Azure · FallenHoot · Nov 12, 2024 · Nov 12, 2024 · Nov 15, 2024 · Nov 20, 2024
@@ -166,6 +166,7 @@ module flexibleServer 'br/public:avm/res/db-for-my-sql/flexible-server:<version>
         name: 'testdb2'
       }
     ]
+    delegatedSubnetResourceId: '<delegatedSubnetResourceId>'
     diagnosticSettings: [
       {
         eventHubAuthorizationRuleResourceId: '<eventHubAuthorizationRuleResourceId>'
@@ -204,12 +205,8 @@ module flexibleServer 'br/public:avm/res/db-for-my-sql/flexible-server:<version>
       kind: 'CanNotDelete'
       name: 'myCustomLockName'
     }
-    managedIdentities: {
-      userAssignedResourceIds: [
-        '<geoBackupManagedIdentityResourceId>'
-        '<managedIdentityResourceId>'
-      ]
-    }
+    privateDnsZoneResourceId: '<privateDnsZoneResourceId>'
+    publicNetworkAccess: 'Disabled'
     roleAssignments: [
       {
         name: '2478b63b-0cae-457f-9bd3-9feb00e1925b'
@@ -238,6 +235,10 @@ module flexibleServer 'br/public:avm/res/db-for-my-sql/flexible-server:<version>
       resourceType: 'MySQL Flexible Server'
       serverName: 'dfmsmax001'
     }
+    userAssignedIdentities: {
+      '<geoBackupManagedIdentityResourceId>': {}
+      '<managedIdentityResourceId>': {}
+    }
     version: '8.0.21'
   }
 }
@@ -304,6 +305,9 @@ module flexibleServer 'br/public:avm/res/db-for-my-sql/flexible-server:<version>
         }
       ]
     },
+    "delegatedSubnetResourceId": {
+      "value": "<delegatedSubnetResourceId>"
+    },
     "diagnosticSettings": {
       "value": [
         {
@@ -354,13 +358,11 @@ module flexibleServer 'br/public:avm/res/db-for-my-sql/flexible-server:<version>
         "name": "myCustomLockName"
       }
     },
-    "managedIdentities": {
-      "value": {
-        "userAssignedResourceIds": [
-          "<geoBackupManagedIdentityResourceId>",
-          "<managedIdentityResourceId>"
-        ]
-      }
+    "privateDnsZoneResourceId": {
+      "value": "<privateDnsZoneResourceId>"
+    },
+    "publicNetworkAccess": {
+      "value": "Disabled"
     },
     "roleAssignments": {
       "value": [
@@ -402,6 +404,12 @@ module flexibleServer 'br/public:avm/res/db-for-my-sql/flexible-server:<version>
         "serverName": "dfmsmax001"
       }
     },
+    "userAssignedIdentities": {
+      "value": {
+        "<geoBackupManagedIdentityResourceId>": {},
+        "<managedIdentityResourceId>": {}
+      }
+    },
     "version": {
       "value": "8.0.21"
     }
@@ -448,6 +456,7 @@ param databases = [
     name: 'testdb2'
   }
 ]
+param delegatedSubnetResourceId = '<delegatedSubnetResourceId>'
 param diagnosticSettings = [
   {
     eventHubAuthorizationRuleResourceId: '<eventHubAuthorizationRuleResourceId>'
@@ -486,12 +495,8 @@ param lock = {
   kind: 'CanNotDelete'
   name: 'myCustomLockName'
 }
-param managedIdentities = {
-  userAssignedResourceIds: [
-    '<geoBackupManagedIdentityResourceId>'
-    '<managedIdentityResourceId>'
-  ]
-}
+param privateDnsZoneResourceId = '<privateDnsZoneResourceId>'
+param publicNetworkAccess = 'Disabled'
 param roleAssignments = [
   {
     name: '2478b63b-0cae-457f-9bd3-9feb00e1925b'
@@ -520,6 +525,10 @@ param tags = {
   resourceType: 'MySQL Flexible Server'
   serverName: 'dfmsmax001'
 }
+param userAssignedIdentities = {
+  '<geoBackupManagedIdentityResourceId>': {}
+  '<managedIdentityResourceId>': {}
+}
 param version = '8.0.21'
 ```
 
@@ -562,16 +571,14 @@ module flexibleServer 'br/public:avm/res/db-for-my-sql/flexible-server:<version>
     delegatedSubnetResourceId: '<delegatedSubnetResourceId>'
     highAvailability: 'SameZone'
     location: '<location>'
-    managedIdentities: {
-      userAssignedResourceIds: [
-        '<managedIdentityResourceId>'
-      ]
-    }
     privateDnsZoneResourceId: '<privateDnsZoneResourceId>'
     storageAutoGrow: 'Enabled'
     storageAutoIoScaling: 'Enabled'
     storageIOPS: 400
     storageSizeGB: 64
+    userAssignedIdentities: {
+      '<managedIdentityResourceId>': {}
+    }
   }
 }
 ```
@@ -633,13 +640,6 @@ module flexibleServer 'br/public:avm/res/db-for-my-sql/flexible-server:<version>
     "location": {
       "value": "<location>"
     },
-    "managedIdentities": {
-      "value": {
-        "userAssignedResourceIds": [
-          "<managedIdentityResourceId>"
-        ]
-      }
-    },
     "privateDnsZoneResourceId": {
       "value": "<privateDnsZoneResourceId>"
     },
@@ -654,6 +654,11 @@ module flexibleServer 'br/public:avm/res/db-for-my-sql/flexible-server:<version>
     },
     "storageSizeGB": {
       "value": 64
+    },
+    "userAssignedIdentities": {
+      "value": {
+        "<managedIdentityResourceId>": {}
+      }
     }
   }
 }
@@ -692,16 +697,14 @@ param databases = [
 param delegatedSubnetResourceId = '<delegatedSubnetResourceId>'
 param highAvailability = 'SameZone'
 param location = '<location>'
-param managedIdentities = {
-  userAssignedResourceIds: [
-    '<managedIdentityResourceId>'
-  ]
-}
 param privateDnsZoneResourceId = '<privateDnsZoneResourceId>'
 param storageAutoGrow = 'Enabled'
 param storageAutoIoScaling = 'Enabled'
 param storageIOPS = 400
 param storageSizeGB = 64
+param userAssignedIdentities = {
+  '<managedIdentityResourceId>': {}
+}
 ```
 
 </details>
@@ -856,7 +859,6 @@ param tags = {
 
 | Parameter | Type | Description |
 | :-- | :-- | :-- |
-| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. Required if 'customerManagedKey' is not empty. |
 | [`privateDnsZoneResourceId`](#parameter-privatednszoneresourceid) | string | Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access". Required if "delegatedSubnetResourceId" is used and the Private DNS Zone name must end with mysql.database.azure.com in order to be linked to the MySQL Flexible Server. |
 | [`restorePointInTime`](#parameter-restorepointintime) | string | Restore point creation time (ISO8601 format), specifying the time to restore from. Required if "createMode" is set to "PointInTimeRestore". |
 | [`sourceServerResourceId`](#parameter-sourceserverresourceid) | string | The source MySQL server ID. Required if "createMode" is set to "PointInTimeRestore". |
@@ -868,7 +870,7 @@ param tags = {
 | :-- | :-- | :-- |
 | [`administratorLogin`](#parameter-administratorlogin) | string | The administrator login name of a server. Can only be specified when the MySQL server is being created. |
 | [`administratorLoginPassword`](#parameter-administratorloginpassword) | securestring | The administrator login password. |
-| [`administrators`](#parameter-administrators) | array | The Azure AD administrators when AAD authentication enabled. |
+| [`administrators`](#parameter-administrators) | array | The Azure AD administrators when AAD authentication is enabled. Requires the assignment of userAssignedIdentities. |
 | [`availabilityZone`](#parameter-availabilityzone) | string | Availability zone information of the server. Default will have no preference set. |
 | [`backupRetentionDays`](#parameter-backupretentiondays) | int | Backup retention days for the server. |
 | [`createMode`](#parameter-createmode) | string | The mode to create a new MySQL server. |
@@ -885,12 +887,14 @@ param tags = {
 | [`location`](#parameter-location) | string | Location for all resources. |
 | [`lock`](#parameter-lock) | object | The lock settings of the service. |
 | [`maintenanceWindow`](#parameter-maintenancewindow) | object | Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". |
+| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Specifies whether public network access is allowed for this server. Set to "Enabled" to allow public access, or "Disabled" (default) when the server has VNet integration. |
 | [`replicationRole`](#parameter-replicationrole) | string | The replication role. |
 | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. |
 | [`storageAutoIoScaling`](#parameter-storageautoioscaling) | string | Enable IO Auto Scaling or not. The server scales IOPs up or down automatically depending on your workload needs. |
 | [`storageIOPS`](#parameter-storageiops) | int | Storage IOPS for a server. Max IOPS are determined by compute size. |
 | [`storageSizeGB`](#parameter-storagesizegb) | int | Max storage allowed for a server. In all compute tiers, the minimum storage supported is 20 GiB and maximum is 16 TiB. |
 | [`tags`](#parameter-tags) | object | Tags of the resource. |
+| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The managed identity definition for this resource. |
 | [`version`](#parameter-version) | string | MySQL Server version. |
 
 ### Parameter: `name`
@@ -922,26 +926,6 @@ The tier of the particular SKU. Tier must align with the "skuName" property. Exa
   ]
   ```
 
-### Parameter: `managedIdentities`
-
-The managed identity definition for this resource. Required if 'customerManagedKey' is not empty.
-
-- Required: No
-- Type: object
-
-**Optional parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. |
-
-### Parameter: `managedIdentities.userAssignedResourceIds`
-
-The resource ID(s) to assign to the resource.
-
-- Required: Yes
-- Type: array
-
 ### Parameter: `privateDnsZoneResourceId`
 
 Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access". Required if "delegatedSubnetResourceId" is used and the Private DNS Zone name must end with mysql.database.azure.com in order to be linked to the MySQL Flexible Server.
@@ -999,7 +983,7 @@ The administrator login password.
 
 ### Parameter: `administrators`
 
-The Azure AD administrators when AAD authentication enabled.
+The Azure AD administrators when AAD authentication is enabled. Requires the assignment of userAssignedIdentities.
 
 - Required: No
 - Type: array
@@ -1414,6 +1398,14 @@ Properties for the maintenence window. If provided, "customWindow" property must
 - Type: object
 - Default: `{}`
 
+### Parameter: `publicNetworkAccess`
+
+Specifies whether public network access is allowed for this server. Set to "Enabled" to allow public access, or "Disabled" (default) when the server has VNet integration.
+
+- Required: No
+- Type: string
+- Default: `'Disabled'`
+
 ### Parameter: `replicationRole`
 
 The replication role.
@@ -1588,6 +1580,14 @@ Tags of the resource.
 - Required: No
 - Type: object
 
+### Parameter: `userAssignedIdentities`
+
+The managed identity definition for this resource.
+
+- Required: No
+- Type: object
+- Default: `{}`
+
 ### Parameter: `version`
 
 MySQL Server version.

@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.30.3.12046",
-      "templateHash": "17380647846007156110"
+      "version": "0.31.92.45157",
+      "templateHash": "15901602668303039143"
     },
     "name": "DBforMySQL Flexible Server Administrators",
     "description": "This module deploys a DBforMySQL Flexible Server Administrator.",

@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.30.3.12046",
-      "templateHash": "15491679806037869848"
+      "version": "0.31.92.45157",
+      "templateHash": "8816099454149448745"
     },
     "name": "DBforMySQL Flexible Server Databases",
     "description": "This module deploys a DBforMySQL Flexible Server Database.",

@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.30.3.12046",
-      "templateHash": "10498063087675421166"
+      "version": "0.31.92.45157",
+      "templateHash": "10309431502079210011"
     },
     "name": "DBforMySQL Flexible Server Firewall Rules",
     "description": "This module deploys a DBforMySQL Flexible Server Firewall Rule.",