[Modules] Update ACR module api version to 2022-02-01-preview

modules/Microsoft.ContainerRegistry/registries/.test/parameters.json

@@ -23,6 +23,15 @@
         "trustPolicyStatus": {
             "value": "enabled"
         },
+        "azureADAuthenticationAsArmPolicyStatus": {
+            "value": "enabled"
+        },
+        "softDeletePolicyStatus": {
+            "value": "disabled"
+        },
+        "softDeletePolicyDays": {
+            "value": 7
+        },
         "replications": {
             "value": [
                 {

modules/Microsoft.ContainerRegistry/registries/deploy.bicep

@@ -51,6 +51,23 @@ param retentionPolicyStatus string = 'enabled'
 @description('Optional. The number of days to retain an untagged manifest after which it gets purged.')
 param retentionPolicyDays int = 15
 
+@allowed([
+  'disabled'
+  'enabled'
+])
+@description('Optional. The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. Default is enabled.')
+param azureADAuthenticationAsArmPolicyStatus string = 'enabled'
+
+@allowed([
+  'disabled'
+  'enabled'
+])
+@description('Optional. Soft Delete policy status. Default is disabled.')
+param softDeletePolicyStatus string = 'disabled'
+
+@description('Optional. The number of days after which a soft-deleted item is permanently deleted.')
+param softDeletePolicyDays int = 7
+
 @description('Optional. Enable a single data endpoint per region for serving data. Not relevant in case of disabled public access. Note, requires the \'acrSku\' to be \'Premium\'.')
 param dataEndpointEnabled bool = false
 
@@ -215,7 +232,7 @@ resource cMKKeyVaultKey 'Microsoft.KeyVault/vaults/keys@2021-10-01' existing = i
   scope: resourceGroup(split(cMKKeyVaultResourceId, '/')[2], split(cMKKeyVaultResourceId, '/')[4])
 }
 
-resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' = {
+resource registry 'Microsoft.ContainerRegistry/registries@2022-02-01-preview' = {
   name: name
   location: location
   identity: identity
@@ -233,6 +250,9 @@ resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' = {
       }
     } : null
     policies: {
+      azureADAuthenticationAsArmPolicy: {
+        status: azureADAuthenticationAsArmPolicyStatus
+      }
       exportPolicy: acrSku == 'Premium' ? {
         status: exportPolicyStatus
       } : null
@@ -247,6 +267,10 @@ resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' = {
         days: retentionPolicyDays
         status: retentionPolicyStatus
       } : null
+      softDeletePolicy: {
+        retentionDays: softDeletePolicyDays
+        status: softDeletePolicyStatus
+      }
     }
     dataEndpointEnabled: dataEndpointEnabled
     publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) && empty(networkRuleSetIpRules) ? 'Disabled' : null)

modules/Microsoft.ContainerRegistry/registries/readme.md

@@ -16,9 +16,9 @@ Azure Container Registry is a managed, private Docker registry service based on
 | :-- | :-- |
 | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) |
 | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
-| `Microsoft.ContainerRegistry/registries` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-09-01/registries) |
-| `Microsoft.ContainerRegistry/registries/replications` | [2021-12-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-12-01-preview/registries/replications) |
-| `Microsoft.ContainerRegistry/registries/webhooks` | [2021-12-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-12-01-preview/registries/webhooks) |
+| `Microsoft.ContainerRegistry/registries` | [2022-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2022-02-01-preview/registries) |
+| `Microsoft.ContainerRegistry/registries/replications` | [2022-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2022-02-01-preview/registries/replications) |
+| `Microsoft.ContainerRegistry/registries/webhooks` | [2022-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2022-02-01-preview/registries/webhooks) |
 | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
 | `Microsoft.Network/privateEndpoints` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints) |
 | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints/privateDnsZoneGroups) |
@@ -40,6 +40,7 @@ Azure Container Registry is a managed, private Docker registry service based on
 | :-- | :-- | :-- | :-- | :-- |
 | `acrAdminUserEnabled` | bool | `False` |  | Enable admin user that have push / pull permission to the registry. |
 | `acrSku` | string | `'Basic'` | `[Basic, Premium, Standard]` | Tier of your Azure container registry. |
+| `azureADAuthenticationAsArmPolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. Default is enabled. |
 | `cMKKeyName` | string | `''` |  | The name of the customer managed key to use for encryption. Note, CMK requires the 'acrSku' to be 'Premium'. |
 | `cMKKeyVaultResourceId` | string | `''` |  | The resource ID of a key vault to reference a customer managed key for encryption from. Note, CMK requires the 'acrSku' to be 'Premium'. |
 | `cMKKeyVersion` | string | `''` |  | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. |
@@ -66,6 +67,8 @@ Azure Container Registry is a managed, private Docker registry service based on
 | `retentionPolicyDays` | int | `15` |  | The number of days to retain an untagged manifest after which it gets purged. |
 | `retentionPolicyStatus` | string | `'enabled'` | `[disabled, enabled]` | The value that indicates whether the retention policy is enabled or not. |
 | `roleAssignments` | array | `[]` |  | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
+| `softDeletePolicyDays` | int | `7` |  | The number of days after which a soft-deleted item is permanently deleted. |
+| `softDeletePolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | Soft Delete policy status. Default is disabled. |
 | `systemAssignedIdentity` | bool | `False` |  | Enables system assigned managed identity on the resource. |
 | `tags` | object | `{object}` |  | Tags of the resource. |
 | `trustPolicyStatus` | string | `'disabled'` | `[disabled, enabled]` | The value that indicates whether the trust policy is enabled or not. |
@@ -470,6 +473,7 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
     // Non-required parameters
     acrAdminUserEnabled: false
     acrSku: 'Premium'
+    azureADAuthenticationAsArmPolicyStatus: 'enabled'
     diagnosticEventHubAuthorizationRuleId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey'
     diagnosticEventHubName: 'adp-<<namePrefix>>-az-evh-x-001'
     diagnosticLogsRetentionInDays: 7
@@ -509,6 +513,8 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
         roleDefinitionIdOrName: 'Reader'
       }
     ]
+    softDeletePolicyDays: 7
+    softDeletePolicyStatus: 'disabled'
     systemAssignedIdentity: true
     trustPolicyStatus: 'enabled'
     userAssignedIdentities: {
@@ -547,6 +553,9 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
     "acrSku": {
       "value": "Premium"
     },
+    "azureADAuthenticationAsArmPolicyStatus": {
+      "value": "enabled"
+    },
     "diagnosticEventHubAuthorizationRuleId": {
       "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<<namePrefix>>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey"
     },
@@ -610,6 +619,12 @@ module registries './Microsoft.ContainerRegistry/registries/deploy.bicep' = {
         }
       ]
     },
+    "softDeletePolicyDays": {
+      "value": 7
+    },
+    "softDeletePolicyStatus": {
+      "value": "disabled"
+    },
     "systemAssignedIdentity": {
       "value": true
     },

modules/Microsoft.ContainerRegistry/registries/replications/deploy.bicep

@@ -35,11 +35,11 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena
   }
 }
 
-resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' existing = {
+resource registry 'Microsoft.ContainerRegistry/registries@2022-02-01-preview' existing = {
   name: registryName
 }
 
-resource replication 'Microsoft.ContainerRegistry/registries/replications@2021-12-01-preview' = {
+resource replication 'Microsoft.ContainerRegistry/registries/replications@2022-02-01-preview' = {
   name: name
   parent: registry
   location: location

modules/Microsoft.ContainerRegistry/registries/replications/readme.md

@@ -13,7 +13,7 @@ This module deploys ContainerRegistry Registries Replications.
 
 | Resource Type | API Version |
 | :-- | :-- |
-| `Microsoft.ContainerRegistry/registries/replications` | [2021-12-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-12-01-preview/registries/replications) |
+| `Microsoft.ContainerRegistry/registries/replications` | [2022-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2022-02-01-preview/registries/replications) |
 
 ## Parameters
 

modules/Microsoft.ContainerRegistry/registries/webhooks/deploy.bicep

@@ -52,11 +52,11 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena
   }
 }
 
-resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' existing = {
+resource registry 'Microsoft.ContainerRegistry/registries@2022-02-01-preview' existing = {
   name: registryName
 }
 
-resource webhook 'Microsoft.ContainerRegistry/registries/webhooks@2021-12-01-preview' = {
+resource webhook 'Microsoft.ContainerRegistry/registries/webhooks@2022-02-01-preview' = {
   name: name
   parent: registry
   location: location

modules/Microsoft.ContainerRegistry/registries/webhooks/readme.md

@@ -13,7 +13,7 @@ This module deploys ContainerRegistry Registries Webhooks.
 
 | Resource Type | API Version |
 | :-- | :-- |
-| `Microsoft.ContainerRegistry/registries/webhooks` | [2021-12-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-12-01-preview/registries/webhooks) |
+| `Microsoft.ContainerRegistry/registries/webhooks` | [2022-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2022-02-01-preview/registries/webhooks) |
 
 ## Parameters