From c19650f3aac599ae72aeae0f6857a976187c6b5f Mon Sep 17 00:00:00 2001 From: Paul Lewis Date: Wed, 7 Aug 2024 17:08:13 +0000 Subject: [PATCH] Updated API versions to latest version available --- bicep/aksmetricalerts.bicep | 2 +- bicep/aksnetcontrib.bicep | 4 ++-- bicep/keyvault.bicep | 2 +- bicep/keyvaultkey.bicep | 4 ++-- bicep/keyvaultrbac.bicep | 2 +- bicep/main.bicep | 8 ++++---- bicep/nsg.bicep | 22 +++++++++++----------- 7 files changed, 22 insertions(+), 22 deletions(-) diff --git a/bicep/aksmetricalerts.bicep b/bicep/aksmetricalerts.bicep index 774fd3df5..8786c08f0 100644 --- a/bicep/aksmetricalerts.bicep +++ b/bicep/aksmetricalerts.bicep @@ -720,7 +720,7 @@ resource PV_usage_violates_the_configured_threshold_for_clustername_CI_21 'micro } -resource Daily_law_datacap 'Microsoft.Insights/scheduledQueryRules@2022-08-01-preview' = { +resource Daily_law_datacap 'Microsoft.Insights/scheduledQueryRules@2023-12-01' = { name: 'Daily data cap breached for workspace ${logAnalyticsWorkspaceName} CIQ-1' location: logAnalyticsWorkspaceLocation properties: { diff --git a/bicep/aksnetcontrib.bicep b/bicep/aksnetcontrib.bicep index d54167578..9ce5a839b 100644 --- a/bicep/aksnetcontrib.bicep +++ b/bicep/aksnetcontrib.bicep @@ -20,12 +20,12 @@ var existingAksVnetName = !empty(byoAKSSubnetId) ? split(byoAKSSubnetId, '/')[8] resource existingvnet 'Microsoft.Network/virtualNetworks@2023-04-01' existing = { name: existingAksVnetName } -resource existingAksSubnet 'Microsoft.Network/virtualNetworks/subnets@2023-09-01' existing = { +resource existingAksSubnet 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = { parent: existingvnet name: existingAksSubnetName } -resource existingAksPodSubnet 'Microsoft.Network/virtualNetworks/subnets@2023-09-01' existing = { +resource existingAksPodSubnet 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' existing = { parent: existingvnet name: existingAksPodSubnetName } diff --git a/bicep/keyvault.bicep b/bicep/keyvault.bicep index 2ba5b82aa..cc87dc850 100644 --- a/bicep/keyvault.bicep +++ b/bicep/keyvault.bicep @@ -27,7 +27,7 @@ var kvIPRules = [for kvIp in keyVaultIPAllowlist: { value: kvIp }] -resource kv 'Microsoft.KeyVault/vaults@2022-07-01' = { +resource kv 'Microsoft.KeyVault/vaults@2023-07-01' = { name: akvName location: location properties: { diff --git a/bicep/keyvaultkey.bicep b/bicep/keyvaultkey.bicep index c564cfbba..31189285e 100644 --- a/bicep/keyvaultkey.bicep +++ b/bicep/keyvaultkey.bicep @@ -1,10 +1,10 @@ param keyVaultName string -resource kv 'Microsoft.KeyVault/vaults@2022-07-01' existing = { +resource kv 'Microsoft.KeyVault/vaults@2023-07-01' existing = { name: keyVaultName } -resource kvKmsKey 'Microsoft.KeyVault/vaults/keys@2022-07-01' = { +resource kvKmsKey 'Microsoft.KeyVault/vaults/keys@2024-04-01-preview' = { name: 'kmskey' parent: kv properties: { diff --git a/bicep/keyvaultrbac.bicep b/bicep/keyvaultrbac.bicep index eeae10120..f351028dd 100644 --- a/bicep/keyvaultrbac.bicep +++ b/bicep/keyvaultrbac.bicep @@ -48,7 +48,7 @@ var keyVaultCryptoUserRole = subscriptionResourceId('Microsoft.Authorization/rol var keyVaultCryptoOfficerRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '14b46e9e-c2b7-41b4-b07b-48a6ebf60603') var keyVaultCryptoServiceEncrpytionRole = subscriptionResourceId('Microsoft.Authorization/roleDefinitions','e147488a-f6f5-4113-8e2d-b22465e65bf6') -resource kv 'Microsoft.KeyVault/vaults@2022-07-01' existing = { +resource kv 'Microsoft.KeyVault/vaults@2023-07-01' existing = { name: keyVaultName } diff --git a/bicep/main.bicep b/bicep/main.bicep index 0fb71ced5..7c5b7c2f5 100644 --- a/bicep/main.bicep +++ b/bicep/main.bicep @@ -283,7 +283,7 @@ var kmsRbacWaitSeconds=30 @description('This indicates if the deploying user has provided their PrincipalId in order for the key to be created') var keyVaultKmsCreateAndPrereqs = keyVaultKmsCreate && !empty(keyVaultKmsOfficerRolePrincipalId) && privateLinks == false -resource kvKmsByo 'Microsoft.KeyVault/vaults@2022-07-01' existing = if(!empty(keyVaultKmsByoName)) { +resource kvKmsByo 'Microsoft.KeyVault/vaults@2023-07-01' existing = if(!empty(keyVaultKmsByoName)) { name: keyVaultKmsByoName scope: resourceGroup(keyVaultKmsByoRG) } @@ -1427,7 +1427,7 @@ module privateDnsZoneRbac './dnsZoneRbac.bicep' = if (enablePrivateCluster && !e var policySetBaseline = '/providers/Microsoft.Authorization/policySetDefinitions/a8640138-9b0a-4a28-b8cb-1666c838647d' var policySetRestrictive = '/providers/Microsoft.Authorization/policySetDefinitions/42b8ef37-b724-4e24-bbc8-7a7708edfe00' -resource aks_policies 'Microsoft.Authorization/policyAssignments@2022-06-01' = if (!empty(azurepolicy)) { +resource aks_policies 'Microsoft.Authorization/policyAssignments@2024-04-01' = if (!empty(azurepolicy)) { name: '${resourceName}-${azurePolicyInitiative}' location: location properties: { @@ -1553,7 +1553,7 @@ resource AksDiags 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = } } -resource sysLog 'Microsoft.Insights/dataCollectionRules@2022-06-01' = if (createLaw && omsagent && enableSysLog) { +resource sysLog 'Microsoft.Authorization/policyAssignments@2023-03-11' = if (createLaw && omsagent && enableSysLog) { name: 'MSCI-${location}-${aks.name}' location: location kind: 'Linux' @@ -1636,7 +1636,7 @@ resource sysLog 'Microsoft.Insights/dataCollectionRules@2022-06-01' = if (create } } -resource association 'Microsoft.Insights/dataCollectionRuleAssociations@2022-06-01' = if (createLaw && omsagent && enableSysLog) { +resource association 'Microsoft.Insights/dataCollectionRuleAssociations@2023-03-11' = if (createLaw && omsagent && enableSysLog) { name: '${aks.name}-${aks_law.name}-association' scope: aks properties: { diff --git a/bicep/nsg.bicep b/bicep/nsg.bicep index e646fb645..4c7024ea0 100644 --- a/bicep/nsg.bicep +++ b/bicep/nsg.bicep @@ -14,7 +14,7 @@ output nsgId string = nsg.id param ruleInAllowGwManagement bool = false param ruleInGwManagementPort string = '443,65200-65535' -resource ruleAppGwManagement 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if(ruleInAllowGwManagement) { +resource ruleAppGwManagement 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if(ruleInAllowGwManagement) { parent: nsg name: 'Allow_AppGatewayManagement' properties: { @@ -30,7 +30,7 @@ resource ruleAppGwManagement 'Microsoft.Network/networkSecurityGroups/securityRu } param ruleInAllowAzureLoadBalancer bool = false -resource ruleAzureLoadBalancer 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if (ruleInAllowAzureLoadBalancer) { +resource ruleAzureLoadBalancer 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if (ruleInAllowAzureLoadBalancer) { parent: nsg name: 'Allow_AzureLoadBalancer' properties: { @@ -50,7 +50,7 @@ resource ruleAzureLoadBalancer 'Microsoft.Network/networkSecurityGroups/security } param ruleInDenyInternet bool = false -resource ruleDenyInternet 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if(ruleInDenyInternet) { +resource ruleDenyInternet 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if(ruleInDenyInternet) { parent: nsg name: 'Deny_AllInboundInternet' properties: { @@ -71,7 +71,7 @@ resource ruleDenyInternet 'Microsoft.Network/networkSecurityGroups/securityRules } param ruleInAllowInternetHttp bool = false -resource ruleInternetHttp 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if(ruleInAllowInternetHttp) { +resource ruleInternetHttp 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if(ruleInAllowInternetHttp) { parent: nsg name: 'Allow_Internet_Http' properties: { @@ -92,7 +92,7 @@ resource ruleInternetHttp 'Microsoft.Network/networkSecurityGroups/securityRules } param ruleInAllowInternetHttps bool = false -resource ruleInternetHttps 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if(ruleInAllowInternetHttps) { +resource ruleInternetHttps 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if(ruleInAllowInternetHttps) { parent: nsg name: 'Allow_Internet_Https' properties: { @@ -113,7 +113,7 @@ resource ruleInternetHttps 'Microsoft.Network/networkSecurityGroups/securityRule } param ruleInAllowBastionHostComms bool = false -resource ruleBastionHost 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if(ruleInAllowBastionHostComms) { +resource ruleBastionHost 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if(ruleInAllowBastionHostComms) { parent: nsg name: 'Allow_Bastion_Host_Communication' properties: { @@ -135,7 +135,7 @@ resource ruleBastionHost 'Microsoft.Network/networkSecurityGroups/securityRules@ } param ruleOutAllowBastionComms bool = false -resource ruleBastionEgressSshRdp 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if(ruleOutAllowBastionComms) { +resource ruleBastionEgressSshRdp 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if(ruleOutAllowBastionComms) { parent: nsg name: 'Allow_SshRdp_Outbound' properties: { @@ -156,7 +156,7 @@ resource ruleBastionEgressSshRdp 'Microsoft.Network/networkSecurityGroups/securi } } -resource ruleBastionEgressAzure 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if(ruleOutAllowBastionComms) { +resource ruleBastionEgressAzure 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if(ruleOutAllowBastionComms) { parent: nsg name: 'Allow_Azure_Cloud_Outbound' properties: { @@ -176,7 +176,7 @@ resource ruleBastionEgressAzure 'Microsoft.Network/networkSecurityGroups/securit } } -resource ruleBastionEgressBastionComms 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if(ruleOutAllowBastionComms) { +resource ruleBastionEgressBastionComms 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if(ruleOutAllowBastionComms) { parent: nsg name: 'Allow_Bastion_Communication' properties: { @@ -197,7 +197,7 @@ resource ruleBastionEgressBastionComms 'Microsoft.Network/networkSecurityGroups/ } } -resource ruleBastionEgressSessionInfo 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if(ruleOutAllowBastionComms) { +resource ruleBastionEgressSessionInfo 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if(ruleOutAllowBastionComms) { parent: nsg name: 'Allow_Get_Session_Info' properties: { @@ -218,7 +218,7 @@ resource ruleBastionEgressSessionInfo 'Microsoft.Network/networkSecurityGroups/s } param ruleInDenySsh bool = false -resource ruleSshIngressDeny 'Microsoft.Network/networkSecurityGroups/securityRules@2022-07-01' = if(ruleInDenySsh) { +resource ruleSshIngressDeny 'Microsoft.Network/networkSecurityGroups/securityRules@2024-01-01' = if(ruleInDenySsh) { parent: nsg name: 'DenySshInbound' properties: {