Releases: Azure/ALZ-Bicep
v0.10.4
Breaking Changes
None
However, please still review v0.10.0 release notes if using a version older than
v0.10.0
What's Changed
- doc: Added subnet disclaimer by @DaFitRobsta in #322
- capture definitionReferenceId that starts with number. by @eureka-gh in #324
- Add
.editorconfig
support by @jtracey93 in #325 - Add AZ Support for VPN & ER GW PIPs by @jhajduk-microsoft & @jtracey93 in #306
- Management Group Diagnostic Settings Enablement - New Module by @lachaves & @jtracey93 in #321
New Contributors
- @eureka-gh made their first contribution in #324
- @jhajduk-microsoft made their first contribution in #306
- @lachaves made their first contribution in #321
Full Changelog: v0.10.3...v0.10.4
v0.10.3
Breaking Changes
None
However, please still review v0.10.0 release notes if using a version older than
v0.10.0
What's Changed
- Add Azure Enablement Show Videos to docs & Update FAQ RE #300 by @jtracey93 in #309
- fixed typo in subPlacementAl by @floschmsft in #310
- Add PSRule To ALZ Bicep Testing by @jtracey93 in #313
- Enable GitHub to ADO WIT Sync by @jtracey93 in #315
- chore: bicepconfig.json linter update by @DaFitRobsta in #318
bicepconfig.json
files updated to use latest rules available in latest Bicep releasev0.10.61
- Please ensure you update to the latest Bicep release following the instructions here
New Contributors
- @floschmsft made their first contribution in #310
- @DaFitRobsta made their first contribution in #318
Thank you both 🥳
Full Changelog: v0.10.2...v0.10.3
v0.10.2
Breaking Changes
None
However, please still review v0.10.0 release notes if using a version older than
v0.10.0
What's Changed
- Update geo codes for Azure Backup by @krowlandson in #305
New Contributors
- @krowlandson made their first contribution in #305
Full Changelog: v0.10.1...v0.10.2
v0.10.1
Breaking Changes
None
However, please still review v0.10.0 release notes if using a version older than
v0.10.0
What's Changed
- New Orchestration Module:
subPlacementAll
by @jtracey93 in #298- Created from Feature Request #295
- Include encryption
keySource
for automation account to resolve what-if noise by @olljanat in #299
Full Changelog: v0.10.0...v0.10.1
v0.10.0
Breaking Changes
- In
privateDnsZones
module the Private DNS Zones vNet linking name has been made unique to ensure can be used multiple times for vNets with the same names.- Old
name
Bicep Code:name: '${privateDnsZoneName}/${privateDnsZoneName}'
- New
name
Bicep Code:name: '${privateDnsZoneName}/${take('link-${uniqueString(parVirtualNetworkIdToLink)}', 80)}'
- Old
What should we do?
If possible, move to the new naming format as this enables easier future expansion into other regions etc., if planned. You will need to remove the existing vNet links on each Private DNS Zone for the hub vNet or other vNet you may have specified.
You may also choose not to pull in this latest change to this specific module if you wish. However, be aware that if trying to link another vNet to the Private DNS Zone using the privateDnsZones
module you will be unable to with the Old name
bicep code (as shown above) due to the vNet link name will be the same, irrespective of the vNet name; which the new code does now use to create the name for the vNet link 👍
Important: If you run the
privateDnsZones
module, or another module likehubNetworking
that calls theprivateDnsZones
module, over the top without being aware of these changes, you will likely see a deployment failure for the Private DNS Zone vNet links as it will try to re-create new vNet links for the same vNet but with different Private DNS Zone vNet link names, which is not possible in the platform as it will create a duplicate config.
What's Changed
- Update Policy Library for Azure China (automated) by @github-actions in #289
- Use latest API versions in all modules by @olljanat & @jtracey93 in #293
- Also updated tests in ADO to use location from Key Vault completely, isntead of hardcoded to
eastus
in some places
- Also updated tests in ADO to use location from Key Vault completely, isntead of hardcoded to
- Update docs and PR template to close #247 by @jtracey93 in #296
- Added using latest API versions for resources to PR template and Contribution Guide
Full Changelog: v0.9.3...v0.10.0
v0.9.3
Breaking Changes
None
What's Changed
-
Update
Invoke-PolicyToBicep.ps1
Scripts to Handle-
's,'
apostrophes + Fix #254 by @jtracey93 in #288- A number of changes to the
Invoke-PolicyToBicep.ps1
script to support more characters in inputs based on some customer scenarios seen recently - This PR reduces the size of the generated ARM template for the
customPolicyDefinitions.bicep
from2.8 MB
to around800 KB
by optimizing how we load parameters for Policy Imitative Definitions as highlighted in #254 - Important: No changes to policies are made
- A number of changes to the
-
Various Docs Enhancements, Typo Fixes & Updates by @jtracey93 in #286
-
Add Azure function to remove used subscriptions by @jfaurskov in #287
- Used internally for test clean-ups
New Contributors
Full Changelog: v0.9.2...v0.9.3
v0.9.2
Breaking Changes
None.
However, as part of PR #280 the Azure Backup Private DNS Zone bug was fixed (as detailed in #279). So, if you deploy the hubNetworking
or privateDnsZones
modules over the top of an existing deployment of ALZ-Bicep in an incremental mode (which is default and recommended) you will get a new Private DNS Zone for Azure Backup but the old, incorrectly named one, will still exist and should be manually cleaned up.
What's Changed
-
Add MG Flexibility Feature & Intermediate Root MG Parent Flexibility by @jtracey93 in #276
- See the Child Landing Zone Management Groups Flexibility section in the
managementGroups
module README
- See the Child Landing Zone Management Groups Flexibility section in the
-
Azure backup DNS zone geo code fix and docs by @jtracey93 in #280
- See the Geo Zone Codes section in the
privateDnsZones
module README
- See the Geo Zone Codes section in the
-
Add validation pipeline for mooncake by @jfaurskov in #268
-
Remove subscription selection from hubPeeredSpoke module readme by @jfaurskov in #272
-
Add ALZ Resource Types Script and Update Workflow by @jtracey93 in #273
-
Patch policy library for Azure China by @faister in #253
- Added support for ALZ Default Policy Assignments for Mooncake (Azure China)
-
Fixed typos by @boclifton-MSFT in #278
-
Implementation of correct output id, added example command for search on SPN name by @johnlokerse in #281
IMPORTANT: Please still review v0.9.0 release notes if you haven't upgraded to
v0.9.0
already
New Contributors
- @boclifton-MSFT made their first contribution in #278
Full Changelog: v0.9.1...v0.9.2
v0.9.1
Breaking Changes
None
What's Changed
- Update Policy Library (automated) by @github-actions in #258
- Add unit testing pipeline for base testing. by @jfaurskov in #233
- Fix ValidateAzCloud ADO pipeline by @jfaurskov in #261
- Update Policy Library (automated) by @github-actions in #263
- Fix #262, #259, #248 by @jtracey93 in #264
- Update FAQ with details on how to get notified about new releases
- Added 2 additional solutions to logging module for SQL assesments
- Updated GitHub Super Linter to only scan on changed files instead of all files on PR
- Add NSG to AzureBastionSubnet - Fixing #240 by @jtracey93 in #266
IMPORTANT: Please still review v0.9.0 release notes if you haven't upgraded to
v0.9.0
already
Full Changelog: v0.9.0...v0.9.1
v0.9.0
Overview/Summary
A huge thanks to @rjygraham for all his efforts on this PR and to the rest of the
ALZ-Bicep
core team for testing and reviewing 👏
This release includes PR #227 which focuses on code/file hygiene and consistency across modules. This includes ensuring file names, parameters, outputs are camelCased
and changes to readability of parameters and outputs to ensure ALZ-Bicep is user-friendly and approachable to new users.
NOTE: The likelihood of experiencing breaking changes is high since this release touches nearly every file. Please carefully review the Breaking Changes section below for details on what's changed and suggestions for migrating to this release.
Breaking Changes
The breaking changes fall into two categories:
- File/module name changes/moves
- Parameter/output name changes
Bicep Template File Name Changes
The following Bicep files/modules have had their names changed:
Module | Old File Name | New File Name |
---|---|---|
customRoleDefinitions | definitions/caf-subscription-owner-role.bicep | definitions/cafSubscriptionOwnerRole.bicep |
customRoleDefinitions | definitions/caf-application-owner-role.bicep | definitions/cafApplicationOwnerRole.bicep |
customRoleDefinitions | definitions/caf-network-management-role.bicep | definitions/cafNetworkManagementRole.bicep |
customRoleDefinitions | definitions/caf-security-operations-role.bicep | definitions/cafSecurityOperationsRole.bicep |
customRoleDefinitions | definitions/china/mc-caf-network-management-role.bicep | definitions/china/mc-cafNetworkManagementRole.bicep |
customRoleDefinitions | definitions/china/mc-caf-security-operations-role.bicep | definitions/china/mc-cafSecurityOperationsRole.bicep |
customPolicyDefinitions | definitions/custom-policy-definitions.bicep | definitions/customPolicyDefinitions.bicep |
customPolicyDefinitions | definitions/mc-custom-policy-definitions.bicep | definitions/mc-customPolicyDefinitions.bicep |
hubSpoke | orchestration/hubSpoke/orch-HubSpoke.bicep | orchestration/hubSpoke/orchHubSpoke.bicep |
Bicep Parameter File Name Changes
All modules have had their parameter files moved and names changed. Rather than detail each change individually, the guidance below illustrates how the parameter file names have changed and the changes made to the location of the parameter files for each module.
- Each module has had its parameter files moved into a new
/parameters
sub-folder inside the module folder - Parameter files are now named according to the convention:
<module>.<parameterSet>.parameters.<min|all>.json
-<module>
denotes the current module (and scope when necessary), for example:roleAssignmentManagementGroup
-<parameterSet>
denotes a set of parameters with similar characteristics, for example:securityGroup
-parameters
constant to denote file as a parameters file
-<min|all>.json
denotes whether a parameter file contains all possible parameters or only minimum necessary for deployment (more onmin.json
in What's Changed section below)
Examples of how parameter file locations and names have changed:
Module | Old File Name | New File Name |
---|---|---|
hubNetworking | hubNetworking.parameters.example.json | parameters/hubNetworking.parameters.all.json |
policyAssignment | assignments/policyAssignmentManagementGroup.parameters.example-deny.json | assignments/parameters/policyAssignmentManagementGroup.deny.parameters.all.json |
roleAssignments | roleAssignmentManagementGroup.securityGroup.parameters.all.json | parameters/roleAssignmentManagementGroup.securityGroup.parameters.all.json |
Bicep Parameter/Output Name Changes
Most modules have had changes to their parameter, variable, resource, module, and output symbolic names to ensure:
- Strict
camelCasing
, for example:parDNSServerIPArray
becomesparDnsServerIpArray
- Readability: update to all
par
andout
values in Bicep templates to include full product name instead of camelCased abbreviation:
-parExpressRouteGwName
instead ofparErGwName
- Services with "Azure" in the name are abbreviated "Az", for example:parBastionName
becomesparAzBastionName
- In the case of VPN, since it is not product name and instead a generally understood industry acronym, it remains:parVpnGatewayConfig
- Except in instances where a switch aligns with an ARM property name, switches have been renamed with intended effect as last segment of the name
- Since variable, resource, module constructs are not part of the "API" surface area (i.e. input/output), they were merely
camelCased
and not necessarily renamed per readability point above.
Added Parameters
The following module parameters were added:
Module | File Name | New Parameter Name |
---|---|---|
customRoleDefinitions | mc-customRoleDefinitions.bicep | parTelemetryOptOut |
customPolicyDefinitions | mc-customPolicyDefinitions.bicep | parTelemetryOptOut |
roleAssignments | roleAssignmentManagementGroupMany.bicep | parTelemetryOptOut |
roleAssignments | roleAssignmentSubscriptionMany.bicep | parTelemetryOptOut |
Changed Parameters
The following module parameter names have changed:
Please use the scroll bar at the bottom of the table
Module | File Name | Old Parameter Name | New Parameter Name |
---|---|---|---|
hubNetworking | hubNetworking.bicep | parDNSServerIPArray | parDnsServerIps |
hubNetworking | hubNetworking.bicep | parPublicIPSku | parPublicIpSku |
hubNetworking | hubNetworking.bicep | parBastionEnabled | parAzBastionEnabled |
hubNetworking | hubNetworking.bicep | parBastionName | parAzBastionName |
hubNetworking | hubNetworking.bicep | parBastionSku | parAzBastionSku |
hubNetworking | hubNetworking.bicep | parAzureFirewallEnabled | parAzFirewallEnabled |
hubNetworking | hubNetworking.bicep | parAzureFirewallName | parAzFirewallName |
hubNetworking | hubNetworking.bicep | parFirewallPoliciesName | parAzFirewallPoliciesName |
hubNetworking | hubNetworking.bicep | parAzureFirewallTier | parAzFirewallTier |
hubNetworking | hubNetworking.bicep | parAzureFirewallAvailabilityZones | parAzFirewallAvailabilityZones |
hubNetworking | hubNetworking.bicep | parNetworkDNSEnableProxy | parAzFirewallDnsProxyEnabled |
hubNetworking | hubNetworking.bicep | parDisableBGPRoutePropagation | parDisableBgpRoutePropagation |
policy | assignments/alzDefaults/alzDefaultPolicyAssignments.bicep | parPolicyAssignmentDefinitionID | parPolicyAssignmentDefinitionId |
policy | assignments/alzDefaults/alzDefaultPolicyAssignments.bicep | parPolicyAssignmentIdentityRoleAssignmentsAdditionalMGs | parPolicyAssignmentIdentityRoleAssignmentsAdditionalMgs |
policy | assignments/alzDefaults/alzDefaultPolicyAssignments.bicep | parPolicyAssignmentIdentityRoleDefinitionIDs | parPolicyAssignmentIdentityRoleDefinitionIds |
policy | assignments/policyAssignmentManagementGroup.bicep | parPolicyAssignmentDefinitionID | parPolicyAssignmentDefinitionId |
policy | assignments/policyAssignmentManagementGroup.bicep | parPolicyAssignmentI... |
v0.8.1
Please note this is still a public preview so the code base is likely to change based on issues, bugs, etc. reported to this repository.
Breaking Changes
- In PR #239 we added a parameter called
parLogAnalyticsWorkspaceSkuName
to the logging module and defaulted it toPerGB2018
- Previously this was not a parameter and its value was hardcoded to
PerNode
- Previously this was not a parameter and its value was hardcoded to
This however is not a "breaking change" as such as any existing workspaces deployed will just have its pricing tier updated to PerGB2018
. But you can set the value for the parameter parLogAnalyticsWorkspaceSkuName
to PerNode
if you wish to keep it as-is, however we advise to update to the PerGB2018
model as the PerNode
is a legacy SKU.
See here for more info Azure Monitor Logs pricing details & Change pricing tier for Log Analytics workspace
This is actually what it should have been from the start so good catch @olljanat with your PR. 👍
What's Changed
- Add microsoft.com exclusion and increase timeout for Markdown Link Checker by @jtracey93 in #235
- Add v1.x.x Q&A to FAQ by @jtracey93 in #238
- logging: parametrize workspace sku and resource specific tags by @olljanat in #239
Full Changelog: v0.8.0...v0.8.1