From 2c228019ab41fde809e52041b58861c383cb0056 Mon Sep 17 00:00:00 2001 From: Tao Yang Date: Fri, 16 Sep 2022 18:07:17 +1000 Subject: [PATCH 1/8] update ACR module api version to 2022-02-01-preview --- .../registries/.test/parameters.json | 9 +++++++ .../registries/deploy.bicep | 26 ++++++++++++++++++- 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/modules/Microsoft.ContainerRegistry/registries/.test/parameters.json b/modules/Microsoft.ContainerRegistry/registries/.test/parameters.json index 3731d51492..a9dd6320b2 100644 --- a/modules/Microsoft.ContainerRegistry/registries/.test/parameters.json +++ b/modules/Microsoft.ContainerRegistry/registries/.test/parameters.json @@ -23,6 +23,15 @@ "trustPolicyStatus": { "value": "enabled" }, + "azureADAuthenticationAsArmPolicyStatus": { + "value": "enabled" + }, + "softDeletePolicyStatus": { + "value": "enabled" + }, + "softDeletePolicyDays": { + "value": 7 + }, "replications": { "value": [ { diff --git a/modules/Microsoft.ContainerRegistry/registries/deploy.bicep b/modules/Microsoft.ContainerRegistry/registries/deploy.bicep index 7226d5f11e..8b0e06cf43 100644 --- a/modules/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/modules/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -51,6 +51,23 @@ param retentionPolicyStatus string = 'enabled' @description('Optional. The number of days to retain an untagged manifest after which it gets purged.') param retentionPolicyDays int = 15 +@allowed([ + 'disabled' + 'enabled' +]) +@description('Optional. The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not.') +param azureADAuthenticationAsArmPolicyStatus string = 'enabled' + +@allowed([ + 'disabled' + 'enabled' +]) +@description('Optional. Soft Delete policy status.') +param softDeletePolicyStatus string = 'enabled' + +@description('Optional. The number of days after which a soft-deleted item is permanently deleted.') +param softDeletePolicyDays int = 7 + @description('Optional. Enable a single data endpoint per region for serving data. Not relevant in case of disabled public access. Note, requires the \'acrSku\' to be \'Premium\'.') param dataEndpointEnabled bool = false @@ -215,7 +232,7 @@ resource cMKKeyVaultKey 'Microsoft.KeyVault/vaults/keys@2021-10-01' existing = i scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4]) } -resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' = { +resource registry 'Microsoft.ContainerRegistry/registries@2022-02-01-preview' = { name: name location: location identity: identity @@ -233,6 +250,9 @@ resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' = { } } : null policies: { + azureADAuthenticationAsArmPolicy: { + status: azureADAuthenticationAsArmPolicyStatus + } exportPolicy: acrSku == 'Premium' ? { status: exportPolicyStatus } : null @@ -247,6 +267,10 @@ resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' = { days: retentionPolicyDays status: retentionPolicyStatus } : null + softDeletePolicy: { + retentionDays: softDeletePolicyDays + status: softDeletePolicyStatus + } } dataEndpointEnabled: dataEndpointEnabled publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) && empty(networkRuleSetIpRules) ? 'Disabled' : null) From 3650bb4b626fb6b583c378fefd98774004dbc6fb Mon Sep 17 00:00:00 2001 From: Tao Yang Date: Fri, 16 Sep 2022 18:22:32 +1000 Subject: [PATCH 2/8] add new parameters to readme --- modules/Microsoft.ContainerRegistry/registries/readme.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/Microsoft.ContainerRegistry/registries/readme.md b/modules/Microsoft.ContainerRegistry/registries/readme.md index 5c4d9ea65c..7672ecfda5 100644 --- a/modules/Microsoft.ContainerRegistry/registries/readme.md +++ b/modules/Microsoft.ContainerRegistry/registries/readme.md @@ -69,6 +69,9 @@ Azure Container Registry is a managed, private Docker registry service based on | `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Tags of the resource. | | `trustPolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | The value that indicates whether the trust policy is enabled or not. | +| `azureADAuthenticationAsArmPolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | The value that indicates whether the Azure AD authentication as ARM policy is enabled or not. | +| `softDeletePolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | Optional. Soft Delete policy status. | +| `softDeletePolicyDays` | int | `7` | | Optional. The number of days after which a soft-deleted item is permanently deleted. | | `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | | `webhooks` | _[webhooks](webhooks/readme.md)_ array | `[]` | | All webhooks to create. | | `zoneRedundancy` | string | `'Disabled'` | `[Disabled, Enabled]` | Whether or not zone redundancy is enabled for this container registry. | From 2f470f9e3da1393bf6c10c56a454dfbbce02ae0e Mon Sep 17 00:00:00 2001 From: Tao Yang Date: Mon, 19 Sep 2022 21:48:16 +1000 Subject: [PATCH 3/8] PR review update --- .../registries/deploy.bicep | 2 +- .../registries/readme.md | 24 ++++++++++++++----- .../registries/replications/deploy.bicep | 4 ++-- .../registries/replications/readme.md | 2 +- .../registries/webhooks/deploy.bicep | 4 ++-- .../registries/webhooks/readme.md | 2 +- 6 files changed, 25 insertions(+), 13 deletions(-) diff --git a/modules/Microsoft.ContainerRegistry/registries/deploy.bicep b/modules/Microsoft.ContainerRegistry/registries/deploy.bicep index 8b0e06cf43..0b534ca805 100644 --- a/modules/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/modules/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -63,7 +63,7 @@ param azureADAuthenticationAsArmPolicyStatus string = 'enabled' 'enabled' ]) @description('Optional. Soft Delete policy status.') -param softDeletePolicyStatus string = 'enabled' +param softDeletePolicyStatus string = 'disabled' @description('Optional. The number of days after which a soft-deleted item is permanently deleted.') param softDeletePolicyDays int = 7 diff --git a/modules/Microsoft.ContainerRegistry/registries/readme.md b/modules/Microsoft.ContainerRegistry/registries/readme.md index 7672ecfda5..b2c4e82328 100644 --- a/modules/Microsoft.ContainerRegistry/registries/readme.md +++ b/modules/Microsoft.ContainerRegistry/registries/readme.md @@ -16,9 +16,9 @@ Azure Container Registry is a managed, private Docker registry service based on | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.ContainerRegistry/registries` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-09-01/registries) | -| `Microsoft.ContainerRegistry/registries/replications` | [2021-12-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-12-01-preview/registries/replications) | -| `Microsoft.ContainerRegistry/registries/webhooks` | [2021-12-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-12-01-preview/registries/webhooks) | +| `Microsoft.ContainerRegistry/registries` | [2022-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2022-02-01-preview/registries) | +| `Microsoft.ContainerRegistry/registries/replications` | [2022-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2022-02-01-preview/registries/replications) | +| `Microsoft.ContainerRegistry/registries/webhooks` | [2022-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2022-02-01-preview/registries/webhooks) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/privateEndpoints` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints/privateDnsZoneGroups) | @@ -40,6 +40,7 @@ Azure Container Registry is a managed, private Docker registry service based on | :-- | :-- | :-- | :-- | :-- | | `acrAdminUserEnabled` | bool | `False` | | Enable admin user that have push / pull permission to the registry. | | `acrSku` | string | `'Basic'` | `[Basic, Premium, Standard]` | Tier of your Azure container registry. | +| `azureADAuthenticationAsArmPolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. | | `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. Note, CMK requires the 'acrSku' to be 'Premium'. | | `cMKKeyVaultResourceId` | string | `''` | | The resource ID of a key vault to reference a customer managed key for encryption from. Note, CMK requires the 'acrSku' to be 'Premium'. | | `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | @@ -66,12 +67,11 @@ Azure Container Registry is a managed, private Docker registry service based on | `retentionPolicyDays` | int | `15` | | The number of days to retain an untagged manifest after which it gets purged. | | `retentionPolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | The value that indicates whether the retention policy is enabled or not. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| `softDeletePolicyDays` | int | `7` | | The number of days after which a soft-deleted item is permanently deleted. | +| `softDeletePolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | Soft Delete policy status. | | `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Tags of the resource. | | `trustPolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | The value that indicates whether the trust policy is enabled or not. | -| `azureADAuthenticationAsArmPolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | The value that indicates whether the Azure AD authentication as ARM policy is enabled or not. | -| `softDeletePolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | Optional. Soft Delete policy status. | -| `softDeletePolicyDays` | int | `7` | | Optional. The number of days after which a soft-deleted item is permanently deleted. | | `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | | `webhooks` | _[webhooks](webhooks/readme.md)_ array | `[]` | | All webhooks to create. | | `zoneRedundancy` | string | `'Disabled'` | `[Disabled, Enabled]` | Whether or not zone redundancy is enabled for this container registry. | @@ -473,6 +473,7 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = { // Non-required parameters acrAdminUserEnabled: false acrSku: 'Premium' + azureADAuthenticationAsArmPolicyStatus: 'enabled' diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' diagnosticEventHubName: 'adp-<>-az-evh-x-001' diagnosticLogsRetentionInDays: 7 @@ -512,6 +513,8 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = { roleDefinitionIdOrName: 'Reader' } ] + softDeletePolicyDays: 7 + softDeletePolicyStatus: 'enabled' systemAssignedIdentity: true trustPolicyStatus: 'enabled' userAssignedIdentities: { @@ -550,6 +553,9 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = { "acrSku": { "value": "Premium" }, + "azureADAuthenticationAsArmPolicyStatus": { + "value": "enabled" + }, "diagnosticEventHubAuthorizationRuleId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" }, @@ -613,6 +619,12 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = { } ] }, + "softDeletePolicyDays": { + "value": 7 + }, + "softDeletePolicyStatus": { + "value": "enabled" + }, "systemAssignedIdentity": { "value": true }, diff --git a/modules/Microsoft.ContainerRegistry/registries/replications/deploy.bicep b/modules/Microsoft.ContainerRegistry/registries/replications/deploy.bicep index 515f6da4f9..90da6e1dad 100644 --- a/modules/Microsoft.ContainerRegistry/registries/replications/deploy.bicep +++ b/modules/Microsoft.ContainerRegistry/registries/replications/deploy.bicep @@ -35,11 +35,11 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' existing = { +resource registry 'Microsoft.ContainerRegistry/registries@2022-02-01-preview' existing = { name: registryName } -resource replication 'Microsoft.ContainerRegistry/registries/replications@2021-12-01-preview' = { +resource replication 'Microsoft.ContainerRegistry/registries/replications@2022-02-01-preview' = { name: name parent: registry location: location diff --git a/modules/Microsoft.ContainerRegistry/registries/replications/readme.md b/modules/Microsoft.ContainerRegistry/registries/replications/readme.md index a032e90e9c..425640b565 100644 --- a/modules/Microsoft.ContainerRegistry/registries/replications/readme.md +++ b/modules/Microsoft.ContainerRegistry/registries/replications/readme.md @@ -13,7 +13,7 @@ This module deploys ContainerRegistry Registries Replications. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ContainerRegistry/registries/replications` | [2021-12-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-12-01-preview/registries/replications) | +| `Microsoft.ContainerRegistry/registries/replications` | [2022-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2022-02-01-preview/registries/replications) | ## Parameters diff --git a/modules/Microsoft.ContainerRegistry/registries/webhooks/deploy.bicep b/modules/Microsoft.ContainerRegistry/registries/webhooks/deploy.bicep index a05764cfbe..f58bcf3da6 100644 --- a/modules/Microsoft.ContainerRegistry/registries/webhooks/deploy.bicep +++ b/modules/Microsoft.ContainerRegistry/registries/webhooks/deploy.bicep @@ -52,11 +52,11 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' existing = { +resource registry 'Microsoft.ContainerRegistry/registries@2022-02-01-preview' existing = { name: registryName } -resource webhook 'Microsoft.ContainerRegistry/registries/webhooks@2021-12-01-preview' = { +resource webhook 'Microsoft.ContainerRegistry/registries/webhooks@2022-02-01-preview' = { name: name parent: registry location: location diff --git a/modules/Microsoft.ContainerRegistry/registries/webhooks/readme.md b/modules/Microsoft.ContainerRegistry/registries/webhooks/readme.md index fd6fb38fa8..d009a3e881 100644 --- a/modules/Microsoft.ContainerRegistry/registries/webhooks/readme.md +++ b/modules/Microsoft.ContainerRegistry/registries/webhooks/readme.md @@ -13,7 +13,7 @@ This module deploys ContainerRegistry Registries Webhooks. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.ContainerRegistry/registries/webhooks` | [2021-12-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-12-01-preview/registries/webhooks) | +| `Microsoft.ContainerRegistry/registries/webhooks` | [2022-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2022-02-01-preview/registries/webhooks) | ## Parameters From 93187acb4923b050848016b6cfb88c6c0500ea30 Mon Sep 17 00:00:00 2001 From: Tao Yang Date: Mon, 19 Sep 2022 22:15:59 +1000 Subject: [PATCH 4/8] update --- modules/Microsoft.ContainerRegistry/registries/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.ContainerRegistry/registries/readme.md b/modules/Microsoft.ContainerRegistry/registries/readme.md index b2c4e82328..4110468bee 100644 --- a/modules/Microsoft.ContainerRegistry/registries/readme.md +++ b/modules/Microsoft.ContainerRegistry/registries/readme.md @@ -68,7 +68,7 @@ Azure Container Registry is a managed, private Docker registry service based on | `retentionPolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | The value that indicates whether the retention policy is enabled or not. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `softDeletePolicyDays` | int | `7` | | The number of days after which a soft-deleted item is permanently deleted. | -| `softDeletePolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | Soft Delete policy status. | +| `softDeletePolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | Soft Delete policy status. | | `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Tags of the resource. | | `trustPolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | The value that indicates whether the trust policy is enabled or not. | From 04e3e92b87600d63d16578e3772c14009d243ac0 Mon Sep 17 00:00:00 2001 From: Tao Yang Date: Mon, 19 Sep 2022 22:23:55 +1000 Subject: [PATCH 5/8] update --- modules/Microsoft.ContainerRegistry/registries/deploy.bicep | 4 ++-- modules/Microsoft.ContainerRegistry/registries/readme.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/Microsoft.ContainerRegistry/registries/deploy.bicep b/modules/Microsoft.ContainerRegistry/registries/deploy.bicep index 0b534ca805..c7868415c4 100644 --- a/modules/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/modules/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -55,14 +55,14 @@ param retentionPolicyDays int = 15 'disabled' 'enabled' ]) -@description('Optional. The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not.') +@description('Optional. The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. default is enabled') param azureADAuthenticationAsArmPolicyStatus string = 'enabled' @allowed([ 'disabled' 'enabled' ]) -@description('Optional. Soft Delete policy status.') +@description('Optional. Soft Delete policy status. default is disabled.') param softDeletePolicyStatus string = 'disabled' @description('Optional. The number of days after which a soft-deleted item is permanently deleted.') diff --git a/modules/Microsoft.ContainerRegistry/registries/readme.md b/modules/Microsoft.ContainerRegistry/registries/readme.md index 4110468bee..b2f7f83164 100644 --- a/modules/Microsoft.ContainerRegistry/registries/readme.md +++ b/modules/Microsoft.ContainerRegistry/registries/readme.md @@ -40,7 +40,7 @@ Azure Container Registry is a managed, private Docker registry service based on | :-- | :-- | :-- | :-- | :-- | | `acrAdminUserEnabled` | bool | `False` | | Enable admin user that have push / pull permission to the registry. | | `acrSku` | string | `'Basic'` | `[Basic, Premium, Standard]` | Tier of your Azure container registry. | -| `azureADAuthenticationAsArmPolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. | +| `azureADAuthenticationAsArmPolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. default is enabled | | `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. Note, CMK requires the 'acrSku' to be 'Premium'. | | `cMKKeyVaultResourceId` | string | `''` | | The resource ID of a key vault to reference a customer managed key for encryption from. Note, CMK requires the 'acrSku' to be 'Premium'. | | `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | @@ -68,7 +68,7 @@ Azure Container Registry is a managed, private Docker registry service based on | `retentionPolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | The value that indicates whether the retention policy is enabled or not. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `softDeletePolicyDays` | int | `7` | | The number of days after which a soft-deleted item is permanently deleted. | -| `softDeletePolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | Soft Delete policy status. | +| `softDeletePolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | Soft Delete policy status. default is disabled. | | `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Tags of the resource. | | `trustPolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | The value that indicates whether the trust policy is enabled or not. | From 33c9395a9576da5e392c6e15bbd8dfda07ae74f4 Mon Sep 17 00:00:00 2001 From: Tao Yang Date: Mon, 19 Sep 2022 22:30:56 +1000 Subject: [PATCH 6/8] update --- modules/Microsoft.ContainerRegistry/registries/deploy.bicep | 4 ++-- modules/Microsoft.ContainerRegistry/registries/readme.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/Microsoft.ContainerRegistry/registries/deploy.bicep b/modules/Microsoft.ContainerRegistry/registries/deploy.bicep index c7868415c4..1b04b440ce 100644 --- a/modules/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/modules/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -55,14 +55,14 @@ param retentionPolicyDays int = 15 'disabled' 'enabled' ]) -@description('Optional. The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. default is enabled') +@description('Optional. The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. Default is enabled.') param azureADAuthenticationAsArmPolicyStatus string = 'enabled' @allowed([ 'disabled' 'enabled' ]) -@description('Optional. Soft Delete policy status. default is disabled.') +@description('Optional. Soft Delete policy status. Default is disabled.') param softDeletePolicyStatus string = 'disabled' @description('Optional. The number of days after which a soft-deleted item is permanently deleted.') diff --git a/modules/Microsoft.ContainerRegistry/registries/readme.md b/modules/Microsoft.ContainerRegistry/registries/readme.md index b2f7f83164..b591dcfec3 100644 --- a/modules/Microsoft.ContainerRegistry/registries/readme.md +++ b/modules/Microsoft.ContainerRegistry/registries/readme.md @@ -40,7 +40,7 @@ Azure Container Registry is a managed, private Docker registry service based on | :-- | :-- | :-- | :-- | :-- | | `acrAdminUserEnabled` | bool | `False` | | Enable admin user that have push / pull permission to the registry. | | `acrSku` | string | `'Basic'` | `[Basic, Premium, Standard]` | Tier of your Azure container registry. | -| `azureADAuthenticationAsArmPolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. default is enabled | +| `azureADAuthenticationAsArmPolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. Default is enabled. | | `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. Note, CMK requires the 'acrSku' to be 'Premium'. | | `cMKKeyVaultResourceId` | string | `''` | | The resource ID of a key vault to reference a customer managed key for encryption from. Note, CMK requires the 'acrSku' to be 'Premium'. | | `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | @@ -68,7 +68,7 @@ Azure Container Registry is a managed, private Docker registry service based on | `retentionPolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | The value that indicates whether the retention policy is enabled or not. | | `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | `softDeletePolicyDays` | int | `7` | | The number of days after which a soft-deleted item is permanently deleted. | -| `softDeletePolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | Soft Delete policy status. default is disabled. | +| `softDeletePolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | Soft Delete policy status. Default is disabled. | | `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | | `tags` | object | `{object}` | | Tags of the resource. | | `trustPolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | The value that indicates whether the trust policy is enabled or not. | From c8df5927c0bb2ecbc89628a7c90e17c327aed90c Mon Sep 17 00:00:00 2001 From: Tao Yang Date: Mon, 19 Sep 2022 23:09:33 +1000 Subject: [PATCH 7/8] update --- .../registries/.test/parameters.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.ContainerRegistry/registries/.test/parameters.json b/modules/Microsoft.ContainerRegistry/registries/.test/parameters.json index a9dd6320b2..518df211a7 100644 --- a/modules/Microsoft.ContainerRegistry/registries/.test/parameters.json +++ b/modules/Microsoft.ContainerRegistry/registries/.test/parameters.json @@ -27,7 +27,7 @@ "value": "enabled" }, "softDeletePolicyStatus": { - "value": "enabled" + "value": "disabled" }, "softDeletePolicyDays": { "value": 7 From 15137e943c0d23e955fb30811a93e83be4f6da30 Mon Sep 17 00:00:00 2001 From: Tao Yang Date: Mon, 19 Sep 2022 23:14:48 +1000 Subject: [PATCH 8/8] update --- modules/Microsoft.ContainerRegistry/registries/readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.ContainerRegistry/registries/readme.md b/modules/Microsoft.ContainerRegistry/registries/readme.md index b591dcfec3..785a83e5bf 100644 --- a/modules/Microsoft.ContainerRegistry/registries/readme.md +++ b/modules/Microsoft.ContainerRegistry/registries/readme.md @@ -514,7 +514,7 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = { } ] softDeletePolicyDays: 7 - softDeletePolicyStatus: 'enabled' + softDeletePolicyStatus: 'disabled' systemAssignedIdentity: true trustPolicyStatus: 'enabled' userAssignedIdentities: { @@ -623,7 +623,7 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = { "value": 7 }, "softDeletePolicyStatus": { - "value": "enabled" + "value": "disabled" }, "systemAssignedIdentity": { "value": true