
# This is used when strict_subscription_association is set to true
diff --git a/resources.role_assignments.tf b/resources.role_assignments.tf
index 6fa63e82b..395deeb65 100644
--- a/resources.role_assignments.tf
+++ b/resources.role_assignments.tf
@@ -116,6 +116,21 @@ resource "azurerm_role_assignment" "private_dns_zone_contributor_connectivity" {
]
}
+resource "azurerm_role_assignment" "deploy_azsqldb_auditing_connectivity" {
+ for_each = local.connectivity_mg_exists ? { for k, v in azurerm_management_group_policy_assignment.enterprise_scale : k => v if endswith(k, "Deploy-AzSqlDb-Auditing") } : {}
+ role_definition_name = "Log Analytics Contributor"
+ scope = "/providers/Microsoft.Management/managementGroups/${var.root_id}-connectivity"
+ principal_id = each.value.identity[0].principal_id
+
+ depends_on = [
+ time_sleep.after_azurerm_management_group,
+ time_sleep.after_azurerm_policy_definition,
+ time_sleep.after_azurerm_policy_set_definition,
+ time_sleep.after_azurerm_policy_assignment,
+ azurerm_role_assignment.policy_assignment,
+ ]
+}
+
resource "azurerm_role_assignment" "ama_reader" {
for_each = local.platform_mg_exists ? { for k, v in azurerm_management_group_policy_assignment.enterprise_scale : k => v if endswith(k, "Deploy-VM-Monitoring") } : {}
role_definition_name = "Reader"
diff --git a/resources.virtual_wan.tf b/resources.virtual_wan.tf
index 135c00364..2e1bed6c5 100644
--- a/resources.virtual_wan.tf
+++ b/resources.virtual_wan.tf
@@ -357,6 +357,7 @@ resource "azurerm_virtual_hub_connection" "virtual_wan" {
# Set explicit dependencies
depends_on = [
+ azurerm_express_route_gateway.virtual_wan,
azurerm_resource_group.connectivity,
azurerm_resource_group.virtual_wan,
azurerm_virtual_wan.virtual_wan,
@@ -382,6 +383,7 @@ resource "azurerm_virtual_hub_routing_intent" "virtual_wan" {
# Set explicit dependencies
depends_on = [
+ azurerm_express_route_gateway.virtual_wan,
azurerm_firewall.virtual_wan,
azurerm_resource_group.connectivity,
azurerm_resource_group.virtual_wan,
diff --git a/terraform.tf b/terraform.tf
index fb0dcd92d..87ac13d60 100644
--- a/terraform.tf
+++ b/terraform.tf
@@ -3,7 +3,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.107"
+ version = "~> 3.108"
configuration_aliases = [
azurerm.connectivity,
azurerm.management,
diff --git a/tests/README.md b/tests/README.md
index db98f634a..061206e4e 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -151,7 +151,7 @@ The current strategy consists of running tests against the following version com
- Terraform versions:
- Minimum version supported by the module (`1.7.0`)
- Azure provider for Terraform versions:
- - Minimum version supported by the module (`v3.107.0`)
+ - Minimum version supported by the module (`v3.108.0`)
- Latest version
The latest versions are determined programmatically by querying the publisher APIs.
diff --git a/tests/modules/test_001_baseline/terraform.tf b/tests/modules/test_001_baseline/terraform.tf
index dd5cd3f33..2bf501b25 100644
--- a/tests/modules/test_001_baseline/terraform.tf
+++ b/tests/modules/test_001_baseline/terraform.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "3.107.0"
+ version = "3.108.0"
configuration_aliases = [
azurerm.connectivity,
azurerm.management,
diff --git a/tests/modules/test_002_add_custom_core/main.tf b/tests/modules/test_002_add_custom_core/main.tf
index caa724faf..50014cd10 100644
--- a/tests/modules/test_002_add_custom_core/main.tf
+++ b/tests/modules/test_002_add_custom_core/main.tf
@@ -34,6 +34,7 @@ module "test_core" {
custom_landing_zones = module.settings.core.custom_landing_zones
archetype_config_overrides = module.settings.core.archetype_config_overrides
subscription_id_overrides = module.settings.core.subscription_id_overrides
+ deploy_diagnostics_for_mg = true
# Configuration settings for management resources
deploy_management_resources = true
diff --git a/tests/modules/test_002_add_custom_core/terraform.tf b/tests/modules/test_002_add_custom_core/terraform.tf
index dd5cd3f33..2bf501b25 100644
--- a/tests/modules/test_002_add_custom_core/terraform.tf
+++ b/tests/modules/test_002_add_custom_core/terraform.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "3.107.0"
+ version = "3.108.0"
configuration_aliases = [
azurerm.connectivity,
azurerm.management,
diff --git a/tests/modules/test_003_add_mgmt_conn/terraform.tf b/tests/modules/test_003_add_mgmt_conn/terraform.tf
index dd5cd3f33..2bf501b25 100644
--- a/tests/modules/test_003_add_mgmt_conn/terraform.tf
+++ b/tests/modules/test_003_add_mgmt_conn/terraform.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "3.107.0"
+ version = "3.108.0"
configuration_aliases = [
azurerm.connectivity,
azurerm.management,
diff --git a/tests/scripts/azp-strategy.ps1 b/tests/scripts/azp-strategy.ps1
index f78a93c82..59798ed04 100755
--- a/tests/scripts/azp-strategy.ps1
+++ b/tests/scripts/azp-strategy.ps1
@@ -50,11 +50,11 @@ $terraformVersionsCount = $terraformVersions.Count
#######################################
# Terraform AzureRM Provider Versions
-# - Base Version: (3.107.0)
+# - Base Version: (3.108.0)
# - Latest Versions: (latest 1)
#######################################
-$azurermProviderVersionBase = "3.107.0"
+$azurermProviderVersionBase = "3.108.0"
$azurermProviderVersionLatest = "3.116.0"
#######################################
diff --git a/tests/terratest/go.mod b/tests/terratest/go.mod
index b7e915a4d..c399e97ae 100644
--- a/tests/terratest/go.mod
+++ b/tests/terratest/go.mod
@@ -1,8 +1,6 @@
module terratest
-go 1.22.0
-
-toolchain go1.22.3
+go 1.22.3
require (
github.com/Azure/terratest-terraform-fluent v0.8.1
@@ -13,7 +11,6 @@ require (
cloud.google.com/go v0.114.0 // indirect
cloud.google.com/go/auth v0.5.1 // indirect
cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
- cloud.google.com/go/compute v1.27.0 // indirect
cloud.google.com/go/compute/metadata v0.3.0 // indirect
cloud.google.com/go/iam v1.1.8 // indirect
cloud.google.com/go/storage v1.41.0 // indirect
@@ -38,7 +35,6 @@ require (
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
- github.com/google/go-cmp v0.6.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/s2a-go v0.1.7 // indirect
github.com/google/uuid v1.6.0 // indirect
@@ -49,7 +45,7 @@ require (
github.com/gruntwork-io/terratest v0.46.15 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
- github.com/hashicorp/go-getter v1.7.4 // indirect
+ github.com/hashicorp/go-getter v1.7.5 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/go-safetemp v1.0.0 // indirect
github.com/hashicorp/go-version v1.7.0 // indirect
@@ -100,13 +96,11 @@ require (
golang.org/x/text v0.16.0 // indirect
golang.org/x/time v0.5.0 // indirect
golang.org/x/tools v0.22.0 // indirect
- golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
google.golang.org/api v0.183.0 // indirect
- google.golang.org/appengine v1.6.8 // indirect
google.golang.org/genproto v0.0.0-20240604185151-ef581f913117 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect
- google.golang.org/grpc v1.64.0 // indirect
+ google.golang.org/grpc v1.64.1 // indirect
google.golang.org/protobuf v1.34.1 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
diff --git a/tests/terratest/go.sum b/tests/terratest/go.sum
index cd1d3da27..3c2893235 100644
--- a/tests/terratest/go.sum
+++ b/tests/terratest/go.sum
@@ -30,8 +30,6 @@ cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w9
cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc=
cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34hIU=
cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRYtA=
-cloud.google.com/go v0.110.8 h1:tyNdfIxjzaWctIiLYOTalaLKZ17SI44SKFW26QbOhME=
-cloud.google.com/go v0.110.8/go.mod h1:Iz8AkXJf1qmxC3Oxoep8R1T36w8B92yU29PcBhHO5fk=
cloud.google.com/go v0.114.0 h1:OIPFAdfrFDFO2ve2U7r/H5SwSbBzEdrBdE7xkgwc+kY=
cloud.google.com/go v0.114.0/go.mod h1:ZV9La5YYxctro1HTPug5lXH/GefROyW8PPD4T8n9J8E=
cloud.google.com/go/aiplatform v1.22.0/go.mod h1:ig5Nct50bZlzV6NvKaTwmplLLddFx0YReh9WfTO5jKw=
@@ -74,12 +72,6 @@ cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz
cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU=
cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U=
cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU=
-cloud.google.com/go/compute v1.23.1 h1:V97tBoDaZHb6leicZ1G6DLK2BAaZLJ/7+9BB/En3hR0=
-cloud.google.com/go/compute v1.23.1/go.mod h1:CqB3xpmPKKt3OJpW2ndFIXnA9A4xAy/F3Xp1ixncW78=
-cloud.google.com/go/compute v1.27.0 h1:EGawh2RUnfHT5g8f/FX3Ds6KZuIBC77hZoDrBvEZw94=
-cloud.google.com/go/compute v1.27.0/go.mod h1:LG5HwRmWFKM2C5XxHRiNzkLLXW48WwvyVC0mfWsYPOM=
-cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
-cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I=
@@ -119,8 +111,6 @@ cloud.google.com/go/gkehub v0.10.0/go.mod h1:UIPwxI0DsrpsVoWpLB0stwKCP+WFVG9+y97
cloud.google.com/go/grafeas v0.2.0/go.mod h1:KhxgtF2hb0P191HlY5besjYm6MqTSTj3LSI+M+ByZHc=
cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY=
cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3QpkUc=
-cloud.google.com/go/iam v1.1.3 h1:18tKG7DzydKWUnLjonWcJO6wjSCAtzh4GcRKlH/Hrzc=
-cloud.google.com/go/iam v1.1.3/go.mod h1:3khUlaBXfPKKe7huYgEpDn6FtgRyMEqbkvBxrQyY5SE=
cloud.google.com/go/iam v1.1.8 h1:r7umDwhj+BQyz0ScZMp4QrGXjSTI3ZINnpgU2nlB/K0=
cloud.google.com/go/iam v1.1.8/go.mod h1:GvE6lyMmfxXauzNq8NbgJbeVQNspG+tcdL/W8QO1+zE=
cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic=
@@ -183,8 +173,6 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9
cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y=
cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeLgDvXzfIXc=
cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s=
-cloud.google.com/go/storage v1.33.0 h1:PVrDOkIC8qQVa1P3SXGpQvfuJhN2LHOoyZvWs8D2X5M=
-cloud.google.com/go/storage v1.33.0/go.mod h1:Hhh/dogNRGca7IWv1RC2YqEn0c0G77ctA/OxflYkiD8=
cloud.google.com/go/storage v1.41.0 h1:RusiwatSu6lHeEXe3kglxakAmAbfV+rhtPqA6i8RBx0=
cloud.google.com/go/storage v1.41.0/go.mod h1:J1WCa/Z2FcgdEDuPUY8DxT5I+d9mFKsCepp5vR6Sq80=
cloud.google.com/go/talent v1.1.0/go.mod h1:Vl4pt9jiHKvOgF9KoZo6Kob9oV4lwd/ZD5Cto54zDRw=
@@ -201,8 +189,6 @@ cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoIS
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
-github.com/Azure/terratest-terraform-fluent v0.6.2 h1:5/nCvS/JF3v95DXxhERqMXKKlRF7kiLIWKAq4rzchR4=
-github.com/Azure/terratest-terraform-fluent v0.6.2/go.mod h1:8YZJNfEu2fSDeRLz5W/2vUgZYHYFNXSMXh+3u/CA3o0=
github.com/Azure/terratest-terraform-fluent v0.8.1 h1:nBi1qvQK5yQhginX/Hg45DtoVqCaI49fCm9odKd3WJo=
github.com/Azure/terratest-terraform-fluent v0.8.1/go.mod h1:Qcuo6erKth1TBOYvYpBChvuhphBSq93l/SItxXg9nmo=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
@@ -216,8 +202,6 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmms
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
-github.com/aws/aws-sdk-go v1.45.28 h1:p2ATcaK6ffSw4yZ2UAGzgRyRXwKyOJY6ZCiKqj5miJE=
-github.com/aws/aws-sdk-go v1.45.28/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
github.com/aws/aws-sdk-go v1.53.17 h1:TwtYMzVBTaqPVj/pcemHRIgk01OycWEcEUyUUX0tpCI=
github.com/aws/aws-sdk-go v1.53.17/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas=
@@ -242,16 +226,11 @@ github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWH
github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
-github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM=
-github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
-github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU=
github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
@@ -273,34 +252,22 @@ github.com/go-errors/errors v1.5.1/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3Bop
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
-github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
-github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ=
-github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA=
github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
-github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
-github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
-github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU=
-github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
-github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
-github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
github.com/go-test/deep v1.0.7 h1:/VSMRlnY/JSyqxQUzQLKVMAskpY/NZKFA5j2P+0pP2M=
github.com/go-test/deep v1.0.7/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
@@ -337,8 +304,6 @@ github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
@@ -371,9 +336,8 @@ github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXi
github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
-github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw=
-github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk=
github.com/google/martian/v3 v3.3.3 h1:DIhPTQrbPkgs2yJYdXU/eNACCG5DVQjySNRNlflZ9Fc=
+github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0=
github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
@@ -387,22 +351,19 @@ github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLe
github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg=
+github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
-github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8=
github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg=
-github.com/googleapis/enterprise-certificate-proxy v0.3.1 h1:SBWmZhjUDRorQxrN0nwzf+AHBxnbFjViHQS4P0yVpmQ=
-github.com/googleapis/enterprise-certificate-proxy v0.3.1/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=
github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0=
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
@@ -414,8 +375,6 @@ github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99
github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c=
github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo=
github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY=
-github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas=
-github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
github.com/googleapis/gax-go/v2 v2.12.4 h1:9gWcmF85Wvq4ryPFvGFaOgPIs1AQX0d0bcbGw4Z96qg=
github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI=
github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
@@ -425,8 +384,6 @@ github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZH
github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
github.com/gruntwork-io/go-commons v0.17.1 h1:2KS9wAqrgeOTWj33DSHzDNJ1FCprptWdLFqej+wB8x0=
github.com/gruntwork-io/go-commons v0.17.1/go.mod h1:S98JcR7irPD1bcruSvnqupg+WSJEJ6xaM89fpUZVISk=
-github.com/gruntwork-io/terratest v0.46.1 h1:dJ/y2/Li6yCDIc8KXY8PfydtrMRiXFb3UZm4LoPShPI=
-github.com/gruntwork-io/terratest v0.46.1/go.mod h1:gl//tb5cLnbpQs1FTSNwhsrbhsoG00goCJPfOnyliiU=
github.com/gruntwork-io/terratest v0.46.15 h1:qfqjTFveymaqe7aAWn3LjlK0SwVGpRfoOut5ggNyfQ8=
github.com/gruntwork-io/terratest v0.46.15/go.mod h1:9bd22zAojjBBiYdsp+AR1iyl2iB6bRUVm2Yf1AFhfrA=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -434,29 +391,21 @@ github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-<<<<<<< feat/ama
-github.com/hashicorp/go-getter v1.7.3 h1:bN2+Fw9XPFvOCjB0UOevFIMICZ7G2XSQHzfvLUyOM5E=
-github.com/hashicorp/go-getter v1.7.3/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744=
-=======
->>>>>>> main
github.com/hashicorp/go-getter v1.7.4 h1:3yQjWuxICvSpYwqSayAdKRFcvBl1y/vogCxczWSmix0=
github.com/hashicorp/go-getter v1.7.4/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744=
+github.com/hashicorp/go-getter v1.7.5 h1:dT58k9hQ/vbxNMwoI5+xFYAJuv6152UNvdHokfI5wE4=
+github.com/hashicorp/go-getter v1.7.5/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744=
github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo=
github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I=
-github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=
github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY=
github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/hcl/v2 v2.19.1 h1://i05Jqznmb2EXqa39Nsvyan2o5XyMowW5fnCKW5RPI=
-github.com/hashicorp/hcl/v2 v2.19.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE=
github.com/hashicorp/hcl/v2 v2.20.1 h1:M6hgdyz7HYt1UN9e61j+qKJBqR3orTWbI1HKBJEdxtc=
github.com/hashicorp/hcl/v2 v2.20.1/go.mod h1:TZDqQ4kNKCbh1iJp99FdPiUaVDDUPivbqxZulxDYqL4=
-github.com/hashicorp/terraform-json v0.17.1 h1:eMfvh/uWggKmY7Pmb3T85u86E2EQg6EQHgyRwf3RkyA=
-github.com/hashicorp/terraform-json v0.17.1/go.mod h1:Huy6zt6euxaY9knPAFKjUITn8QxUFIe9VuSzb4zn/0o=
github.com/hashicorp/terraform-json v0.22.1 h1:xft84GZR0QzjPVWs4lRUwvTcPnegqlyS7orfb5Ltvec=
github.com/hashicorp/terraform-json v0.22.1/go.mod h1:JbWSQCLFSXFFhg42T7l9iJwdGXBYV8fmmD6o/ML4p3A=
github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
@@ -478,20 +427,15 @@ github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/X
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
-github.com/klauspost/compress v1.17.1 h1:NE3C767s2ak2bweCZo3+rdP4U/HoyVXLv/X9f2gPS5g=
-github.com/klauspost/compress v1.17.1/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=
github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
-github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
@@ -516,10 +460,10 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
-github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE=
-github.com/onsi/ginkgo/v2 v2.9.4/go.mod h1:gCQYp2Q+kSoIj7ykSVb9nskRSsR6PUj4AiLywzIhbKM=
-github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE=
-github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg=
+github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g=
+github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc=
+github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
+github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -530,8 +474,8 @@ github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
-github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
@@ -548,12 +492,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/tidwall/gjson v1.17.0 h1:/Jocvlh98kcTfpN2+JzGQWQcqrPQwDrVEMApx/M5ZwM=
-github.com/tidwall/gjson v1.17.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
github.com/tidwall/gjson v1.17.1 h1:wlYEnwqAHgzmhNUFfw7Xalt2JzQvsMx2Se4PcoFCT/U=
github.com/tidwall/gjson v1.17.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
@@ -561,21 +501,13 @@ github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JT
github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=
github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
-github.com/tmccombs/hcl2json v0.6.0 h1:Qc5NL4NQbpNnw8w8HQcA3GsVHvQDJXJwVTUxf2AEhOs=
-github.com/tmccombs/hcl2json v0.6.0/go.mod h1:QNirG4H64ZvlFsy9werRxXlWNTDR1GhWzXkjqPILHwo=
github.com/tmccombs/hcl2json v0.6.3 h1:yfZO7FYuWxSBAkxN1Dw+O9bjnK12vdwCDtSJDzw7haw=
github.com/tmccombs/hcl2json v0.6.3/go.mod h1:VaIUbPyWiGThEKOsVZis0QHfMCnHLqD3IEbggSvQ8eY=
github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
-github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc=
github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/urfave/cli/v2 v2.25.7 h1:VAzn5oq403l5pHjc4OhD54+XGO9cdKVL/7lDjF+iKUs=
-github.com/urfave/cli/v2 v2.25.7/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
github.com/urfave/cli/v2 v2.27.2 h1:6e0H+AkS+zDckwPCUrZkKX38mRaau4nL2uipkJpbkcI=
github.com/urfave/cli/v2 v2.27.2/go.mod h1:g0+79LmHHATl7DAcHO99smiR/T7uGLw84w8Y42x+4eM=
-github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
-github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4=
github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -584,10 +516,10 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/zclconf/go-cty v1.14.1 h1:t9fyA35fwjjUMcmL5hLER+e/rEPqrbCK1/OSE4SI9KA=
-github.com/zclconf/go-cty v1.14.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8=
github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
+github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b h1:FosyBZYxY34Wul7O/MSKey3txpPYyCqVO5ZyceuQJEI=
+github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@@ -605,6 +537,8 @@ go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg=
go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ=
go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik=
go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak=
+go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw=
+go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg=
go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw=
go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4=
go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
@@ -614,8 +548,6 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI=
golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -628,8 +560,6 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
-golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 h1:LoYXNGAShUG3m/ehNk4iFctuhGX/+R1ZpfJ4/ia80JM=
golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
@@ -707,8 +637,6 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
-golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
-golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -736,8 +664,6 @@ golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri
golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A=
-golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY=
-golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0=
golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -754,8 +680,6 @@ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.4.0 h1:zxkM55ReGkDlKSM+Fu41A+zmbZuaPVbGMzvvdUPznYQ=
-golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -821,15 +745,11 @@ golang.org/x/sys v0.0.0-20220624220833-87e55d714810/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws=
golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
-golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA=
golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -841,17 +761,12 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
-golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -908,8 +823,6 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.14.0 h1:jvNa2pY0M4r62jkRQ6RwEZZyPcymeL9XZMLBbV7U2nc=
-golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -970,8 +883,6 @@ google.golang.org/api v0.96.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ
google.golang.org/api v0.97.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s=
google.golang.org/api v0.98.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s=
google.golang.org/api v0.100.0/go.mod h1:ZE3Z2+ZOr87Rx7dqFsdRQkRBk36kDtp/h+QpHbB7a70=
-google.golang.org/api v0.147.0 h1:Can3FaQo9LlVqxJCodNmeZW/ib3/qKAY3rFeXiHo5gc=
-google.golang.org/api v0.147.0/go.mod h1:pQ/9j83DcmPd/5C9e2nFOdjjNkDZ1G+zkbK2uvdkJMs=
google.golang.org/api v0.183.0 h1:PNMeRDwo1pJdgNcFQ9GstuLe/noWKIc89pRWRLMvLwE=
google.golang.org/api v0.183.0/go.mod h1:q43adC5/pHoSZTx5h2mSmdF7NcyfW9JuDyIOJAgS9ZQ=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
@@ -981,8 +892,6 @@ google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww
google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
-google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
@@ -1084,16 +993,10 @@ google.golang.org/genproto v0.0.0-20221010155953-15ba04fc1c0e/go.mod h1:3526vdqw
google.golang.org/genproto v0.0.0-20221014173430-6e2ab493f96b/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM=
google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM=
google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s=
-google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b h1:+YaDE2r2OG8t/z5qmsh7Y+XXwCbvadxxZ0YY6mTdrVA=
-google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:CgAqfJo+Xmu0GwA0411Ht3OU3OntXwsGmrmjI8ioGXI=
google.golang.org/genproto v0.0.0-20240604185151-ef581f913117 h1:HCZ6DlkKtCDAtD8ForECsY3tKuaR+p4R3grlK80uCCc=
google.golang.org/genproto v0.0.0-20240604185151-ef581f913117/go.mod h1:lesfX/+9iA+3OdqeCpoDddJaNxVB1AB6tD7EfqMmprc=
-google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b h1:CIC2YMXmIhYw6evmhPxBKJ4fmLbOFtXQN/GV3XOZR8k=
-google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:IBQ646DjkDkvUIsVq/cc03FUFQ9wbZu7yE396YcL870=
google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 h1:+rdxYoE3E5htTEWIe15GlN6IfvbURM//Jt0mmkmm6ZU=
google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b h1:ZlWIi1wSK56/8hn4QcBp/j9M7Gt3U/3hZw3mC7vDICo=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 h1:1GBuWVLM/KMVUv1t1En5Gs+gFZCNd360GGb4sSxtrhU=
google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
@@ -1131,10 +1034,10 @@ google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACu
google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
-google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
-google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY=
google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg=
+google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA=
+google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0=
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -1151,8 +1054,6 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
-google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -1178,28 +1079,16 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.28.3 h1:Gj1HtbSdB4P08C8rs9AR94MfSGpRhJgsS+GF9V26xMM=
-k8s.io/api v0.28.3/go.mod h1:MRCV/jr1dW87/qJnZ57U5Pak65LGmQVkKTzf3AtKFHc=
k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY=
k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM=
-k8s.io/apimachinery v0.28.3 h1:B1wYx8txOaCQG0HmYF6nbpU8dg6HvA06x5tEffvOe7A=
-k8s.io/apimachinery v0.28.3/go.mod h1:uQTKmIqs+rAYaq+DFaoD2X7pcjLOqbQX2AOiO0nIpb8=
k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U=
k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
-k8s.io/client-go v0.28.3 h1:2OqNb72ZuTZPKCl+4gTKvqao0AMOl9f3o2ijbAj3LI4=
-k8s.io/client-go v0.28.3/go.mod h1:LTykbBp9gsA7SwqirlCXBWtK0guzfhpoW4qSm7i9dxo=
k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q=
k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc=
-k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
-k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780=
-k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA=
k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc=
-k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
-k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak=
k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
@@ -1207,11 +1096,7 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk=
-sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
-sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
-sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff --git a/variables.tf b/variables.tf
index e8a9a402c..a62e9b194 100644
--- a/variables.tf
+++ b/variables.tf
@@ -85,6 +85,7 @@ variable "configure_management_resources" {
log_analytics = optional(object({
enabled = optional(bool, true)
config = optional(object({
+ daily_quota_gb = optional(number, -1)
retention_in_days = optional(number, 30)
enable_monitoring_for_vm = optional(bool, true)
enable_monitoring_for_vmss = optional(bool, true)