Skip to content

Releases: Azure/ALZ-Bicep

v0.10.4

09 Oct 18:33
@jtracey93 jtracey93
v0.10.4
db98350
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.10.4

Breaking Changes

None

However, please still review v0.10.0 release notes if using a version older than v0.10.0

What's Changed

New Contributors

Full Changelog: v0.10.3...v0.10.4

Contributors

eureka-gh, lachaves, and 3 other contributors
Assets 2
Loading

v0.10.3

20 Sep 17:05
@jtracey93 jtracey93
v0.10.3
2d3d5b8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.10.3

Breaking Changes

None

However, please still review v0.10.0 release notes if using a version older than v0.10.0

What's Changed

New Contributors

Thank you both 🥳

Full Changelog: v0.10.2...v0.10.3

Contributors

floschmsft, jtracey93, and DaFitRobsta
Assets 2
Loading

v0.10.2

23 Aug 13:05
@jtracey93 jtracey93
v0.10.2
8b58833
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.10.2

Breaking Changes

None

However, please still review v0.10.0 release notes if using a version older than v0.10.0

What's Changed

New Contributors

Full Changelog: v0.10.1...v0.10.2

Contributors

krowlandson
Assets 2
Loading

v0.10.1

01 Aug 14:59
@jtracey93 jtracey93
v0.10.1
63161bb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.10.1

Breaking Changes

None

However, please still review v0.10.0 release notes if using a version older than v0.10.0

What's Changed

Full Changelog: v0.10.0...v0.10.1

Contributors

olljanat and jtracey93
Assets 2
Loading

v0.10.0

29 Jul 14:23
@jtracey93 jtracey93
v0.10.0
55e6e6f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.10.0

Breaking Changes

  • In privateDnsZones module the Private DNS Zones vNet linking name has been made unique to ensure can be used multiple times for vNets with the same names.
    • Old name Bicep Code: name: '${privateDnsZoneName}/${privateDnsZoneName}'
    • New name Bicep Code: name: '${privateDnsZoneName}/${take('link-${uniqueString(parVirtualNetworkIdToLink)}', 80)}'

What should we do?

If possible, move to the new naming format as this enables easier future expansion into other regions etc., if planned. You will need to remove the existing vNet links on each Private DNS Zone for the hub vNet or other vNet you may have specified.

You may also choose not to pull in this latest change to this specific module if you wish. However, be aware that if trying to link another vNet to the Private DNS Zone using the privateDnsZones module you will be unable to with the Old name bicep code (as shown above) due to the vNet link name will be the same, irrespective of the vNet name; which the new code does now use to create the name for the vNet link 👍

Important: If you run the privateDnsZones module, or another module like hubNetworking that calls the privateDnsZones module, over the top without being aware of these changes, you will likely see a deployment failure for the Private DNS Zone vNet links as it will try to re-create new vNet links for the same vNet but with different Private DNS Zone vNet link names, which is not possible in the platform as it will create a duplicate config.

What's Changed

  • Update Policy Library for Azure China (automated) by @github-actions in #289
  • Use latest API versions in all modules by @olljanat & @jtracey93 in #293
    • Also updated tests in ADO to use location from Key Vault completely, isntead of hardcoded to eastus in some places
  • Update docs and PR template to close #247 by @jtracey93 in #296
    • Added using latest API versions for resources to PR template and Contribution Guide

Full Changelog: v0.9.3...v0.10.0

Contributors

olljanat and jtracey93
Assets 2
Loading

v0.9.3

19 Jul 08:31
@jtracey93 jtracey93
v0.9.3
948e79d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.9.3

Breaking Changes

None

What's Changed

  • Update Invoke-PolicyToBicep.ps1 Scripts to Handle -'s, 's (spaces) & ' apostrophes + Fix #254 by @jtracey93 in #288

    • A number of changes to the Invoke-PolicyToBicep.ps1 script to support more characters in inputs based on some customer scenarios seen recently
    • This PR reduces the size of the generated ARM template for the customPolicyDefinitions.bicep from 2.8 MB to around 800 KB by optimizing how we load parameters for Policy Imitative Definitions as highlighted in #254
    • Important: No changes to policies are made

  • Various Docs Enhancements, Typo Fixes & Updates by @jtracey93 in #286

  • Add Azure function to remove used subscriptions by @jfaurskov in #287

    • Used internally for test clean-ups

New Contributors

Full Changelog: v0.9.2...v0.9.3

Contributors

jfaurskov, jtracey93, and SeSeicht
Assets 2
Loading

v0.9.2

08 Jul 14:14
@jtracey93 jtracey93
v0.9.2
8b0a0ce
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.9.2

Breaking Changes

None.

However, as part of PR #280 the Azure Backup Private DNS Zone bug was fixed (as detailed in #279). So, if you deploy the hubNetworking or privateDnsZones modules over the top of an existing deployment of ALZ-Bicep in an incremental mode (which is default and recommended) you will get a new Private DNS Zone for Azure Backup but the old, incorrectly named one, will still exist and should be manually cleaned up.

What's Changed

IMPORTANT: Please still review v0.9.0 release notes if you haven't upgraded to v0.9.0 already

New Contributors

Full Changelog: v0.9.1...v0.9.2

Contributors

johnlokerse, faister, and 3 other contributors
Assets 2
Loading

v0.9.1

20 Jun 07:18
@jtracey93 jtracey93
v0.9.1
90b7027
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.9.1

Breaking Changes

None

What's Changed

  • Update Policy Library (automated) by @github-actions in #258
  • Add unit testing pipeline for base testing. by @jfaurskov in #233
  • Fix ValidateAzCloud ADO pipeline by @jfaurskov in #261
  • Update Policy Library (automated) by @github-actions in #263
  • Fix #262, #259, #248 by @jtracey93 in #264
    • Update FAQ with details on how to get notified about new releases
    • Added 2 additional solutions to logging module for SQL assesments
    • Updated GitHub Super Linter to only scan on changed files instead of all files on PR
  • Add NSG to AzureBastionSubnet - Fixing #240 by @jtracey93 in #266

IMPORTANT: Please still review v0.9.0 release notes if you haven't upgraded to v0.9.0 already

Full Changelog: v0.9.0...v0.9.1

Contributors

jfaurskov and jtracey93
Assets 2
Loading

v0.9.0

09 Jun 18:40
@jtracey93 jtracey93
v0.9.0
48bb2d4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.9.0

Overview/Summary

A huge thanks to @rjygraham for all his efforts on this PR and to the rest of the ALZ-Bicep core team for testing and reviewing 👏

This release includes PR #227 which focuses on code/file hygiene and consistency across modules. This includes ensuring file names, parameters, outputs are camelCased and changes to readability of parameters and outputs to ensure ALZ-Bicep is user-friendly and approachable to new users.

NOTE: The likelihood of experiencing breaking changes is high since this release touches nearly every file. Please carefully review the Breaking Changes section below for details on what's changed and suggestions for migrating to this release.

Breaking Changes

The breaking changes fall into two categories:

  • File/module name changes/moves
  • Parameter/output name changes

Bicep Template File Name Changes

The following Bicep files/modules have had their names changed:

Module                 Old File Name                                           New File Name                                        
customRoleDefinitions definitions/caf-subscription-owner-role.bicep           definitions/cafSubscriptionOwnerRole.bicep          
customRoleDefinitions definitions/caf-application-owner-role.bicep             definitions/cafApplicationOwnerRole.bicep            
customRoleDefinitions definitions/caf-network-management-role.bicep           definitions/cafNetworkManagementRole.bicep          
customRoleDefinitions definitions/caf-security-operations-role.bicep           definitions/cafSecurityOperationsRole.bicep          
customRoleDefinitions definitions/china/mc-caf-network-management-role.bicep   definitions/china/mc-cafNetworkManagementRole.bicep  
customRoleDefinitions definitions/china/mc-caf-security-operations-role.bicep definitions/china/mc-cafSecurityOperationsRole.bicep
customPolicyDefinitions                definitions/custom-policy-definitions.bicep             definitions/customPolicyDefinitions.bicep            
customPolicyDefinitions                definitions/mc-custom-policy-definitions.bicep           definitions/mc-customPolicyDefinitions.bicep        
hubSpoke               orchestration/hubSpoke/orch-HubSpoke.bicep               orchestration/hubSpoke/orchHubSpoke.bicep            

Bicep Parameter File Name Changes

All modules have had their parameter files moved and names changed. Rather than detail each change individually, the guidance below illustrates how the parameter file names have changed and the changes made to the location of the parameter files for each module.

  • Each module has had its parameter files moved into a new /parameters sub-folder inside the module folder
  • Parameter files are now named according to the convention: <module>.<parameterSet>.parameters.<min|all>.json
      - <module> denotes the current module (and scope when necessary), for example: roleAssignmentManagementGroup
      - <parameterSet> denotes a set of parameters with similar characteristics, for example: securityGroup
      - parameters constant to denote file as a parameters file
      - <min|all>.json denotes whether a parameter file contains all possible parameters or only minimum necessary for deployment (more on min.json in What's Changed section below)

Examples of how parameter file locations and names have changed:

Module           Old File Name                                                             New File Name                                                                  
hubNetworking   hubNetworking.parameters.example.json                                     parameters/hubNetworking.parameters.all.json                                    
policyAssignment           assignments/policyAssignmentManagementGroup.parameters.example-deny.json assignments/parameters/policyAssignmentManagementGroup.deny.parameters.all.json
roleAssignments roleAssignmentManagementGroup.securityGroup.parameters.all.json           parameters/roleAssignmentManagementGroup.securityGroup.parameters.all.json      

Bicep Parameter/Output Name Changes

Most modules have had changes to their parameter, variable, resource, module, and output symbolic names to ensure:

  • Strict camelCasing, for example: parDNSServerIPArray becomes parDnsServerIpArray
  • Readability: update to all par and out values in Bicep templates to include full product name instead of camelCased abbreviation:
      - parExpressRouteGwName instead of parErGwName
      - Services with "Azure" in the name are abbreviated "Az", for example: parBastionName becomes parAzBastionName
      - In the case of VPN, since it is not product name and instead a generally understood industry acronym, it remains: parVpnGatewayConfig
  • Except in instances where a switch aligns with an ARM property name, switches have been renamed with intended effect as last segment of the name
  • Since variable, resource, module constructs are not part of the "API" surface area (i.e. input/output), they were merely camelCased and not necessarily renamed per readability point above.

Added Parameters

The following module parameters were added:

Module                 File Name                               New Parameter Name
customRoleDefinitions mc-customRoleDefinitions.bicep           parTelemetryOptOut
customPolicyDefinitions mc-customPolicyDefinitions.bicep           parTelemetryOptOut
roleAssignments       roleAssignmentManagementGroupMany.bicep parTelemetryOptOut
roleAssignments       roleAssignmentSubscriptionMany.bicep     parTelemetryOptOut

Changed Parameters

The following module parameter names have changed:

Please use the scroll bar at the bottom of the table

Module           File Name                                                 Old Parameter Name                                       New Parameter Name                                      
hubNetworking     hubNetworking.bicep                                       parDNSServerIPArray                                     parDnsServerIps                                    
hubNetworking     hubNetworking.bicep                                       parPublicIPSku                                           parPublicIpSku                                          
hubNetworking     hubNetworking.bicep                                       parBastionEnabled                                       parAzBastionEnabled                                    
hubNetworking     hubNetworking.bicep                                       parBastionName                                           parAzBastionName                                        
hubNetworking     hubNetworking.bicep                                       parBastionSku                                           parAzBastionSku                                        
hubNetworking     hubNetworking.bicep                                       parAzureFirewallEnabled                                 parAzFirewallEnabled                                    
hubNetworking     hubNetworking.bicep                                       parAzureFirewallName                                     parAzFirewallName                                      
hubNetworking     hubNetworking.bicep                                       parFirewallPoliciesName                                 parAzFirewallPoliciesName                              
hubNetworking     hubNetworking.bicep                                       parAzureFirewallTier                                     parAzFirewallTier                                      
hubNetworking     hubNetworking.bicep                                       parAzureFirewallAvailabilityZones                       parAzFirewallAvailabilityZones                          
hubNetworking     hubNetworking.bicep                                       parNetworkDNSEnableProxy                                 parAzFirewallDnsProxyEnabled                            
hubNetworking     hubNetworking.bicep                                       parDisableBGPRoutePropagation                           parDisableBgpRoutePropagation                          
policy           assignments/alzDefaults/alzDefaultPolicyAssignments.bicep parPolicyAssignmentDefinitionID                         parPolicyAssignmentDefinitionId                        
policy           assignments/alzDefaults/alzDefaultPolicyAssignments.bicep parPolicyAssignmentIdentityRoleAssignmentsAdditionalMGs parPolicyAssignmentIdentityRoleAssignmentsAdditionalMgs
policy           assignments/alzDefaults/alzDefaultPolicyAssignments.bicep parPolicyAssignmentIdentityRoleDefinitionIDs             parPolicyAssignmentIdentityRoleDefinitionIds            
policy           assignments/policyAssignmentManagementGroup.bicep         parPolicyAssignmentDefinitionID                         parPolicyAssignmentDefinitionId                        
policy           assignments/policyAssignmentManagementGroup.bicep         parPolicyAssignmentI...
Read more

Contributors

rjygraham and jtracey93
Assets 2
Loading

v0.8.1

24 May 12:08
@jtracey93 jtracey93
v0.8.1
140cb36
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.8.1

Please note this is still a public preview so the code base is likely to change based on issues, bugs, etc. reported to this repository.

Breaking Changes

  • In PR #239 we added a parameter called parLogAnalyticsWorkspaceSkuName to the logging module and defaulted it to PerGB2018
    • Previously this was not a parameter and its value was hardcoded to PerNode

This however is not a "breaking change" as such as any existing workspaces deployed will just have its pricing tier updated to PerGB2018. But you can set the value for the parameter parLogAnalyticsWorkspaceSkuName to PerNode if you wish to keep it as-is, however we advise to update to the PerGB2018 model as the PerNode is a legacy SKU.

See here for more info Azure Monitor Logs pricing details & Change pricing tier for Log Analytics workspace

This is actually what it should have been from the start so good catch @olljanat with your PR. 👍

What's Changed

  • Add microsoft.com exclusion and increase timeout for Markdown Link Checker by @jtracey93 in #235
  • Add v1.x.x Q&A to FAQ by @jtracey93 in #238
  • logging: parametrize workspace sku and resource specific tags by @olljanat in #239

Full Changelog: v0.8.0...v0.8.1

Contributors

olljanat and jtracey93
Assets 2
Loading