diff --git a/infra/core/ai-search/ai-search.bicep b/infra/core/ai-search/ai-search.bicep index a02dfe5..2d51c6e 100644 --- a/infra/core/ai-search/ai-search.bicep +++ b/infra/core/ai-search/ai-search.bicep @@ -10,7 +10,7 @@ param location string = resourceGroup().location @description('Array of objects with fields principalId, principalType, roleDefinitionId') param roleAssignments array = [] -@allowed([ 'enabled', 'disabled' ]) +@allowed(['enabled', 'disabled']) param publicNetworkAccess string = 'enabled' resource aiSearch 'Microsoft.Search/searchServices@2024-03-01-preview' = { diff --git a/infra/core/aks/aks.bicep b/infra/core/aks/aks.bicep index 07d6e71..14ebfb3 100644 --- a/infra/core/aks/aks.bicep +++ b/infra/core/aks/aks.bicep @@ -117,9 +117,9 @@ resource aks 'Microsoft.ContainerService/managedClusters@2024-09-02-preview' = { } } networkProfile: { - serviceCidr: '10.3.0.0/16' // must not overlap with any subnet IP ranges - dnsServiceIP: '10.3.0.10' // must be within the range specified in serviceCidr - podCidr: '10.244.0.0/16' // IP range from which to assign pod IPs + serviceCidr: '10.3.0.0/16' // must not overlap with any subnet IP ranges + dnsServiceIP: '10.3.0.10' // must be within the range specified in serviceCidr + podCidr: '10.244.0.0/16' // IP range from which to assign pod IPs } autoUpgradeProfile: autoUpgradeProfile oidcIssuerProfile: { diff --git a/infra/core/aoai/aoai.bicep b/infra/core/aoai/aoai.bicep index e99b582..37f3f94 100644 --- a/infra/core/aoai/aoai.bicep +++ b/infra/core/aoai/aoai.bicep @@ -19,7 +19,6 @@ param textEmbeddingAdaTpm int = 10 @description('Array of objects with fields principalId, roleDefinitionId') param roleAssignments array = [] - resource aoai 'Microsoft.CognitiveServices/accounts@2024-10-01' = { name: openAiName location: location diff --git a/infra/core/cosmosdb/cosmosdb.bicep b/infra/core/cosmosdb/cosmosdb.bicep index 1aecdb4..ef8782f 100644 --- a/infra/core/cosmosdb/cosmosdb.bicep +++ b/infra/core/cosmosdb/cosmosdb.bicep @@ -7,7 +7,7 @@ param cosmosDbName string @description('The location of the CosmosDB resource.') param location string = resourceGroup().location -@allowed([ 'Enabled', 'Disabled' ]) +@allowed(['Enabled', 'Disabled']) param publicNetworkAccess string = 'Disabled' @description('Role definition id to assign to the principal. Learn more: https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-rbac') @@ -22,7 +22,6 @@ param roleDefinitionId array = [ param principalId string - resource cosmosDb 'Microsoft.DocumentDB/databaseAccounts@2024-11-15' = { name: cosmosDbName location: location diff --git a/infra/core/identity/identity.bicep b/infra/core/identity/identity.bicep index b6f8e56..0cb0fb5 100644 --- a/infra/core/identity/identity.bicep +++ b/infra/core/identity/identity.bicep @@ -10,7 +10,6 @@ param location string = resourceGroup().location @description('federated name: FederatedIdentityCredentialProperties. See https://learn.microsoft.com/en-us/azure/templates/microsoft.managedidentity/userassignedidentities/federatedidentitycredentials?pivots=deployment-language-bicep#federatedidentitycredentialproperties') param federatedCredentials object = {} - resource identity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { name: name location: location diff --git a/infra/core/log-analytics/log.bicep b/infra/core/log-analytics/log.bicep index cd33261..0c85dbf 100644 --- a/infra/core/log-analytics/log.bicep +++ b/infra/core/log-analytics/log.bicep @@ -10,7 +10,6 @@ param location string = resourceGroup().location @description('The public network access for ingestion.') param publicNetworkAccessForIngestion string = 'Disabled' - resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = { name: name location: location diff --git a/infra/core/monitor/private-link-scope.bicep b/infra/core/monitor/private-link-scope.bicep index 54e18c1..76050c8 100644 --- a/infra/core/monitor/private-link-scope.bicep +++ b/infra/core/monitor/private-link-scope.bicep @@ -6,7 +6,6 @@ param privateLinkScopedResources array = [] param queryAccessMode string = 'Open' param ingestionAccessMode string = 'PrivateOnly' - resource privateLinkScope 'microsoft.insights/privateLinkScopes@2021-07-01-preview' = { name: privateLinkScopeName location: 'global' diff --git a/infra/core/storage/storage.bicep b/infra/core/storage/storage.bicep index 8f6fa03..aa578b9 100644 --- a/infra/core/storage/storage.bicep +++ b/infra/core/storage/storage.bicep @@ -7,13 +7,13 @@ param name string @description('The location of the Storage Account resource.') param location string = resourceGroup().location -@allowed([ 'Hot', 'Cool', 'Premium' ]) +@allowed(['Hot', 'Cool', 'Premium']) param accessTier string = 'Hot' -@allowed([ 'AzureDnsZone', 'Standard' ]) +@allowed(['AzureDnsZone', 'Standard']) param dnsEndpointType string = 'Standard' -@allowed([ 'Enabled', 'Disabled' ]) +@allowed(['Enabled', 'Disabled']) param publicNetworkAccess string = 'Disabled' @description('Array of objects with fields principalId, principalType, roleDefinitionId') @@ -29,7 +29,6 @@ param kind string = 'StorageV2' param minimumTlsVersion string = 'TLS1_2' param containers array = [] - resource storage 'Microsoft.Storage/storageAccounts@2023-01-01' = { name: name location: location diff --git a/infra/core/vnet/private-dns-vnet-link.bicep b/infra/core/vnet/private-dns-vnet-link.bicep index fcd29d0..9546a86 100644 --- a/infra/core/vnet/private-dns-vnet-link.bicep +++ b/infra/core/vnet/private-dns-vnet-link.bicep @@ -5,7 +5,6 @@ param vnetId string param privateDnsZoneName string var vnet_id_hash = uniqueString(vnetId) - resource dnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { name: privateDnsZoneName location: 'global' diff --git a/infra/core/vnet/private-dns-zone-a-record.bicep b/infra/core/vnet/private-dns-zone-a-record.bicep index c1e1739..0435659 100644 --- a/infra/core/vnet/private-dns-zone-a-record.bicep +++ b/infra/core/vnet/private-dns-zone-a-record.bicep @@ -13,7 +13,6 @@ param ttl int = 900 @description('The IP address') param ipv4Address string - resource dnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' existing = { name: dnsZoneName } diff --git a/infra/core/vnet/private-dns-zone.bicep b/infra/core/vnet/private-dns-zone.bicep index 35d7f52..431c101 100644 --- a/infra/core/vnet/private-dns-zone.bicep +++ b/infra/core/vnet/private-dns-zone.bicep @@ -7,7 +7,6 @@ param name string @description('The name of the virtual networks the DNS zone should be associated with.') param vnetNames string[] - resource dnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = { name: name location: 'global' diff --git a/infra/core/vnet/private-endpoint.bicep b/infra/core/vnet/private-endpoint.bicep index 0d0eb32..6d7b6c0 100644 --- a/infra/core/vnet/private-endpoint.bicep +++ b/infra/core/vnet/private-endpoint.bicep @@ -14,7 +14,6 @@ param privateEndpointName string param groupId string param location string = resourceGroup().location - resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-05-01' = { name: privateEndpointName location: location diff --git a/infra/core/vnet/privatelink-private-dns-zones.bicep b/infra/core/vnet/privatelink-private-dns-zones.bicep index a6c57f1..89f15e2 100644 --- a/infra/core/vnet/privatelink-private-dns-zones.bicep +++ b/infra/core/vnet/privatelink-private-dns-zones.bicep @@ -11,8 +11,12 @@ var storagePrivateDnsZoneNames = [blobStoragePrivateDnsZoneName] var privateDnsZoneData = loadJsonContent('private-dns-zone-groups.json') var cloudName = toLower(environment().name) var azureMonitorPrivateDnsZones = privateDnsZoneData[cloudName].azureMonitor -var privateDnsZones = union(azureMonitorPrivateDnsZones, storagePrivateDnsZoneNames, [cosmosDbPrivateDnsZoneName], [aiSearchPrivateDnsZoneName]) - +var privateDnsZones = union( + azureMonitorPrivateDnsZones, + storagePrivateDnsZoneNames, + [cosmosDbPrivateDnsZoneName], + [aiSearchPrivateDnsZoneName] +) resource privateDnsZoneResources 'Microsoft.Network/privateDnsZones@2020-06-01' = [ for name in privateDnsZones: { diff --git a/infra/core/vnet/vnet-dns-link.bicep b/infra/core/vnet/vnet-dns-link.bicep index 27448b8..5ce16f1 100644 --- a/infra/core/vnet/vnet-dns-link.bicep +++ b/infra/core/vnet/vnet-dns-link.bicep @@ -4,7 +4,6 @@ param privateDnsZoneName string param vnetIds array - resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' existing = { name: privateDnsZoneName }